cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
529
Views
5
Helpful
6
Replies
Highlighted
Beginner

Session limt on cisco 3850

Is there a way to set the session limit for line vty on ios xe v 16.3 ?

I do not see a session-limit command under line vty 0 4.

 

I tried ip ssh maxstartups , but this doesn't work.  Tested it and  saw that the session limit was not set ( show lin vty 4, etc )

6 REPLIES 6
Highlighted
Beginner

Re: Session limt on cisco 3850

We're currently running 16.12.1s but for as long as I remember we've had session-timeout configured as follows:

line vty 0 15

 session-timeout 10

 

Hope this helps,

Chuck

Highlighted
Hall of Fame Master

Re: Session limt on cisco 3850

I am not clear what kind of session limit you are asking about. Is it a limit on the number of sessions? Or a limit on the length of a session? Or is it something else?

 

HTH

 

Rick

HTH

Rick
Highlighted
Beginner

Re: Session limt on cisco 3850

This would limit the number of concurrent sessions to vty ( ie ssh connections).

session-timeout is disconnecting idle connections after X mim - so not this.

 

Highlighted
Hall of Fame Master

Re: Session limt on cisco 3850

One way to limit the number of SSH sessions is to limit the number of vty that can establish sessions. If you device were to have 5 vty, for example, and you want to limit the number of sessions to 3 then on very 3 and 4 you could configure no exec and this would prevent those vty from establishing sessions and you would have achieved your goad of limiting SSH sessions to 3.

 

HTH

 

Rick

HTH

Rick
Highlighted
Beginner

Re: Session limt on cisco 3850

Thanks for the suggestion, but I was hoping for a more elegant solution.

The definition for ip ssh maxstartups  - Max concurrent session allowed - but apparently I do not know what this means at all now for IOS-XE.

Highlighted
Hall of Fame Master

Re: Session limt on cisco 3850

I understand wanting a more elegant solution. This is the best answer that I know, and it would be effective. Perhaps someone else in the community will suggest something that has not occurred to me.

 

HTH

 

Rick

HTH

Rick