Re: Session limt on cisco 3850

xayxa30 · ‎01-17-2020

Is there a way to set the session limit for line vty on ios xe v 16.3 ?

I do not see a session-limit command under line vty 0 4.

I tried ip ssh maxstartups , but this doesn't work. Tested it and saw that the session limit was not set ( show lin vty 4, etc )

ChuckMcF · ‎01-17-2020

We're currently running 16.12.1s but for as long as I remember we've had session-timeout configured as follows:

line vty 0 15

session-timeout 10

Hope this helps,

Chuck

shane.wilkerson1 · ‎01-14-2021

session-timeout command does appear available on IOS XE devices but specifically, session-limit does not.

Does this command not exist on IOS XE? If so is there another command which accomplishes the same thing?

Richard Burts · ‎01-17-2020

I am not clear what kind of session limit you are asking about. Is it a limit on the number of sessions? Or a limit on the length of a session? Or is it something else?

HTH

Rick

HTH

Rick

xayxa30 · ‎01-22-2020

This would limit the number of concurrent sessions to vty ( ie ssh connections).

session-timeout is disconnecting idle connections after X mim - so not this.

Richard Burts · ‎01-22-2020

One way to limit the number of SSH sessions is to limit the number of vty that can establish sessions. If you device were to have 5 vty, for example, and you want to limit the number of sessions to 3 then on vty 3 and 4 you could configure no exec and this would prevent those vty from establishing sessions and you would have achieved your goal of limiting SSH sessions to 3.

HTH

Rick

xayxa30 · ‎01-29-2020

Thanks for the suggestion, but I was hoping for a more elegant solution.

The definition for ip ssh maxstartups - Max concurrent session allowed - but apparently I do not know what this means at all now for IOS-XE.

Richard Burts · ‎01-29-2020

I understand wanting a more elegant solution. This is the best answer that I know, and it would be effective. Perhaps someone else in the community will suggest something that has not occurred to me.

HTH

Rick

HTH

Rick

shane.wilkerson1 · ‎01-14-2021

session-timeout command does appear available on IOS XE devices but specifically, session-limit does not.

Does this command not exist on IOS XE? If so is there another command which accomplishes the same thing? Short of the method you describe limiting the number of vty sessions?

Georg Pauwen · ‎01-14-2021

Hello,

odd. What device is this on, and what specific XE version are you running ? The link below is for 16.x, and if you scroll down to:

Establishing Terminal Session Limits

the 'session-limit' command is right there.

https://www.cisco.com/c/en/us/td/docs/ios/termserv/configuration/guide/xe_16/tsv-xe-book/tsv_term_op_char_dialin.html#pgfId-1001125

shane.wilkerson1 · ‎01-14-2021

Looks like they are in a couple of flavors

ASR1000 Version 15.5(3)S6

Catalyst 4500e L3 Version 15.2(2)E7

I've confirmed the command does not exist on the devices. Still learning so extremely possible I am missing something obvious.

Thanks for your assistance.