01-06-2008 01:56 AM
With exec-timeout command we can set to disconnect idle sessions after the time specified in this command.By default the timeout is 10 minutes.
But when we use service tcp-keepalives in/out command,then the sessions hung sessions will get disconnected afetr 5 minutes of idle connections(i.e. every one minute keepalive will be sent to the remote host for 5 times).
My understanding is that first the router will wait for the exec-timeout to complete.If even after the exec-timeout the session is still showing established(in show users command in router) then keep alive will be sent to remote host every minute(5 times) and if there is no response the session will be disconnected.Please correct me if I am wrong.
And what exactly is the difference in tcp-keepalives in and out command.Is that keepalives in means if someone telnets the router from outside and keepalive out means router will telnet the remote host.
I am sorry if u get confused---
Actually I tried to find out from many places but the above doubts could not get cleared. Can you please help...
01-06-2008 04:35 AM
I don't recall any official explanations of either 2 commands, but for me the exec-timeout is the timer on a session to the router's CLI.
The tcp-keepalives are to control how long a tcp connection will linger before it's decleared dead. For example if you have a tunnel between two loopback's on two routers then the tunnel interface will go down when the tcp session between the routers is decleared dead.
Cheers,
Michel
01-06-2008 05:49 PM
Here are the official explanations:
EXEC-TIMEOUT:
If no input is detected during the interval, the EXEC facility resumes the current connection. If no connections exist, the EXEC facility returns the terminal to the idle state and disconnects the incoming session.
tcp-keepalives:
http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a00801365f3.shtml
01-06-2008 07:26 PM
Before posting in this forum SUKHWINDER posted the same question in the LAN Switching and Routing forum where I have posted another answers. I suggest that any further discussion of this question be consolidated in a single forum.
HTH
Rick
01-07-2008 07:04 AM
Hi Rick,
He also post it in Security > General forum :) I saw and reply to it yesterday
Regards,
Dandy
01-07-2008 08:21 AM
Dandy
Thanks for pointing that out. He posted the same question in 3 different forums (with the Security/General being the first post) and has received responses in all 3 forums. I hope that between us he has been satisfied with the information supplied.
HTH
Rick
01-07-2008 08:51 AM
Well, he has one more question for me but I think you guys already answered it in the other forum.
Regards,
Dandy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: