Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
556
Views
0
Helpful
2
Replies

VTY lines 0 4 used even though not in config?

sammycbmi
Level 1
Level 1

‎09-23-2013 09:04 AM - edited ‎03-04-2019 09:07 PM

On my 3560 I was setting up an access list and transport to be used for my VTY lines. Previous owner of switch only had vty 5 15 shown in the config. VTY 0 4 was not in the config. So I set up an access list and transport on 5 15. I noticed that I could still get in from an IP that didn't match the access list. Doing a "show users" command showed that I was logged on to VTY 0.  Does this mean that if you don't have VTY 0 4 in the config the switch/router will use them anyway? So to restrict their usage I have no choice but to list them in my config with a VTY 0 4 ?

On the flipside I have a router that has VTY 0 4 configured. I tested if I could log in to more than 5 sessions at once. I could not. So it appears the VTY 0 4 lines are always available even if not listed. However maybe not the case with 5 15.

Labels:
0 Helpful
2 Replies 2

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-23-2013 10:13 AM

Disclaimer

The Author of this posting  offers the information contained within this posting without  consideration and with the reader's understanding that there's no  implied or expressed suitability or fitness for any purpose. Information  provided is for informational purposes only and should not be construed  as rendering professional advice of any kind. Usage of this posting's  information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

What you might be bumping into, in the olden days, vty 0 4 was all you had.  Later IOSs added, by default, eleven more vty ports.  Interestingly, when Cisco added the extra ten ports, instead of all appearing as vty 0 15, they appear in the config as two groups, the original vty 0 4 and the added vty 5 15; this was likely done for some backward compatibility.

Cisco also occasionally changes what they show for the different default settings in different IOS versions.  It's possible, in the one version you were looking at, vty 0 4 was suppressed if all default settings.  See what that devices shows if you use the show run all command.

0 Helpful

sammycbmi
Level 1
Level 1
In response to Joseph W. Doherty

‎09-23-2013 10:49 AM

I didn't know about the "all" thing. Well doing a "show run all" probably isn't gonna tell us anything now as I now have vty 0 4 in my running-config as I wanted to secure my vty lines after discovering this. And I can't remove the vty 0 4 lines with a no statement as the IOS prevents the removal of the first 16 lines. I could reload the switch to get me back to my startup config but can't at the moment.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card