Automatically log a user out of Cisco telnet (VTY) and console lines

Automatically log a user out of Cisco telnet after a specified time – Helps to avoid leaving unattended sessions logged in

As a security measure, it is a good idea to have a set up whereby the system will  automatically log a user out of Cisco telnet after a specified period of inactivity.

The command below will log a user out of the console after one minute, and within a telnet session will log the user our after two minutes.

Router(config) line console 0
Router(config-line) exec-timeout 1 0
Router(config-line) line vty 0 4
Router(config-line) exec-timeout 2 0

Block access after specified amount of login attempts for a set amount of time.

As an additional security measure it is possible to block access for a set period of time if there have been a certain number (which you can specify yourself) of failed log in attempts. This is helpful to disrupt brute force attacks.

The command given will block login attempts for 180 seconds if two failed attempts occur within 120 seconds.

Router(config) login block-for 180 attempt 2 within 120

Now that you know how to automatically log a user out of Cisco telnet, browse our support archive for more useful articles.