What is EXEC timeout

Similar documents
Cisco - Connecting Routers Back-to-Back Through the AUX Ports using a Rollover Cable

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Console Port, Telnet, SSH Handling, and Reset

Lab AAA Authorization and Accounting

SLIP and PPP Configuration Commands

Console Port, Telnet, and SSH Handling

Configuring PPP Dialin with External Modems

Configuring a Modem on the AUX Port for EXEC Dialin Connectivity

Configuring Terminal Settings and Sessions

Configuring Terminal Settings and Sessions

Configuring Basic AAA on an Access Server

Practice Dynagen. Winpcap 4.0. RPMs for are now available in the download section. Thanks to Sean Walberg for performing the packaging.

Lab 7 Configuring Basic Router Settings with IOS CLI

Lab 2.8.1: Basic Static Route Configuration

Access Service Security

Lab Securing Network Devices

Before you start the lab exercises see the lab administrator or EEE3080F tutor to get assigned to your routers.

Managing Connections Menus and System Banners

Operation Manual Login and User Interface. Table of Contents

Lab: Basic Static Route Configuration

Chapter 8: Lab B: Configuring a Remote Access VPN Server and Client

PT Activity: Configure AAA Authentication on Cisco Routers

Configuring a Comm/Terminal Server for Sun Console Access

Configuring a Terminal/Comm Server

Configure IOS-XE to display full show running-config for users with low Privilege Levels

Login management commands

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1

Configuration Guide Cisco UCS Express Local Management Platform

Lab Configuring Basic RIPv2 (Solution)

Using Cisco IOS XE Software

Copying Files With XMODEM

Lab - Examining Telnet and SSH in Wireshark

1- and 2-Port V.90 Modem WICs for Cisco 2600 and Cisco 3600 Series Multiservice Platforms

4(b): Assign the IP address on the Serial interface of Router. Console Cable

How to configure MB5000 Serial Port Bridge mode

Cisco CCNA ACL Part II

Lab Command Line Fundamentals Instructor Version 2500

Configuring Lock-and-Key Security (Dynamic Access Lists)

Configuring Authorization

Lab - Securing Administrative Access Using AAA and RADIUS

FREQUENTLY ASKED QUESTIONS (FAQs)

Cisco Router Security: Principles and Practise. The foundation of network security is router security.

Understanding and Troubleshooting Idle Timeouts

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

Symbols INDEX. <cr> baud rates? command xiv. transmit line speed, configuring. buffers. XRemote size TR-224 busy-message command

Console Port, Telnet, and SSH Handling

MS Protocol Converter. User Manual. Firmware version 2.0 ISI. Instrumental Solutions, Inc.

Configuring Authorization

Lab Configuring IPv4 Static and Default Routes (Solution)

Lab 5.6b Configuring AAA and RADIUS

Configure a Cisco Router with TACACS+ Authentication

Configuring Security with Passwords, Privileges, and Logins

Logging in to the CLI

KIM DONNERBORG / RTS. Cisco Lab Øvelse Af Kim Donnerborg / RTS. Side 0 af 8

Exam : Title : CCIE Service Provider Dial. Version : DEMO

Lab Using the CLI to Gather Network Device Information Topology

Lab Configure Basic AP Security through IOS CLI

Basic Router Configuration

Configuring Local Authentication

HP Load Balancing Module

First-Time Configuration

Lab Configuring Advanced EIGRP for IPv4 Features Topology

Cisco Network Academy CCNA 1 Introduction to Networks

Command-Line Interfaces

Citrix Connectivity Help. Table of Contents

Tactical Software requires that Cisco IOS Software Release 12.0(9) or later be installed on the NAS to interoperate with DialOut/EZ.

Lab Troubleshooting Using traceroute Instructor Version 2500

Cisco IOS Software Basic Skills

XML Transport and Event Notifications

Desktop Application Reference Guide For Windows and Mac

Lab Configuring and Verifying Standard IPv4 ACLs (Instructor Version Optional Lab)

Access Server Dial In IP/PPP Configuration With Dedicated V.120 PPP

Lab Establishing and Verifying a Telnet Connection Instructor Version 2500

Lab Configuring Switch Security Features Topology

Configuring Switch-Based Authentication

Lab Configuring and Verifying Standard IPv4 ACLs Topology

TELECOMMUNICATION MANAGEMENT AND NETWORKS

Lab 1. CLI Navigation. Scenario. Initial Configuration for R1

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and

XML Transport and Event Notifications

VoIP Telephone Features & Voic Unity Voice Mail Training Manual

Firewall Authentication Proxy for FTP and Telnet Sessions

Lab Advanced Telnet Operations Instructor Version 2500

Lab Configuring Basic Router Settings with IOS CLI (Instructor Version Optional Lab)

Configuring for the First Time

Lab Designing and Implementing a VLSM Addressing Scheme. Topology. Objectives. Background / Scenario

Passwords and Privileges Commands

Lab - Configuring Basic DHCPv4 on a Router (Solution)

Configuring Authentication Proxy

How to Configure a Cisco Router Behind a Non-Cisco Cable Modem

Lab 2.8.2: Challenge Static Route Configuration

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Problem Solving through Programming In C Prof. Anupam Basu Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur

CS125 : Introduction to Computer Science. Lecture Notes #11 Procedural Composition and Abstraction. c 2005, 2004 Jason Zych

Role-Based CLI Access

FERGUSON BEAUREGARD. RTU-5000 Configurator User Manual

Application Note 2. Using the TCPDIAL & TCPPERM commands to connect two TransPort Serial interfaces over TCP/IP

TELECOMMUNICATION MANAGEMENT AND NETWORKS

Lab Managing Router Configuration Files with Terminal Emulation Software

Lock and Key: Dynamic Access Lists

Transcription:

EXEC Timeout

What is EXEC timeout To allow access to your Cisco devices you can configure a number of lines. Examples of these lines are the console port (line con 0), virtual ports for remote access (vty line), and the auxiliary port (line aux 0). When a user ends their session with the exit or logout command IOS (usually!) clears that line so that other users can access it. But what happens if a user goes home for the night and forgets to disconnect their session? Since there are a limited number of lines, you need a mechanism to make lines available if a user has not used the line for a period of time. That s where the EXEC timeout comes into play.

exec-timeout exec-timeout - To set the interval that the EXEC command interpreter waits until user input is detected, use the exec-timeout line configuration command. Use the no form of this command to remove the timeout definition. exec-timeout minutes [seconds] no exec-timeout Syntax Description minutes - Integer that specifies the number of minutes. seconds - (Optional) Additional time intervals in seconds. Default - 10 minutes If no input is detected during the interval, the EXEC facility resumes the current connection. If no connections exist, the EXEC facility returns the terminal to the idle state and disconnects the incoming session. That s Cisco s convoluted way of saying if the user doesn t type something within the exec-timeout period, then the router will kick his sorry ass off.

exec-timeout There are a couple of things that you need to understand about the EXEC timeout: This is an idle timer and not an absolute timer. I personally feel that this command should have been called idle timeout as that is what it really is. Don t confuse the functionality of the exec-timeout command with that of the absolute-timeout command. If a user inputs anything within the EXEC timeout interval, then that session is kept alive. The absolutetimeout command (covered in another lesson) will boot a user from the line after a period of time, regardless of whether or not they are idle. The more devious among you may already have plans to mess with your co-workers by setting the EXEC timeout to zero with the exec-timeout 0 0 command. While I applaud your evil nature, this will do exactly the opposite of what it looks like it should do. You can disable the EXEC timeout with either of the following commands: exec-timeout 0 0 or no exec-timeout. Don t despair, exec-timeout 0 1 is still available for messing with co-workers. Due to the goofy value ranges for this command, exec-timeout 1 30 is the same as exectimeout 0 90.

exec-timeout r1(config)# line con 0 r1(config-line)#exec-timeout? <0-35791> Timeout in minutes r1(config-line)#exec-timeout 0? <0-2147483> Timeout in seconds <cr> r1(config-line)#exec-timeout 0 59 r1(config-line)#exec-timeout 0 90 line con 0 exec-timeout 1 30 r1(config-line)#no exec-timeout line con 0 exec-timeout 0 0

Verification show terminal and show line x are the commands you ll use for verification. Unfortunately, both commands produce a ton of output. r2#show terminal Line 0, Location: "", Type: "" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600, no parity, 2 stopbits, 8 databits Status: PSI Enabled, Ready, Active, Automore On Capabilities: none Modem state: Ready Modem hardware state: CTS* nodsr DTR RTS Special Chars: Escape Hold Stop Start Disconnect Activation ^^x none - - none Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch never never none not set Idle Session Disconnect Warning never Login-sequence User Response 00:00:30 Autoselect Initial Wait not set <--output truncated -->

Verification r2#show line 66 Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 66 VTY - - - - - 0 0 0/0 - Line 66, Location: "", Type: "" Length: 24 lines, Width: 80 columns Baud rate (TX/RX) is 9600/9600 Status: No Exit Banner Capabilities: none Modem state: Idle Special Chars: Escape Hold Stop Start Disconnect Activation ^^x none - - none Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch 00:10:00 never none not set Idle Session Disconnect Warning never Login-sequence User Response 00:00:30 Autoselect Initial Wait not set <--output truncated -->

Verification show terminal will show you the terminal settings for the line you are currently connected on, while show line x will show the terminal settings for a specific line. To reduce the amount of output you can Grep with section Timeouts or begin Timeouts r2#show terminal section Timeouts Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch never never none not set Idle Session Disconnect Warning never Login-sequence User Response 00:00:30 Autoselect Initial Wait not set

EXEC Timeout As A Security Feature You can use the EXEC timeout as a very rudimentary security feature in that it will disconnect an idle user s session, thereby potentially reducing the risk of an engineer walking away from his computer with an active session still up. If you are logged into a device and take off for that rock star 2 hour lunch and don t lock you computer, someone could potentially walk by and do a little network configuration (write erase followed by reload is good) while you re out. At least with the EXEC timeout set, there s an additional (minimal) layer of security in play.

What Value Should I Use For The EXEC Timeout? There really is no one size fits all answer to this question. The default EXEC timeout of 10 minutes is generally good, but I prefer to set it to 30 minutes. There are a lot of times when I am working on a device and need to do something else (research, slap a coworker, take a piss) and 10 minutes seems to go by fast. If I don t get back to something within 30 minutes, then it probably was not that important in the first place. One thing that I would recommend that you avoid is disabling the EXEC timeout feature. While I often turn this off for labs, I would never disable this feature in production. Especially on the console port. It doesn t make any sense to implement authentication on a console port and then disable the EXEC timeout. If the engineer forgets to logout and simple disconnects the console cable, then any goofball could just plug into the console port and start configuring the network with your credentials.

Summary By setting the EXEC timeout, you re telling the Cisco device to automatically disconnect users on a line once they have been idle for the duration of the EXEC timeout value. This feature is configured on a line-by-line basis. This feature allows the Cisco device to clear lines so that they are available to other users. It also acts as a simple security mechanism so that an unattended terminal session can timeout before it becomes an open doorway to creative network reconfiguration.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback