• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2289
  • Last Modified:

All cisco VTY lines used up on 3750.

All the VTY lines on my 3750 show used up. I am not able to clear or disconnect the line. I have one session active on the device. No new sessions can be established. I did a sh tcp br and it should only my active session. How do i clear the unused line?
0
hkdv
Asked:
hkdv
  • 9
  • 9
2 Solutions
 
Istvan KalmarHead of IT Security Division Commented:
what shows the folloring?
sh line
0
 
hkdvAuthor Commented:
"  *   "next to each line..
0
 
Istvan KalmarHead of IT Security Division Commented:
you able to kick the user:

clear line x
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
hkdvAuthor Commented:
sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    0 CTY              -    -      -    -    -      0       1     0/0       -
*    1 VTY              -    -      -    -    -     39       0     0/0       -
*    2 VTY              -    -      -    -    -      4       0     0/0       -
*    3 VTY              -    -      -    -    -      9       0     0/0       -
*    4 VTY              -    -      -    -    -      5       0     0/0       -
*    5 VTY              -    -      -    -    -      1       0     0/0       -
*    6 VTY              -    -      -    -    -   1419       0     0/0       -
*    7 VTY              -    -      -    -    -     86       0     0/0       -
*    8 VTY              -    -      -    -    -   1912       0     0/0       -
*    9 VTY              -    -      -    -    -     24       0     0/0       -
*   10 VTY              -    -      -    -    -      2       0     0/0       -
*   11 VTY              -    -      -    -    -      1       0     0/0       -
*   12 VTY              -    -      -    -    -      1       0     0/0       -
*   13 VTY              -    -      -    -    -      1       0     0/0       -
*   14 VTY              -    -      -    -    -      1       0     0/0       -
*   15 VTY              -    -      -    -    -      1       0     0/0       -
*   16 VTY              -    -      -    -    -    116       0     0/0       -

TXD-VA01-A#clear line 1
[confirm]
 [OK]
TXD-VA01-A#sh line
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
*    0 CTY              -    -      -    -    -      0       1     0/0       -
*    1 VTY              -    -      -    -    -     39       0     0/0       -
*    2 VTY              -    -      -    -    -      4       0     0/0       -
*    3 VTY              -    -      -    -    -      9       0     0/0       -
*    4 VTY              -    -      -    -    -      5       0     0/0       -
*    5 VTY              -    -      -    -    -      1       0     0/0       -
*    6 VTY              -    -      -    -    -   1419       0     0/0       -
*    7 VTY              -    -      -    -    -     86       0     0/0       -
*    8 VTY              -    -      -    -    -   1912       0     0/0       -
*    9 VTY              -    -      -    -    -     24       0     0/0       -
*   10 VTY              -    -      -    -    -      2       0     0/0       -
*   11 VTY              -    -      -    -    -      1       0     0/0       -
*   12 VTY              -    -      -    -    -      1       0     0/0       -
*   13 VTY              -    -      -    -    -      1       0     0/0       -
*   14 VTY              -    -      -    -    -      1       0     0/0       -
*   15 VTY              -    -      -    -    -      1       0     0/0       -
*   16 VTY              -    -      -    -    -    116       0     0/0       -
0
 
Istvan KalmarHead of IT Security Division Commented:
Hi,

It seems somebody attacking the device...
what show the 'sh users' command output?

you need to create acl for vty:

access-list 23 permit x.x.x.x
line vty 0 15
 ip access-group 23 in

0
 
hkdvAuthor Commented:
Seems the connections have been this way for a year and about 5 weeks for some :S

TXD-VA01-A#  sh user
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                    2y20w  
   1 vty 0                idle                    2y18w 10.7.200.4
   2 vty 1                idle                    2y19w 10.7.200.30
   3 vty 2                idle                    2y19w 10.7.200.30
   4 vty 3                idle                    2y19w 10.7.200.30
   5 vty 4                idle                    2y19w 10.7.200.30
   6 vty 5                idle                    1y22w 10.7.205.220
   7 vty 6                idle                    1y21w 10.7.205.220
   8 vty 7                idle                     5w3d 10.7.205.220
   9 vty 8                idle                     5w3d 10.7.205.220
  10 vty 9                idle                     5w3d 10.7.205.220
  11 vty 10               idle                     5w3d 10.7.205.220
  12 vty 11               idle                     5w3d 10.7.205.220
  13 vty 12               idle                     5w3d 10.7.205.220
  14 vty 13               idle                     5w3d 10.7.205.220
  15 vty 14               idle                     5w3d 10.7.205.220
* 16 vty 15               idle                 00:00:00 10.7.204.152


how do i clear this?
0
 
Istvan KalmarHead of IT Security Division Commented:
clear line 15
0
 
Istvan KalmarHead of IT Security Division Commented:
and I advise to set idle timeout on vty:
line vty 0 15
 timeout login response 60

0
 
hkdvAuthor Commented:
before i clear line 15, is there a way to determine which line i am connected to?
0
 
Istvan KalmarHead of IT Security Division Commented:
The asterisk shops whicjh line is yours...
* 16 vty 15               idle                 00:00:00 10.7.204.152
0
 
hkdvAuthor Commented:
I dont want to kill my connection to the device. That is the only connection we have to the device right now :S
0
 
Istvan KalmarHead of IT Security Division Commented:
you able to kill vty 0 to 14
0
 
hkdvAuthor Commented:
tried it.. nothing changed! wondering it is a cisco bug..
0
 
Istvan KalmarHead of IT Security Division Commented:
'clear line 1'?
0
 
BooSTidCommented:
This is what happens when no timeout is configured on a vty line; sessions that you leave never timeout. If you can't clear them, I believe only a router reboot will clear the sessions. Do what ikalmar said as far as setting the timeout, then attempt to clear. If unsuccessful, make sure your config is saved to startup, and reboot the router.
0
 
hkdvAuthor Commented:
Have the exec timeout already set

line vty 0 4
 access-class <ACL> in
 exec-timeout 15 0
 password 7 <xxxx>
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
line vty 5 15
 access-class <ACL> in
 exec-timeout 15 0
 password 7 xxxxx
 logging synchronous
 transport input telnet ssh
 transport output telnet ssh
0
 
Istvan KalmarHead of IT Security Division Commented:
if the clera line isn't working you need to reload the device!
0
 
hkdvAuthor Commented:
thanks!! will do that...
0
 
hkdvAuthor Commented:
It is related to a cisco bug.CSCsg64652. Hence reloading
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 9
  • 9
Tackle projects and never again get stuck behind a technical roadblock.
Join Now