yes   I'm sure

Sh users

who

show only 2 users connected, and the third one can't not connect.

I even do a debug telnet

Feb 22 13:49:19: Telnet3: 1 1 251 1
.Feb 22 13:49:19: TCP3: Telnet sent WILL ECHO (1)
.Feb 22 13:49:19: Telnet3: 2 2 251 3
.Feb 22 13:49:19: TCP3: Telnet sent WILL SUPPRESS-GA (3)
.Feb 22 13:49:19: Telnet3: 80000 80000 253 24
.Feb 22 13:49:19: TCP3: Telnet sent DO TTY-TYPE (24)
.Feb 22 13:49:19: Telnet3: 10000000 10000000 253 31
.Feb 22 13:49:19: TCP3: Telnet sent DO WINDOW-SIZE (31)
.Feb 22 13:49:19: TCP3: Telnet received DO SUPPRESS-GA (3)
.Feb 22 13:49:19: TCP3: Telnet received WILL TTY-TYPE (24)
.Feb 22 13:49:19: Telnet3: Sent SB 24 1
.Feb 22 13:49:19: TCP3: Telnet received DO ECHO (1)
.Feb 22 13:49:19: TCP3: Telnet received WILL WINDOW-SIZE (31)
.Feb 22 13:49:19: Telnet3: recv SB NAWS 132 58

nothing seem to be badly configured.  maybe I forgot something, but i can't see what it is

how does you access-list looks like?

have you yet tried to connect to the device from a different client
and /or a different terminal programm?

Hi Mermel,

Yes different client have been try.

My acl is ok  the problem is not: connection refused but when the third users try to connect he got:

User Access Verification

Username:
Username:
Username:

and unable to type username/password

thanks.

can you login with 2 users and issue the commds:

sh user all
sh line
sh line summ

when vty 1 and 2 are used, can you also provide the output of
sh line vty 3
(or the next free vty)

Already check this but maybe you could something.

#sh users all
    Line       User       Host(s)              Idle       Location
   0 con 0                                     00:00:00
   1 vty 0     pascalg    idle                 02:35:00 172.16.1.243
*  2 vty 1     fpasca1    idle                 00:00:00 pascalf.cax
   3 vty 2                                     00:00:00
   4 vty 3                                     00:00:00
   5 vty 4                                     00:00:00
   6 vty 5                                     00:00:00
   7 vty 6                                     00:00:00
   8 vty 7                                     00:00:00
   9 vty 8                                     00:00:00
  10 vty 9                                     00:00:00
  11 vty 10                                    00:00:00
  12 vty 11                                    00:00:00
  13 vty 12                                    00:00:00
  14 vty 13                                    00:00:00
  15 vty 14                                    00:00:00
  16 vty 15                                    00:00:00

sh line  
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
     0 CTY              -    -      -    -    -      0       0     0/0       -
*    1 VTY              -    -      -    -    1    598       0     0/0       -
*    2 VTY              -    -      -    -    1    560       0     0/0       -
     3 VTY              -    -      -    -    1    276       0     0/0       -
     4 VTY              -    -      -    -    1    117       0     0/0       -
     5 VTY              -    -      -    -    1      8       0     0/0       -
     6 VTY              -    -      -    -    1      1       0     0/0       -
     7 VTY              -    -      -    -    1      1       0     0/0       -
     8 VTY              -    -      -    -    1      0       0     0/0       -
     9 VTY              -    -      -    -    1      0       0     0/0       -
    10 VTY              -    -      -    -    1      0       0     0/0       -
    11 VTY              -    -      -    -    1      0       0     0/0       -
    12 VTY              -    -      -    -    1      0       0     0/0       -
    13 VTY              -    -      -    -    1      0       0     0/0       -
    14 VTY              -    -      -    -    1      0       0     0/0       -
    15 VTY              -    -      -    -    1      0       0     0/0       -
    16 VTY              -    -      -    -    1      0       0     0/0       -

sh line summ
        0: ?UU- ---- ???? ???? ?

   2 character mode users.           (U)
  10 lines never used                (?)
   2 total lines in use,    0 not authenticated (lowercase)

sh line vty 3

sh line vty 3
   Tty Typ     Tx/Rx    A Modem  Roty AccO AccI   Uses   Noise  Overruns   Int
     4 VTY              -    -      -    -    1    117       0     0/0       -

Line 4, Location: "", Type: ""
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: Ready, No Exit Banner, Control-c Typed
Capabilities: none
Modem state: Ready
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
                ^^x    none   -     -       none        
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
               2d00h        never                        none     not set
                            Idle Session Disconnect Warning
                              never
                            Login-sequence User Response
                             00:00:30
                            Autoselect Initial Wait
                              not set
Modem type is unknown.
Session limit is not set.
Time since activation: never
Editing is enabled.
History is enabled, history size is 20.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are telnet ssh.
Allowed output transports are telnet ssh.
Preferred transport is telnet.
No output characters are padded
No special data dispatching characters

after you have 2 open sessions on the device, have you tried to login with one of these users again? - Is this possible?

Currently, for me, this looks like you have an AAA config with "max session" set ..

- Yes I try and no is not possible to logon with theses users and I dont have AAA or Tacac Authentification.

Maybe I should restart the switch, but I have more than 1 Gb of traffic.  restarting the switch  is the last thing I will do.

Can you post full config?

there is the part I can show you.

Interface / vlan  and some security config have been remove

FYI - This is not acl problem

#sh ru bri
Building configuration...

version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname gw01.qc01.cax
!
logging buffered 32000 debugging

no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-24ts
switch 2 provision ws-c3750g-24t
stack-mac persistent timer 0
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing

port-channel load-balance src-dst-ip
!
!
archive
log config
  logging enable
  logging size 200
  notify syslog contenttype plaintext
!        
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 802 priority 24576
!
vlan internal allocation policy ascending

router bgp 64512
no synchronization
bgp log-neighbor-changes
network 10.50.0.0 mask 255.255.0.0
network 10.51.0.0 mask 255.255.0.0
network 10.52.0.0 mask 255.255.0.0
network 10.53.0.0 mask 255.255.0.0
network 10.54.0.0 mask 255.255.0.0
network 10.101.0.0 mask 255.255.255.0
network 172.16.8.0 mask 255.255.255.0
network 172.16.12.0 mask 255.255.255.0
network 172.16.14.0 mask 255.255.255.0
network 172.16.200.0 mask 255.255.255.0
network 172.17.200.0 mask 255.255.255.0
neighbor 172.16.254.6 remote-as 64512
neighbor 172.16.254.6 description Peer LB-STM
neighbor 172.16.254.6 update-source Loopback2
neighbor 172.16.254.6 route-reflector-client
neighbor 172.16.254.6 next-hop-self
neighbor 172.16.254.6 soft-reconfiguration inbound
neighbor 172.16.254.8 remote-as 64512
neighbor 172.16.254.8 description Peer LB-QC
neighbor 172.16.254.8 update-source Loopback3
neighbor 172.16.254.8 route-reflector-client
neighbor 172.16.254.8 next-hop-self
neighbor 172.16.254.8 soft-reconfiguration inbound
no auto-summary
!

!
control-plane
!
privilege exec level 1 show conf
privilege exec level 1 ping
!
line con 0
exec-timeout 2880 0
logging synchronous
login local
line vty 0 4
access-class 1 in
exec-timeout 2880 0
logging synchronous
login local
line vty 5 15
access-class 1 in
exec-timeout 2880 0
logging synchronous
login local
!
end

just out of curiousity try removing "access-class 1 in" and "exec-timeout 2880 0" from the "line vty 0 15" and see if it makes a difference. Nevermind if you already tried it.

yes I already tried the idea was not bad