Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
1
Helpful
2
Replies

TACACS not logging out

jcarrabine1
Level 1
Level 1

‎03-21-2024 03:03 AM

I have TACACS integrated with ISE. I am able to login and commands run are logged in ISE as well as user authentications.

 

The issue I am seeing is that I have the VTY lines set to exec-timeout 10 and that works when the curser is at the input prompt, but if I run a command such as show run and and leave it in the "more" state i.e. need to use space bar to show the additional lines of the show command, the TACACS session will stay open indefinitely. Why is that? I have seen this on NXOS and IOS-XE.

Labels:
2 Replies 2

Aref Alsouqi
VIP
VIP

‎03-21-2024 08:04 AM

Very good question and I guess it behaves the same even when you login into the switch with a local admin account right? I think this is just the way how the code works and I guess when you are on the "more" screen the timeout timer is not triggered. I would think about it in the same way as when you run Media player on Windows that will prevent the screensaver timer from being triggered, kinda disabling that timer as long as the media file is running.

0 Helpful

MHM Cisco World
VIP
VIP

‎03-21-2024 08:10 AM

that why we need to specify two timeout 
exec-timeout 
and 
session or idle timeout 

if for any reason the use is not correct disconnect the Device will kill the line after specific time. 

MHM

0 Helpful
Customers Also Viewed These Support Documents