exec-timeout [min] [sec]
Sets the inactivity timeout for an EXEC session on a line, automatically logging out idle users to free up resources and enhance security.
exec-timeout [min] [sec]When to Use This Command
- Configure a 5-minute timeout on console lines to prevent unauthorized access if an admin walks away.
- Set a 10-minute timeout on VTY lines for remote SSH sessions to reduce risk of session hijacking.
- Apply a 0-minute timeout (no timeout) on a management console during maintenance windows to avoid disconnection.
- Enforce a 2-minute timeout on auxiliary lines for dial-in users to conserve modem resources.
Command Examples
Set 5-minute timeout on console line
Router(config-line)# exec-timeout 5 0Router(config-line)#
No output is generated; the command is applied silently. The timeout is set to 5 minutes and 0 seconds.
Set 10-minute 30-second timeout on VTY lines
Router(config-line)# exec-timeout 10 30Router(config-line)#
Sets the timeout to 10 minutes and 30 seconds. After this idle period, the session will be terminated.
Understanding the Output
The exec-timeout command does not produce any output when configured. To verify the setting, use 'show running-config | section line' or 'show line'. In 'show line', look for the 'Timeout' field under the specific line number; it displays the timeout in minutes and seconds (e.g., 'Timeout: 5 minutes'). A value of '0' means no timeout. Good practice is to set a timeout between 5-15 minutes for most lines; a timeout of 0 should be used sparingly and only in secure environments.
CCNA Exam Tips
Remember that exec-timeout applies to EXEC mode sessions, not to privileged EXEC mode directly; it affects the user after login.
The default timeout is 10 minutes on most lines; the exam may ask you to change it to a specific value.
Setting exec-timeout 0 0 disables the timeout entirely—this is a security risk and often a wrong answer in security scenarios.
The command is configured in line configuration mode (config-line), not global config.
Common Mistakes
Forgetting to enter line configuration mode before issuing the command, resulting in '% Invalid input detected'.
Using 'exec-timeout 0' without specifying seconds, which defaults to 0 minutes 0 seconds (no timeout) instead of the intended 0 minutes.
Setting the timeout too short (e.g., 1 minute) causing frequent disconnections during normal use.
Related Commands
line console 0
Enters line configuration mode for the console port (line 0) to configure console access parameters such as password, timeout, and exec mode.
line vty 0 4
Enters line configuration mode for virtual terminal (VTY) lines 0 through 4 to configure remote access settings like Telnet/SSH, ACLs, and timeout parameters.
show line
Displays line configuration and status information for console, auxiliary, and vty lines, used to verify line settings and monitor user connections.
show running-config
Displays the current active configuration in DRAM, showing all non-default settings.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions