?
Solved

All cisco VTY lines used up on 3750.

Posted on 2010-11-12
19
Medium Priority
?
2,129 Views
Last Modified: 2012-05-10
All the VTY lines on my 3750 show used up. I am not able to clear or disconnect the line. I have one session active on the device. No new sessions can be established. I did a sh tcp br and it should only my active session. How do i clear the unused line?
0
Comment
Question by:hkdv
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 9
19 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34120145
what shows the folloring?
sh line
0
 

Author Comment

by:hkdv
ID: 34120165
"  *   "next to each line..
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34120510
you able to kick the user:

clear line x
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 

Author Comment

by:hkdv
ID: 34120879
sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    0 CTY              -    -      -    -    -      0       1     0/0       -
*    1 VTY              -    -      -    -    -     39       0     0/0       -
*    2 VTY              -    -      -    -    -      4       0     0/0       -
*    3 VTY              -    -      -    -    -      9       0     0/0       -
*    4 VTY              -    -      -    -    -      5       0     0/0       -
*    5 VTY              -    -      -    -    -      1       0     0/0       -
*    6 VTY              -    -      -    -    -   1419       0     0/0       -
*    7 VTY              -    -      -    -    -     86       0     0/0       -
*    8 VTY              -    -      -    -    -   1912       0     0/0       -
*    9 VTY              -    -      -    -    -     24       0     0/0       -
*   10 VTY              -    -      -    -    -      2       0     0/0       -
*   11 VTY              -    -      -    -    -      1       0     0/0       -
*   12 VTY              -    -      -    -    -      1       0     0/0       -
*   13 VTY              -    -      -    -    -      1       0     0/0       -
*   14 VTY              -    -      -    -    -      1       0     0/0       -
*   15 VTY              -    -      -    -    -      1       0     0/0       -
*   16 VTY              -    -      -    -    -    116       0     0/0       -

TXD-VA01-A#clear line 1
[confirm]
 [OK]
TXD-VA01-A#sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    0 CTY              -    -      -    -    -      0       1     0/0       -
*    1 VTY              -    -      -    -    -     39       0     0/0       -
*    2 VTY              -    -      -    -    -      4       0     0/0       -
*    3 VTY              -    -      -    -    -      9       0     0/0       -
*    4 VTY              -    -      -    -    -      5       0     0/0       -
*    5 VTY              -    -      -    -    -      1       0     0/0       -
*    6 VTY              -    -      -    -    -   1419       0     0/0       -
*    7 VTY              -    -      -    -    -     86       0     0/0       -
*    8 VTY              -    -      -    -    -   1912       0     0/0       -
*    9 VTY              -    -      -    -    -     24       0     0/0       -
*   10 VTY              -    -      -    -    -      2       0     0/0       -
*   11 VTY              -    -      -    -    -      1       0     0/0       -
*   12 VTY              -    -      -    -    -      1       0     0/0       -
*   13 VTY              -    -      -    -    -      1       0     0/0       -
*   14 VTY              -    -      -    -    -      1       0     0/0       -
*   15 VTY              -    -      -    -    -      1       0     0/0       -
*   16 VTY              -    -      -    -    -    116       0     0/0       -
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34121569
Hi,

It seems somebody attacking the device...
what show the 'sh users' command output?

you need to create acl for vty:

access-list 23 permit x.x.x.x
line vty 0 15
 ip access-group 23 in

0
 

Author Comment

by:hkdv
ID: 34121733
Seems the connections have been this way for a year and about 5 weeks for some :S

TXD-VA01-A#  sh user
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                    2y20w  
   1 vty 0                idle                    2y18w 10.7.200.4
   2 vty 1                idle                    2y19w 10.7.200.30
   3 vty 2                idle                    2y19w 10.7.200.30
   4 vty 3                idle                    2y19w 10.7.200.30
   5 vty 4                idle                    2y19w 10.7.200.30
   6 vty 5                idle                    1y22w 10.7.205.220
   7 vty 6                idle                    1y21w 10.7.205.220
   8 vty 7                idle                     5w3d 10.7.205.220
   9 vty 8                idle                     5w3d 10.7.205.220
  10 vty 9                idle                     5w3d 10.7.205.220
  11 vty 10               idle                     5w3d 10.7.205.220
  12 vty 11               idle                     5w3d 10.7.205.220
  13 vty 12               idle                     5w3d 10.7.205.220
  14 vty 13               idle                     5w3d 10.7.205.220
  15 vty 14               idle                     5w3d 10.7.205.220
* 16 vty 15               idle                 00:00:00 10.7.204.152


how do i clear this?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34121802
clear line 15
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34121830
and I advise to set idle timeout on vty:
line vty 0 15
 timeout login response 60

0
 

Author Comment

by:hkdv
ID: 34121906
before i clear line 15, is there a way to determine which line i am connected to?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34122128
The asterisk shops whicjh line is yours...
* 16 vty 15               idle                 00:00:00 10.7.204.152
0
 

Author Comment

by:hkdv
ID: 34123345
I dont want to kill my connection to the device. That is the only connection we have to the device right now :S
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34123797
you able to kill vty 0 to 14
0
 

Assisted Solution

by:hkdv
hkdv earned 0 total points
ID: 34123858
tried it.. nothing changed! wondering it is a cisco bug..
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34124450
'clear line 1'?
0
 
LVL 5

Expert Comment

by:BooSTid
ID: 34124508
This is what happens when no timeout is configured on a vty line; sessions that you leave never timeout. If you can't clear them, I believe only a router reboot will clear the sessions. Do what ikalmar said as far as setting the timeout, then attempt to clear. If unsuccessful, make sure your config is saved to startup, and reboot the router.
0
 

Author Comment

by:hkdv
ID: 34124583
Have the exec timeout already set

line vty 0 4
 access-class <ACL> in
 exec-timeout 15 0
 password 7 <xxxx>
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 access-class <ACL> in
 exec-timeout 15 0
 password 7 xxxxx
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 800 total points
ID: 34124623
if the clera line isn't working you need to reload the device!
0
 

Author Comment

by:hkdv
ID: 34124775
thanks!! will do that...
0
 

Author Closing Comment

by:hkdv
ID: 34153371
It is related to a cisco bug.CSCsg64652. Hence reloading
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question