Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix 515 ver 6.3(3) and console timeout

Status
Not open for further replies.
davarg

davarg

Technical User
May 21, 2003
17
0
0
US
Has anyone used the new command console timeout <number> in the ios version 6.3(3). I'm currently using the command in our pix515 and noticed that the console connection does not close out. I have configured

console timeout 5

... so I'm assuming that in 5 minutes the connection will timeout, but in reality in never times out. Am I not understanding the command correctly or is anyone else encountering this problem?


 
Sort by date Sort by votes
It depends what you are expecting to happen.
It does *not* disconnect your console session.

But it should log you out of enable mode, or config mode, or authenticated mode on a serial cable console session after five minutes.

Is that different to what you're seeing?

Try logging in to enable mode, wander off for a coffee for fifteen minutes, come back, are you still in enable mode?
 
Upvote 0 Downvote
thanks for responding.

I am looking for the Console Connection Inactivity Timeout function. With the serial cable console, I've been in enable/config mode for more 3 months without the device logging out. In the previous versions, I knew there was no console timeout so as good practice I would physically log out.

I know the similar commands works with cisco routers, (i.e.

line con 0
exec-timeout 60 0).

I checked the bug utility on cisco site for Pix 6.3.3 and console timeout, but I haven't found anything.
 
Upvote 0 Downvote
I'll give this a go on one of mine on monday and get back to you, but that doesn't sound like it's working right at all ...

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP ;)
 
Upvote 0 Downvote
Just tested it on a little 501 running 6.3(3), connected with teraterm pro on COM1, serial connection, put console timeout 1 into the config, and left it in configure mode. Came back to it a couple of minutes later and it had logged me out to a pix> prompt. Then tried leaving it in enable mode. Again it logged me out.

In other words, it's working for me, don't know why it's not working on yours ... if you do a "show console timeout" what does it say?

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP ;)
 
Upvote 0 Downvote
Of note and the importance for having a console timeout:

If you issue the wr t, command and leave it at a MORE prompt while it is displaying an access-list, then any other session will hang at the access lists if you do a wr t command.
 
Upvote 0 Downvote
Thanks for checking that out. After you mentioned the Pix501, I had forgotten that we have some pix501 as well. I ran the command with a one minute time-out, and it works on the Pix501 (ver. 6.3(1)). But the command still does not work on the pix515 (console timeout 1).

I'm going to report it to cisco, and hopefully they'll resolve the problem.
 
Upvote 0 Downvote
We've got a 515 in the office too, I can try it on that if you want ... it's running 6.3(3), so probably a better comparison. I just had a test 501 under my desk, so it was more convenient, but I can try a 515 tomorrow if you like

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP ;)
 
Upvote 0 Downvote
If you don't mind, could you check the 515. I also opened a case with cisco, but havent had any response. So I'm still not sure if its my config or if its the ios and hardware. I am curious what you're results are. thanks
 
Upvote 0 Downvote
I'll try to remember to have a go tomorrow, need to get a serial cable connected to our 515 in the comms rack. Should be easy enough done

CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP ;)
 
Upvote 0 Downvote
I am able to reproduce my problem. I think it may be a bug or I'm not understandig the commands correctly. Here is the scenario or configuration that cause the problem (see last note as well):

aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local

aaa authentication telnet console LOCAL
aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL

console timeout 1

username user123 password ******* encrypted privilege 15


To reproduce the problem, exit or logout your current session. Log in with the username for new user. Verify if the session times-out with this new user. Let me know if you have the same problem.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
148
Sameer258
Sameer258
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
125
nnaarrnn
nnaarrnn
Nitta84
  • Locked
  • Question
navigation slow and tcp syc/ack drop
Replies
0
Views
95
Nitta84
Nitta84
xwray
  • Locked
  • Question
PIX 501 DHCP Server function
Replies
0
Views
36
xwray
xwray
PauS0n
  • Locked
  • Question
Need Help On Cisco ASA 5512 Running Version 9
Replies
0
Views
56
PauS0n
PauS0n

Part and Inventory Search

Sponsor

Back
Top