Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Exec-timeout doesn't seem to work

I've been having a devil of a time getting exec-timeout to clear idle vty/ssh sessions. This investigation started when we were rolling out new Catalyst 4507R+E switches with Sup7L-E's under IOS XE 03.04.02.SG (what they shipped from the factory with.) Idle SSH sessions on the vty lines were not being cleared, despite the config being:

line vty 0 4
 access-class VTY_ACL in
 exec-timeout 30 0
 logging synchronous
 length 0
 transport input ssh

So I opened a TAC case, and eventually they referred to bug CSCug31122. This wasn't terribly satisfying, as we are not talking about new or revolutionary functionality, and a general distribution release on a mature platform. Clearing an idle session does not require the most sophisticated programmer at Cisco. But this led me to do more tests, and I have yet to find a hardware/IOS combination where this works correctly. So far I have failures for:

4507R+E/Sup7L-E/IOS XE 03.04.02.SG, both vty and console lines

3560/12.2(40)SE, vty lines with ssh

3750/12.2(44)SE6, vty lines with both telnet and ssh

3845/12.4(24)T6

This seems more than coincidence. Is there something I am missing, or is this an unusually complicated programming issue?

160
Views
0
Helpful
0
Replies