Difference between exec-timeout and service tcp-keepalives commands

Unanswered Question
Jan 6th, 2008

With exec-timeout command we can set to disconnect idle sessions after the time specified in this command.By default the timeout is 10 minutes.

But when we use service tcp-keepalives in/out command,then the sessions hung sessions will get disconnected afetr 5 minutes of idle connections(i.e. every one minute keepalive will be sent to the remote host for 5 times).

My understanding is that first the router will wait for the exec-timeout to complete.If even after the exec-timeout the session is still showing established(in show users command in router) then keep alive will be sent to remote host every minute(5 times) and if there is no response the session will be disconnected.Please correct me if I am wrong.

And what exactly is the difference in tcp-keepalives in and out command.Is that keepalives in means if someone telnets the router from outside and keepalive out means router will telnet the remote host.

I am sorry if u get confused---

Actually I tried to find out from many places but the above doubts could not get cleared. Can you please help...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 1 (1 ratings)
miheg Sun, 01/06/2008 - 04:35

I don't recall any official explanations of either 2 commands, but for me the exec-timeout is the timer on a session to the router's CLI.

The tcp-keepalives are to control how long a tcp connection will linger before it's decleared dead. For example if you have a tunnel between two loopback's on two routers then the tunnel interface will go down when the tcp session between the routers is decleared dead.



David Stanford Sun, 01/06/2008 - 17:49

Here are the official explanations:


If no input is detected during the interval, the EXEC facility resumes the current connection. If no connections exist, the EXEC facility returns the terminal to the idle state and disconnects the incoming session.




Richard Burts Sun, 01/06/2008 - 19:26

Before posting in this forum SUKHWINDER posted the same question in the LAN Switching and Routing forum where I have posted another answers. I suggest that any further discussion of this question be consolidated in a single forum.



Danilo Dy Mon, 01/07/2008 - 07:04

Hi Rick,

He also post it in Security > General forum :) I saw and reply to it yesterday



Richard Burts Mon, 01/07/2008 - 08:21


Thanks for pointing that out. He posted the same question in 3 different forums (with the Security/General being the first post) and has received responses in all 3 forums. I hope that between us he has been satisfied with the information supplied.



Danilo Dy Mon, 01/07/2008 - 08:51

Well, he has one more question for me but I think you guys already answered it in the other forum.




This Discussion