You want to prevent your Telnet session from timing out.
To prevent Telnet (or SSH) sessions from timing out, use the following command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#line vty 0 4
Router1(config-line)#exec-timeout 0 0
Router1(config-line)#end
Router1#
You can use this same command to simply increase the EXEC timeout to a large value, such as 4 hours:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#line vty 0 4
Router1(config-line)#exec-timeout 240 0
Router1(config-line)#end
Router1#
By default, the router terminates an EXEC session after 10 minutes of inactivity. Administrators often find that 10 minute inactivity timers are a nuisance and dislike having to log into a router several times throughout the day. So Cisco provides a way to modify or disable the inactivity timer. It is important to note that this affects only timeouts due to inactivity. In Recipe 3.11 we discuss a way to disconnect sessions after a specified length of time, whether they are active or not.
The exec-timeout command has two arguments:
Router1(config-line)#exec-timeout 240 0
The first argument is the length of time in minutes, and the second argument is time in seconds. This allows you to specify a timeout period as short as 1 second, or as long as 35,791 minutes (which is over 24 days).
The first example shows how to disable the inactivity timer altogether, by setting the timeout values to zero. There are a few drawbacks to disabling the EXEC timeout that you should bear in mind. First, since the router only provides five VTYs for remote access by default, forgotten sessions can easily block available VTYs until service is completely blocked. Second, sessions that do not terminate correctly (for example, when a workstation crashes) can cause VTY sessions to remain active indefinitely.
To prevent dead sessions from needlessly occupying VTY ports, use the service tcp-keepalives configuration command:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#service tcp-keepalives-in Router1(config)#end Router1#
TCP keepalives will ensure that the far end is up and active. Otherwise, it will terminate the session regardless of the inactivity timer. We strongly recommend using the TCP keepalive command if you choose to disable the inactivity timer.
You can see your current session's inactivity timer with the show terminal EXEC command:
Router1#show terminal
Line 68, Location: "", Type: "VT100"
Length: 43 lines, Width: 95 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Automore On
Capabilities: none
Modem state: Ready
Group codes: 0
Special Chars: Escape Hold Stop Start Disconnect Activation
^^x none - - none
Timeouts: Idle EXEC Idle Session Modem Answer Session Dispatch
never never none not set
The second example sets the inactivity timer to 4 hours. This tends to be safer than completely disabling the timer because it will eventually terminate all sessions. However, please check your local security policies to ensure that your inactivity timers are set within your organizational guidelines. Many organizations mandate a 15-minute inactivity timer for all types of electronic access to ensure that you do not leave authenticated sessions available to intruders. The NSA recommends an inactivity timer of no more than 5 minutes.
 |
|
|
| Top |