Solved

All cisco VTY lines used up on 3750.

Posted on 2010-11-12
19
2,009 Views
Last Modified: 2012-05-10
All the VTY lines on my 3750 show used up. I am not able to clear or disconnect the line. I have one session active on the device. No new sessions can be established. I did a sh tcp br and it should only my active session. How do i clear the unused line?
0
Comment
Question by:hkdv
  • 9
  • 9
19 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
what shows the folloring?
sh line
0
 

Author Comment

by:hkdv
Comment Utility
"  *   "next to each line..
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
you able to kick the user:

clear line x
0
 

Author Comment

by:hkdv
Comment Utility
sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    0 CTY              -    -      -    -    -      0       1     0/0       -
*    1 VTY              -    -      -    -    -     39       0     0/0       -
*    2 VTY              -    -      -    -    -      4       0     0/0       -
*    3 VTY              -    -      -    -    -      9       0     0/0       -
*    4 VTY              -    -      -    -    -      5       0     0/0       -
*    5 VTY              -    -      -    -    -      1       0     0/0       -
*    6 VTY              -    -      -    -    -   1419       0     0/0       -
*    7 VTY              -    -      -    -    -     86       0     0/0       -
*    8 VTY              -    -      -    -    -   1912       0     0/0       -
*    9 VTY              -    -      -    -    -     24       0     0/0       -
*   10 VTY              -    -      -    -    -      2       0     0/0       -
*   11 VTY              -    -      -    -    -      1       0     0/0       -
*   12 VTY              -    -      -    -    -      1       0     0/0       -
*   13 VTY              -    -      -    -    -      1       0     0/0       -
*   14 VTY              -    -      -    -    -      1       0     0/0       -
*   15 VTY              -    -      -    -    -      1       0     0/0       -
*   16 VTY              -    -      -    -    -    116       0     0/0       -

TXD-VA01-A#clear line 1
[confirm]
 [OK]
TXD-VA01-A#sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    0 CTY              -    -      -    -    -      0       1     0/0       -
*    1 VTY              -    -      -    -    -     39       0     0/0       -
*    2 VTY              -    -      -    -    -      4       0     0/0       -
*    3 VTY              -    -      -    -    -      9       0     0/0       -
*    4 VTY              -    -      -    -    -      5       0     0/0       -
*    5 VTY              -    -      -    -    -      1       0     0/0       -
*    6 VTY              -    -      -    -    -   1419       0     0/0       -
*    7 VTY              -    -      -    -    -     86       0     0/0       -
*    8 VTY              -    -      -    -    -   1912       0     0/0       -
*    9 VTY              -    -      -    -    -     24       0     0/0       -
*   10 VTY              -    -      -    -    -      2       0     0/0       -
*   11 VTY              -    -      -    -    -      1       0     0/0       -
*   12 VTY              -    -      -    -    -      1       0     0/0       -
*   13 VTY              -    -      -    -    -      1       0     0/0       -
*   14 VTY              -    -      -    -    -      1       0     0/0       -
*   15 VTY              -    -      -    -    -      1       0     0/0       -
*   16 VTY              -    -      -    -    -    116       0     0/0       -
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
Hi,

It seems somebody attacking the device...
what show the 'sh users' command output?

you need to create acl for vty:

access-list 23 permit x.x.x.x
line vty 0 15
 ip access-group 23 in

0
 

Author Comment

by:hkdv
Comment Utility
Seems the connections have been this way for a year and about 5 weeks for some :S

TXD-VA01-A#  sh user
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                    2y20w  
   1 vty 0                idle                    2y18w 10.7.200.4
   2 vty 1                idle                    2y19w 10.7.200.30
   3 vty 2                idle                    2y19w 10.7.200.30
   4 vty 3                idle                    2y19w 10.7.200.30
   5 vty 4                idle                    2y19w 10.7.200.30
   6 vty 5                idle                    1y22w 10.7.205.220
   7 vty 6                idle                    1y21w 10.7.205.220
   8 vty 7                idle                     5w3d 10.7.205.220
   9 vty 8                idle                     5w3d 10.7.205.220
  10 vty 9                idle                     5w3d 10.7.205.220
  11 vty 10               idle                     5w3d 10.7.205.220
  12 vty 11               idle                     5w3d 10.7.205.220
  13 vty 12               idle                     5w3d 10.7.205.220
  14 vty 13               idle                     5w3d 10.7.205.220
  15 vty 14               idle                     5w3d 10.7.205.220
* 16 vty 15               idle                 00:00:00 10.7.204.152


how do i clear this?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
clear line 15
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
and I advise to set idle timeout on vty:
line vty 0 15
 timeout login response 60

0
 

Author Comment

by:hkdv
Comment Utility
before i clear line 15, is there a way to determine which line i am connected to?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
The asterisk shops whicjh line is yours...
* 16 vty 15               idle                 00:00:00 10.7.204.152
0
 

Author Comment

by:hkdv
Comment Utility
I dont want to kill my connection to the device. That is the only connection we have to the device right now :S
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
you able to kill vty 0 to 14
0
 

Assisted Solution

by:hkdv
hkdv earned 0 total points
Comment Utility
tried it.. nothing changed! wondering it is a cisco bug..
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
Comment Utility
'clear line 1'?
0
 
LVL 5

Expert Comment

by:BooSTid
Comment Utility
This is what happens when no timeout is configured on a vty line; sessions that you leave never timeout. If you can't clear them, I believe only a router reboot will clear the sessions. Do what ikalmar said as far as setting the timeout, then attempt to clear. If unsuccessful, make sure your config is saved to startup, and reboot the router.
0
 

Author Comment

by:hkdv
Comment Utility
Have the exec timeout already set

line vty 0 4
 access-class <ACL> in
 exec-timeout 15 0
 password 7 <xxxx>
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 access-class <ACL> in
 exec-timeout 15 0
 password 7 xxxxx
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 200 total points
Comment Utility
if the clera line isn't working you need to reload the device!
0
 

Author Comment

by:hkdv
Comment Utility
thanks!! will do that...
0
 

Author Closing Comment

by:hkdv
Comment Utility
It is related to a cisco bug.CSCsg64652. Hence reloading
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now