Lab 3-10 – Configuring an exec timeout and absolute timeout

In this lab you will learn how to configure an exec-timeout on the console and vty lines and an absolute-timeout so that all sessions will close automatically after a specific amount of time.

Real World Application

It is common to have a specific exec-timeout time in a corporate security policy. The exec-timeout will terminate an exec session after the session has been idle for the specified exec-timeout time.

An absolute-timeout is sometimes used on access-servers to force and exec session to terminate regardless if the state is idle after the specified time.

Lab Prerequisites

• If you are using GNS3 than load the Stub Area Networking GNS3 topology than start devices; R1.
• Establish a console session with devices R1 than configure the devices respected hostname(s).
• Create a Loopback interface on R1 and assign it the IP address 10.1.1.1/32
• Create a username and password with level 15 privileges and set the VTY lines to authenticate locally.

Lab Objectives

• Configure a one minute exec-timeout on vty lines 0 through 4 of R1 than verify your configuration by establishing a telnet session to the Loopback0 interface IP address. Once authenticated wait one minute.
• Remove the previously configured exec-timeout configuration on R1′s vty lines than configure a two minute absolute timeout on the VTY lines. Afterwards verify your configuration by establishing a telnet session to the Loopback0 interface IP address and waiting two minutes. If configured correctly you will be automatically disconnected after 120 seconds.

Lab Instruction

Step 1. – Configure a 1 minute exec-timeout on vty lines 0 through 4 of R1 and verify your configuration by telnet’ing to the Loopback0 ip address, authenticating and then idling for 1 minute.

R1 con0 is now available

Press RETURN to get started.

R1>enable
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#line vty 0 4
R1(config-line)#exec-timeout 2
R1(config-line)#end
R1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open

User Access Verification

Username: tom
Password:
R1#
[Connection to 10.1.1.1 closed by foreign host]
R1#

Step 2. – Remove the previously configured exec-timeout configuration on R1′s vty lines than configure a two minute absolute timeout on the VTY lines. Afterwards verify your configuration by establishing a telnet session to the Loopback0 interface IP address and waiting two minutes. If configured correctly you will be automatically disconnected after 120 seconds.

R1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#line vty 0 4
R1(config-line)#no exec-timeout
R1(config-line)#absolute-timeout 2
R1(config-line)#end
R1#telnet 10.1.1.1
Trying 10.1.1.1 ... Open

User Access Verification

Username: tom
Password:
R1#

*
*
* Line timeout expired
*

[Connection to 10.1.1.1 closed by foreign host]
R1#