[c-nsp] VTY Lines

Lee ler762 at gmail.com
Sun Apr 19 08:53:48 EDT 2009 

On 4/19/09, John Jensen <jensenja at gmail.com> wrote:
> I was under the impression that the "service tcp-keepalives-in" and
> "service tcp-keepalives-out" commands will prevent this from happening
> to your VTYs.

No necessarily.  Tcp keepalives will only kill a connection if the
other side doesn't answer.  But what happens when your Ciscoworks
machine has a bad script that never exits?  Every <however many>
minutes it ssh's in and leaves the connection open.  Router sends a
keepalive, CW answers, VTY stays open.  After a while all the VTYs are
in use..

What I'd like to know is what extra protection "service
tcp-keepalives-in" gives you that the exec-timeout on the VTYs
doesn't.

Lee


>
> -JJ
>
> On Thu, Apr 16, 2009 at 6:08 AM, Lee <ler762 at gmail.com> wrote:
>> On 4/16/09, Eric Van Tol <eric at atlantech.net> wrote:
>>>> -----Original Message-----
>>>> From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>>>> bounces at puck.nether.net] On Behalf Of Dracul
>>>> Sent: Thursday, April 16, 2009 12:19 AM
>>>> To: cisco-nsp at puck.nether.net
>>>> Subject: Re: [c-nsp] VTY Lines
>>>>
>>>> If you are running a critical network without the convenience of
>>>> rebooting,
>>>> Jim's Router# cle ip tcp tcb 58F2E668 worked for me
>>>>
>>>> but take note some IOS use the Router#clear tcp tcb  (without the 'ip')
>>>>
>>>> regards,
>>>> chris
>>>
>>> If you can't gain access to the CLI, it is possible to reset vty TCP
>>> sessions using SNMP, assuming you have a read-write string configured on
>>> the
>>> device.  I personally don't know the procedure, but there are tools out
>>> there such as the Solarwinds Engineers Edition toolset that let you do
>>> this.
>>>  If anyone knows the right procedure, maybe they can post it here.
>>
>> How to Detect and Clear Hung TCP Connections using SNMP
>>
>> http://www.cisco.com/en/US/tech/tk648/tk362/technologies_problem_troubleshooting09186a00802b93ef.shtml
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>

More information about the cisco-nsp mailing list