Cisco :: 4400 - Command To Prevent Timeout Of WLC Telnet Session
Nov 3, 2011What the command to prevent a telnet session to the 4400 controller from timing out is?
View 1 Replies
ADVERTISEMENT
Cisco Firewall :: ASA 5520 RDP Session Timeout?
Jun 4, 2012I have inherited the support of an ASA5520 running 8.0(3)12 code and I believe I have a pretty simple question here that I haven't been able to figure out on my own. I have a few users that connect to the box via IPSEC VPN client connections. They want to be able to leave up a RDP based connection, for monitoring purposes, for a most of the day, but thier RDP connection keeps getting discounnted after a few hours. The VPN connection never gets disconnected, just the RDP session running through it. I have another box running 8.0(4) code and they can leave up the RDP sessions as long as they like without getting disconnected from the server(s). I have compared the configs of both boxes and don't see any glsring differences in regards to the configuration that would cuase the RDP sessions to either to stay up or be disconnected after an inactivity type scenario.
What to look for in regards to identifying the timer that is disconnecting the RDP session after a period of time.
Cisco :: 2106 WLC And Freeradius Session-timeout
Jun 20, 2011We are trying to configure our 2106 wireless lan controller to expire wireless users sessions so the user is not remembered indefinitely. We are using freeradius to validate the users login information and passing back a "session-timeout" avpair but the WLC seems to be ignoring this value.
How to configure the session expiration time of wireless users on a 2106?
Cisco AAA/Identity/Nac :: 5411 EAP Session Timeout With ACS In WAN
Jan 19, 2012We're having trouble trying to deploy 802.1x authentication on a brand new site.
Our primary and secondary ACS are located in Paris and the new site located in Toulouse, France. Both sites are connected through the WAN. Everytime a computer/user connects to this new site in Toulouse, ACS 5.2 sends a "5411 EAP session timeout" error message.
Cisco VPN :: ASA 5550 - Telnet Session Get Disconnected
Apr 19, 2011I am using site to site vpn with ASA 5550 and some users telnet to a unix macine on the the other end.
the problem appear if the session is ideal for 30s,
D-Link DIR-825 :: Internet Session TCP Timeout So Low - 120 Seconds?
Mar 1, 2013I have a DIR-825 with 2.60VT firmware (rented from Videotron).
Even though the manual says the stateful firewall should have a timeout on connections of 240 seconds or 7800 seconds, all of my connections start at a mere 120 seconds. I'm having trouble with IMAP IDLE pushing e-mails because the connections timeout so quickly (before any stay alive can be sent). A connection to the e-mail server gets opened on 143 (Videotron) or 993 (encrypted - google, e.g.), and I see the connection on the Internet Sessions page, the timeout starts at 120. When it hits 0, the connection is no longer displayed (it is not renewed), and the IMAP IDLE ****s out because the server can't find the client (i.e. the connection has been closed). But it's not just on those ports or servers. ALL of my TCP sessions begin at a mere 120 seconds! Even for a home router, isn't this way too low?
confirm that their DIR-825, on the Internet Sessions page, shows initial timeout values of greater than 120 for a TCP connection? I would love to see a picture of that screen showing higher values. Does it start at 240? Do you ever see a connection start at a timeout of 7800?
I see no way of changing the timeout value. Is it possible to force connections on certain ports to begin at a higher timeout value?
Cisco VPN :: ASA 5520 - Notification Prior To Session Timeout?
Sep 1, 2011Per PCI & company policy all VPN users have a 12 hour session limit. They will disconnected after 12 hours regardless of use. Is there any way to send a message prior to the 12 hour limit to warn the users that they will be disconnected in x minutes? I'm running SSL VPN on a ASA 5520 ver 8.4(1)
View 1 Replies View RelatedCisco :: Admin Session Timeout On 1252 Autonomous
Oct 11, 2011Is there any way to change a setting which causes a user logged in to the web browser interface (or connected via ssh) to have to re-authenticate. Im getting annoyed by being disconnected from the AP and having to re-authenticate.
View 1 Replies View RelatedCisco Firewall :: Telnet Timeout While VPN Connected Via ASA 5520?
Jun 2, 2010When users are VPN connected their telnet sessions timeout after an hour of inactivity. Looking at the connections on the firewall they are showing as idle. Is there a configuration change or something else that has to be modified?
View 2 Replies View RelatedCisco :: WLC 5508 External Web Authentication Mismatch With Session Timeout?
Aug 27, 2012For guest clients , we have configured guest vlan and applied external web authenication on WLC 5508 , the session timeout value is 2700secons . When a client open a browser to internet page , wlc will redirect to URL and get the login page . After completed the login , he can go to internet page .
We find the iPhone and ipad clients will get the login page again ahfter ~ 5 mins , it is mismatch with session timeout value 2700 sec (45 mins) .
Cisco AAA/Identity/Nac :: 2347 - Update Is Not Active Terminal Session-Timeout
Aug 15, 2011Our company has installed ACS Version: 5.1.0.44.6 Internal Build ID: B.2347 with patches: 5-1-0-44-5, 5-1-0-44-6. The security policy of our company includes a password change every 3 months. Our programmers had written a script that allows us to do it. When testing revealed that the script does not work. This is due to the fact that it is not possible to enter the mode "acs-config". In determining the reasons it was found that to enter this mode there is a limit on sessions (6 sessions). When the number of connections becomes larger than 6 then the script does not work. The documentation says that the update is not active sessions is set with terminal session-timeout. In this case, the terminal session-timeout 30. But after 30 minutes of the session will remain active. It interferes with our script.
View 1 Replies View RelatedCisco Switches :: Management HTTPS Session To SF200-24 Suddenly Timeout
May 6, 2013what would be causing my management HTTPS session to a SF200-24 to suddenly timeout? I receive "The session has been timed out. You may log in again" few mins after logging into to switch.Sometime it happens within 45seconds, other times after 3mins, timouts are not consistent. And, i was not idle when it timed-out. My HTTPs idle time-out is set for 10mins.
I had a continuous PING going to managment IP, and it did not drop any pings when session timed-out.Interface stats are also clean. I tried IE, FireFox, Chrome and all are timming out.
I've changed the HTTP default idle-time out from 1 to 10 and my HTTPs stopped timing out. Management Access Authentication is cleary set for HTTPs, and the Idle-timeout for HTTPs was set for 10mins since install. Yet, adjusting the HTTP idle-timeout cleared the issue.
Cisco Switches :: SG300-20 - Radius Idle And Session Timeout Does Not Work
Jan 25, 2012I have an SG300-20 here for testing (firmware: 1.1.2.0, boot version: 1.0.0.4, language version: 1.1.1.6 English). Everything seems to work on it, except, that if I choose Radius authentication by mac address only, then the switch does not honor the Idle-Timeout and Session-Timeout attributes from the Radius server (freeradius).
The setup is the following: I have a no name access point plugged in to switch port gi1. The port gi1 is set up for Radius authentication by mac address only. The access point itself is authenticated, no problem with that. If I connect through the access point by (say) a mobile phone, it is authenticated, no problem. The radius server does send the Idle-Timeout and Session-Timeout attributes, I checked it by running "freeradius -X", both are set to 30 seconds. Then I turn off the wireless card in my mobile phone and check the dot1x users by "show dot1x users". My mobile phone's mac address remains there for 5-10 minutes, so the Idle-Timeout and Session-Timeout does not work.
Another way I could resolv this problem is by explicitely asking the switch to reauthenticate the user. Unfortunately there is no CLI command to do just that, I can do however a reauthentication on a port using "dot1x re-authenticate gi1" (for example). But it does not work as it is expected: the switch uses the stored mac-address to reauthenticate the user, so nothing changes on the port (unless something changes in the radius server). I think it should work like the following: remove the authenticated user from the port, and whenever that mac address makes some network traffic, then reauthenticate as if it were a completely new connection. BTW: it would work for me also if I could just remove an authenticated user from a port, but I did not find a command to do that.
As a last resort I can simply shutdown the port, bring it up again ("shutdown" and "no shutdown" in the interface config), then all users are removed from the port and they all mush reauthenticate. But it causes a network outage for a couple of seconds for all users on that port, on a busy access point it is quite disturbing, and it is not an elegant way to do this.
So my actual question is: is there a way to remove an authenticated user either automatically (Idle-Timeout and Session-Timeout) or manually from this switch?
I enclose the relevant part of the running config.
interface range gi1-2
dot1x host-mode multi-sessions
exit
vlan database
vlan 2-4
exit
[code]....
Cisco Security :: ASA5510 - Single Timeout Drops Remote-Desktop Session
Oct 19, 2012Just recently we replaced our HQ Cisco-Pix with Cisco-ASA 5510. where we have many branches connecting to our HQ through site-to-site vpn. Since putting this new ASA5510 at HQ , while we are getting a Remote-Desktop session into our branches clients, and at the time when even a single TIMEOUT occurs on the vpn-link so the remote-desktop session gets completely lost. then we have to re-connect the session.This issue happens as i said above when a single timeout occurs on the vpn link. What is the issue with the ASA5510. because with pix we didn't have this issue, remote-desktops were never getting lost / reset with single timeout
View 1 Replies View RelatedCisco Wireless :: AIR-CT5508-K9 - AP01 Connection Bounce Due To WLAN Session Timeout
Jul 30, 2012When a client connecting to a specific AP (example AP01), after every 1800 sec uptime it will reconnect and join other unit AP (example AP02)Both AP physically installed distance is around 6 meters from each other. I conduct the testing where i get myself sitting in middle between these two APs.
01. If i disable settsion timeout this feature, or setting the seconds become higher value, what's the performance and security impact? Is it recomend to change the default 1800 seconds session timeout?
02. Is there anyway i can tweak on WLC controller to prevent the client after session timeout then associate with another AP. This will lead major performance impact as the client woudl possibility connect to the weak signal AP and effect on the performance.
These are the details for reference:Client detail
- Dell DW1520 wireless-N WLAN card, with firmware version 5.100.235.12
- CCX version 4 supported
- Layer 2 security is WPA2 personal with PSK.
- wireless radio an
Controller detail:
model is AIR-CT5508-K9
software version is 7.2.110.0
D-Link DIR-601 :: Loosing Telnet Connection When Leaving Session Idle For Only Few Minutes
Mar 4, 2013Not sure where the best place to drop this question. It is a DIR-601 router. I have it configured in the virtual servers list as; internal system ip, public port/private port both 23, protocal tcp with inbound filter, allow all and schedule set to always. I have a second system with a different public port. I can connect to either one but after a short amount of idle time it appears to just drop the connection.
View 4 Replies View RelatedCisco Infrastructure :: 1841 Dialer Profile - Connection Exists But No Telnet Session Possible
Jul 11, 2012I have a big problem with my Cisco 1841 and the WIC-1AM-V2 in Slot 0.I got the task, to test if it is possible, to build up a connection (Dial on Demand Routing) to a remote modem, which is connected to a console port of another Cisco 1841, with the integrated modem card over POTS from the CLI of the router. My router will only dial out to the remote modems and only if its needed.I am connected to the router with the integrated modem card over a console cable on the console port. The remote modem is also connected to the console port of the remote Cisco 1841.
I found out, with my Dialer Profile configuration, it is possible to build up a connection. I configured a dialer list, that specifies that all ip traffic is permitted an interesting for my dialer interface. So a telnet or ping brings up my dialer, which brings up my Async interface. With the "show line" command, I can see that the TTY line, connected with the Async0/0/0 Interface is in use for 5 minutes, because of the "exec-timeout 5 0", which is configured on the remote router. Now the problem is, in this 5 minutes, I can not use a remote telnet on this line with my loopback interface, because the line is already in use and I get a "connection refused". The first telnet I use runs in a timeout, because the remote host is not responding. When I dial out directly from the modem card and not from the CLI with the AT-commands, I get also the connection and with a return i get the login prompt. I will post my actual config, so that you can see maybe a mistake I did or which command I must use, to get a working connection. [code]
Cisco Switching/Routing :: Pasting Script Into Nexus 7000 Telnet Session?
Feb 27, 2013Any issues with pasting scripts into a Nexus 7K and having the scripts get all messed up even though they are logically correct? I've had this issue over the years with IOS devices and the console port and tweaking some of the line feed/character delays fixes the issue but that was always with the console port and not a telnet session. Telnet has always worked flawlessly on IOS.
I've determined that if I tweak my line feed delay up to 1000ms it seems to work fine, but it just doesn't make sense to me that I have to do that.I have a customer with 3300 ACL lines that need to be put into a Nexus as part of a migration from 6500 to Nexus. And yes, I've already tried to convice them to offload these VLANs behind an ASA!
Cisco Switching/Routing :: Unable To Ping VPN 3005 Concentrator From Telnet Session In 3750
Feb 7, 2012The network is set up like this.
Host -----> 3750 (classic) running IPSERVICES stack ----> 3550 router -----> VPN 3005 Concentrator.
IP routing is disabled on the 3750 (it's acting solely as a switch) IP routing is enabled with an EIGRP process running on the 3550 router that has the network for the 3005 broadcasting.
I can ping the vpn 3005 concentrator from a telnet session in the 3550 but not from the 3750.I can ping between the 3750 and the 3550 vlan management interfaces. Visually speaking it's like this
3750 ------> 3550 [Success!!!!]
3550 ------> VPN 3005 Concentrator [Success!!!!]
3750 ------> 3550 --xxxx--> VPN 3005 Concentrator [Timeout....]
I know this because I tracerout to the 3005 from the 3750 and it resolved the default gateway configured for the 3550 properly but then started timing out.
The 3750 is trunked to the 3550.
3750 is vtp client mode
3550 is vtp server mode
I'm wondering if there's a layer 2 issue involved here as it is a VTP domain and maybe it's not returning properly.
Cisco LAN :: 3750 - Range Command / Session Hang
Oct 18, 2012I've noticed that when using the range command to configure multiple interfaces on a 3750 the SSH session oftens hangs. It's seems the more interfaces in the range command the more often it hangs. I have a feeling it also spikes up the CPU. Doesn't seem to be related to a specific version of code.
View 6 Replies View RelatedCisco Firewall :: Cannot Access FWSM Via Session Command In 6513 (VSS Enabled)
Apr 24, 2012Today i received FWSM from cisco (RMA), I need to configure it as standby unit for existing FWSM active/standby setup.
IOS on RMAed FWSM is 2.3.4 and cisco VSS supports FWSM IOS 4.0.4 and later.My issue is, I cannot access FWSM (IOS 2.3.4) via session command from cisco 6513 but could successfully consoled it without any problem. I have reloaded it twice and also tried to disable and enable power on it.
VSS#sh module switch 2
Switch Number: 2 Role: Virtual Switch Standby
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 6 Firewall Module WS-SVC-FWM-1 -----------
[code]....
why I cannot access FWSM through session command ?Whether this is because of older IOS ? If yes then how to upgrade its IOS ?Is it possible to upgrade IOS via FWSM console ? if yes, Do i need to test on different slot ?
Cisco Switching/Routing :: Nexus 7010 IP Telnet Source-interface Command Not Working
Aug 20, 2012I have configured the ip telnet source-interface Loopback 0 command on a Nexus7010, but when I telnet to another device and do a show users, the ip address is of the closest interface to the device I telnet to, not the ip address of the Loopback. All interfaces are in vrf default. I am running 5.1(6) NXOS.
View 6 Replies View RelatedCisco Firewall :: ASA 8.2(5) - Uauth Absolute Timeout Disabled And Inactivity Timeout Set To 48 Hour
Nov 26, 2012ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
Cisco Wireless :: How To Prevent Certain APs From Associating With WLC 8.1.185
Mar 29, 2012We have 9 WLCs around a corporate network. Each of the WLCs was in the same mobility group for failover purposes, and to permit APs to reconnect back to their primary WLC in the event of a failover.
However one of the sites has now been sold and pending separation of the LAN infrastructure the APs need to be isolated and prevented from associating with any WLC other than their primary (on site). From our experience once the APs know about other WLCs they retain this list in NVRAM even if the secondary WLC is removed from the configuration they will still associate with one of the known APs if possible (Cisco document this). WLC v 8.1.185.
To Prevent Being Hacked From The Internet
Apr 9, 2012I share my internet connection with my roommate who is very tech savvy. I found out yesterday that he has been hacking into my gmail account and reading my emails. I didn't think it was quite possible and I'm very surprised. He manages the internet connection and has full access/control over it.what can I do to prevent him from accessing my information?
View 3 Replies View RelatedHow To Prevent Network Monitoring
Feb 21, 2012I live in a shared flat. And all 20 rooms are connected to this switch I believe. Is there any method to prevent the landlord/tech guy monitoring our internet activity (e.g. bandwidith activity, websites we looked at, etc.
View 5 Replies View RelatedPrevent Neighbour From Using Wifi?
Sep 2, 2011I have high speed wifi at home and the wifi is WPA-PSK protected. My neighbour will be coming to my home to work with me and I will be keying my wifi password into his Windows XP laptop for him to access my wifi.
This is one time access only, after that he is not allowed to access my wifi. To prevent him from accessing my wifi, I will have to delete the password that I keyed into his laptop.
Where do I find this wifi password in the Windows XP? What folder and what filename?
Cisco :: Prevent VLAN Change On Port?
Apr 26, 2012I often have to change switch ports to different VLANs. Regardless of whether I find the ports myself or if someone tells me what the ports are, I'll always perform additional verification steps to make sure that the port I'm changing doesn't connect to a switch, a router, a server, or something else that's equally important. But mistakes happen, and I have accidentally changed the wrong port to a different VLAN, thereby disconnecting the end node.
Is there a way to configure a port so that it will not allow you to change its VLAN (or make any configuration changes to it)? I'm imaging a command that when applied to a port would not allow you to make config changes to the port until you remove that command from that port, at which point you'll be able to change its VLAN, shut it, etc. If there isn't such capability, what strategy do you use to minimize the possibility of accidentally changing trunks, routed ports, or important access ports to different VLANs (other than labeling and verify)?
How To Prevent Same Ip Address Range Conflict
Aug 5, 2011I'm trying to perform ping to another network segment using nat to those devices but the ipaddress i assigned are the same as the segment i am trying to monitor is there anyway to overcome this?
View 4 Replies View RelatedHow To Prevent Network From Accessing Another One By Iptable
Nov 29, 2012how to prevent one network fro accessing another network by iptable
View 1 Replies View RelatedPrevent Internet Connection From Getting Disconnected?
Sep 5, 2012Is there any software that will prevent my internet connection from getting disconnected no matter the cause ?
View 5 Replies View RelatedCisco Switches :: SF302 - Ssh Prevent Prompt For Password
Oct 3, 2012I'm wondering if anyone knows to set up the switch so that when I'm connecting via SSH, the switch doesn't prompt for a username if I supply one in the initial connect request? For example, we usually connect by typing something like the following at a command prompt:
ssh johndoe@10.10.10.10
Then the switch would prompt for a password. I've tried this on the Cisco SF302 but it still prompts for a username, and then the password.
Set Desktop Wallpaper And Prevent Users Changing It?
Jul 1, 2011I've tried a few things to get around this, some kids where I work keep changing the wallpaper, sometimes to quite disgusting things. Since groups of them all use the same login with roaming profiles, everyone gets to look and laugh at the annoying wallpaper.
I've tried enabling active desktop local policy and preventing users changing wallpaper but as far as I could tell active desktop didn't even come on, I refereshed the policy.
Does anyone know a good efficient way of simply setting a wallpaper for all users in an ad ou and preventing them changing it? I've got rid of all ways to set a desktop wallpaper apart from the right click menu on an image which has the "set as backgound" option, that's what they are using to do it.
I don't really mind how it's done, could be a registry hack to remove that option from the right click context menu when clicking on an image, I could then deploy it with group policy.