Problem
You want to enable absolute timeouts on your VTY lines.
Solution
To enable absolute VTY timeouts, use the following set of configuration commands:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#line vty 0 4 Router1(config-line)#absolute-timeout 5 Router1(config-line)#logout-warning 30 Router1(config-line)#exit Router1(config)#end Router1#
Discussion
To prevent users from indefinitely tying up valuable router VTY lines, you can implement absolute timers. Absolute timers differ from the inactivity timers discussed in Recipe 3.9 because they will terminate a session whether it is active or not. Although absolute timers are rarely used, there are times when they can be quite useful. For example, in classroom and lab situations, the absolute timeout can help to ensure that nobody uses more than their faire share of login time.
The prospect of having a session terminated in the middle of troubleshooting a problem in a production network is not appealing to most administrators. So, if you do choose to implement an absolute timer, we recommend setting the timer to a reasonable amount of time (no less than 10 minutes). In addition, you should enable a logout warning to ensure that the user has plenty of notice to save their work. The following is an example of a logout-warning banner:
Router1> * * * Line timeout expired * * Router1>Connection closed by foreign host. Freebsd%
Note that the argument for the absolute-timeout command is a time value in minutes, whereas the logout-warning command uses seconds. In the example, we set the absolute timeout to 5 minutes and the warning message to 30 seconds. A 30-second warning may be too aggressive in a production environment.
See Also
Recipe 3.9
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index