Switch vty sessions are not exited properly

Question

Switch vty sessions are not exited properly

Closed this issue 2 years ago · 3 comments

Hello

I was unable to log into my switch because I noticed that the Vanilla ISE tool has exhausted the vty session table. It seems that it logs in and then never logs out cleanly.
It appears that every time I click on the IP address on the Vanillia ISE web page, it creates a new VTY session and it takes ages to age out the old sessions.

C9300-24P IOS-XE 16.6.2

RNOCORE01#who
    Line       User       Host(s)              Idle       Location
   1 vty 0     admin      idle                 00:27:47 172.23.251.6
   2 vty 1     admin      idle                 00:27:37 172.23.251.6
   3 vty 2     admin      idle                 00:27:21 172.23.251.6
   4 vty 3     admin      idle                 00:27:11 172.23.251.6
   5 vty 4     admin      idle                 00:25:31 172.23.251.6
   6 vty 5     admin      idle                 00:25:21 172.23.251.6
   7 vty 6     admin      idle                 00:24:45 172.23.251.6
   8 vty 7     admin      idle                 00:24:30 172.23.251.6
   9 vty 8     admin      idle                 00:24:17 172.23.251.6
  10 vty 9     admin      idle                 00:24:05 172.23.251.6
* 11 vty 10    admin      idle                 00:00:03 172.23.251.6
  12 vty 11    admin      idle                 00:16:30 172.23.251.6
  13 vty 12    admin      idle                 00:16:22 172.23.251.6
  14 vty 13    admin      idle                 00:02:56 172.23.251.6
  15 vty 14    admin      idle                 00:01:43 172.23.251.6
  16 vty 15    admin      idle                 00:01:36 172.23.251.6

  Interface    User               Mode         Idle     Peer Address

Also, I was a bit alarmed that it does the commands below and then doesn't put the correct settings back as they were - setting console to exec-timeout 0 effectively disabled the exec timeout - one should put the value back as it was before.

2022-06-01 20:01:02,096: %UNICON-INFO: +++ RNOCORE01 with via 'cli': configure +++
config term
Enter configuration commands, one per line.  End with CNTL/Z.
RNOCORE01(config)#no logging console
RNOCORE01(config)#line console 0
RNOCORE01(config-line)#exec-timeout 0
RNOCORE01(config-line)#end
RNOCORE01#

Luckily I don't use the console - but in cases where the user has set some other exec-timeout, it will be overwritten by the script.

Answer 1 · 2022-06-01T14:19:55.000Z

Thanks. I added a graceful disconnection to the functions communicating with the network devices.
Can you kindly try again, based on the latest commit?

Answer 2 · 2022-06-01T22:50:12.000Z

thanks - I did a pull request and the updated session management looks good. Thanks!

I will have more time to explore this tool a bit in the lab.

Answer 3 · 2022-06-02T04:05:33.000Z

Thank you for confirming. Closing the issue.