You want to enable absolute timeouts on your VTY lines.

To enable absolute VTY timeouts, use the following set of configuration commands:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#line vty 0 4
Router1(config-line)#absolute-timeout 5
Router1(config-line)#logout-warning 30
Router1(config-line)#exit
Router1(config)#end
Router1#

To prevent users from indefinitely tying up valuable router VTY lines, you can implement absolute timers. Absolute timers differ from the inactivity timers discussed in Recipe 3.9 because they will terminate a session whether it is active or not. Although absolute timers are rarely used, there are times when they can be quite useful. For example, in classroom and lab situations, the absolute timeout can help to ensure that nobody uses more than their faire share of login time.

The prospect of having a session terminated in the middle of troubleshooting a problem in a production network is not appealing to most administrators. So, if you do choose to implement an absolute timer, we recommend setting the timer to a reasonable amount of time (no less than 10 minutes). In addition, you should enable a logout warning to ensure that the user has plenty of notice to save their work. The following is an example of a logout-warning banner:

Router1>
*
*
* Line timeout expired
*
*
Router1>Connection closed by foreign host.
Freebsd%

Note that the argument ...