Connection refused when logging in to a Cisco switch

I have a Catalyst 4510R that refuses the connection. I have tried Tera Term and a windows command line telnet and neither works. I don't get a username or password prompt.

I suspect that the vty line needs the login command. Strange thing is it used to work, not sure why someone would take the login command off.

No TACACS commands loaded and only two aaa commands.

All passwords are the same except the line password.

There is also a error message about sticky arp?

aaa new-model
aaa authentication login default local
enable password 7 zzzz
username ABC password 7 zzzz

sh run | beg line
line con 0
 session-timeout 60
 password 7 xyxy
 stopbits 1
line vty 0 4
 session-timeout 60
 password 7 zzzz

5y15w: %IP-3-STCKYARPOVR: Attempt to overwrite Sticky ARP entry: 172.x.x.x, hw: 0002.a540.0030 by hw: 0022.64c2.5cb8
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

you will need the login command under the vty config

preferably login local if you want to use the local DB of the switch
The aaa new-model will remove login on the lines, that's normal. The config looks ok to me.

I'd check if there are old session stuck, so all lines are in use.

You can do this by using:

Show user



And if there are stuck lines you can use

clear line x (where x is the line number shown in show user/who)

If that fails I'd remove all the aaa config (if it isn't used for anything else), and use login (or login local if prefered) on the line again.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dragon0x40Author Commented:
Consoled into router.
R>sh user
   Line       User       Host(s)              Idle       Location
*  0 con 0     XXXXXXXX   idle                 00:00:00
  1 vty 0     XXXXXXXX   idle                    41w1d 10.X.X.X
  2 vty 1     XXXXXXXX   idle                    1y22w 10.X.X.X
  3 vty 2     XXXXXXXX   idle                    22w6d 10.X.X.X
  4 vty 3     XXXXXXXX   idle                     7w3d 10.X.X.X
  5 vty 4     XXXXXXXX   idle                     4w2d 10.X.X.X
  Interface      User        Mode                     Idle     Peer Address
All 5 vty lines being used so cleared all 5.
R#clear line ?
 <0-5>    Line number
 console  Primary terminal line
 vty      Virtual terminal
R#clear line vty 0
(cleared lines 1-4)
R#sh user
   Line       User       Host(s)              Idle       Location
*  0 con 0     XXXXXXXX   idle                 00:00:00
  Interface      User        Mode                     Idle     Peer Address
Closed telnet client and disconnected console cable without typing quit to close the session.
R#sh user
   Line       User       Host(s)              Idle       Location
  0 con 0     XXXXXXXX   idle                 00:00:51
  1 vty 0     XXXXXXXX   idle                 00:03:22 10.X.X.X
*  2 vty 1     XXXXXXXX   idle                 00:00:09 10.X.X.X
  Interface      User        Mode                     Idle     Peer Address

Is there a command to log user off if they close their ssh session or remove the console cable without typing quit?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Try this:

Line vty 0 4
Exec-timeout 5

Disconnect without quitting your session, and log back in and see if it's gone in 5 minutes.
Dragon0x40Author Commented:
thanks captnassar and Hodepine,

After waiting an hour it looks like the session-timeout 60 on the vty finally cleared the session.

I thought the exec-timeout was for killing incoming vty sessions and the session-timeout was for killing outgoing sessions but it looks like session-timout kills both incoming and outgoing sessions.
Dragon0x40Author Commented:
Not sure why the session-timeout did not kill the 5 sessions that were stuck though.
The exec-timeout kills only vty/con connections, where session-timeout kills all connections (con, vty, tty, ppp, etc).

Still weird that it didn't kill your old sessions, though. If it's any comfort I've seen this happen before, so it's not just your equipment. :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.