[c-nsp] service tcp-keepalives-in
Church, Chuck
cchurch at wamnetgov.com
Thu Jul 29 09:52:45 EDT 2004
Service TCP keepalives should help if a session terminates abruptly
before the exec-timeout is reached. I don't think it would have helped
in this case, since not even a clear from the CLI would take down the
session. Sounds like a long-standing bug that Cisco never fixed, but
they gave the clear tcb as a work-around.
Chuck Church
Wam!Net Government Services - D&I Team
Lead Design Engineer
CCIE #8776, MCNE, MCSE
1210 N. Parker Rd.
Greenville, SC 29609
Office: 864-335-9473
Cell: 703-819-3495
cchurch at wamnetgov.com
PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.
com
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
lee.e.rian at census.gov
Sent: Thursday, July 29, 2004 9:20 AM
To: Mark Borchers
Cc: cisco-nsp at puck.nether.net
Subject: [c-nsp] service tcp-keepalives-in
> In addtion to other recommendations to this post, add to your config:
>
> service tcp-keepalives-in
>
> ... to reduce the likelihood of hanging vty sessions.
Just out of curiosity, if the router is configured with
line vty <whatever>
exec-timeout 10 0
what extra protection does enabling keepalives get you?
I know the recommendation is to enable keepalives, but it seems like if
the terminal isn't answering keepalives the session should time out
before it gets killed by the keep alive timer.
Thanks,
Lee
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list