Its always good practice to inactivity timeouts on users logged into devices for mgmt purposes. This lab will discuss and demonstrate the configuration and verification of EXEC and absolute timeouts.
It is common to have a session time in a corporate security policy. In a simple way of putting it, the exec-timeout will terminate an exec session after the session has been idle for the configured exec-timeout time. The default is 10 minutes.
An absolute timeout however is a the maximum amount of time a single session can remain established. So if you have an absolute timeout of 12 minutes than even if the user is active, the session will be disconnected at after 12 minutes.
An absolute-timeout is sometimes used on access-servers to force and exec session to terminate regardless if the state is idle after the specified time.
Step 1. – Configure a 1 minute exec-timeout on vty lines 0 through 4 of R1 and verify your configuration by telnet’ing to the Loopback0 ip address, authenticating and then idling for 1 minute.
R1 con0 is now available Press RETURN to get started. R1>enable R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 R1(config-line)#exec-timeout 2 R1(config-line)#end R1#telnet 10.1.1.1 Trying 10.1.1.1 ... Open User Access Verification Username: tom Password: R1# [Connection to 10.1.1.1 closed by foreign host] R1#
Step 2. – Remove the previously configured exec-timeout configuration on R1’s vty lines than configure a two minute absolute timeout on the VTY lines. Afterwards verify your configuration by establishing a telnet session to the Loopback0 interface IP address and waiting two minutes. If configured correctly you will be automatically disconnected after 120 seconds.
R1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 R1(config-line)#no exec-timeout R1(config-line)#absolute-timeout 2 R1(config-line)#end R1#telnet 10.1.1.1 Trying 10.1.1.1 ... Open User Access Verification Username: tom Password: R1# * * * Line timeout expired * [Connection to 10.1.1.1 closed by foreign host] R1#