Yup, this is what I struggled with for the last couple of days and I wanted to save other people some brain damage, so here goes:
line vty 0 4
exec-timeout 5 0
transport input ssh
ip ssh version 2
crypto key generate rsa general-keys modulus 2048
So that's the basics for the config. No ACLs on the line (removed them for troubleshooting). So I did the usual increase logging level, debug ip ssh, yadda yadda. Ended up opening a case with Cisco. Here's the "Ah ha!" moment that I didn't even consider:
Line User Host(s) Idle Location
* 0 con 0 root idle 00:00:00
vty 450 idle 7w5d x.x.x.x
vty 451 idle 6w5d x.x.x.x
vty 452 idle 6w0d x.x.x.x
vty 453 idle 5w5d x.x.x.x
vty 454 idle 5w2d x.x.x.x
Yikes! These sessions never exited or were torn down. So to test I added line vty 5 and was able to login so now I had proof that I simply had all of my vty sessions tied up. Clearing them was a bit tricky as you'll see later. I took over managing this system a while back and the WAN is typically one place in your environment where very few changes are made. Apparently the ISP had been logging in because the IP addresses in x.x.x.x were not any of my public IPs and the vty lines did NOT have any session timeout or exec timeout (I added that). For this reason, I didn't even think to check if any sessions had been opened! So the part that was very strange, however, is the naming of the lines as '450', '451', '452', etc. Trying to clear those lines resulted in
% 450 is an illegal line number [OK]
I have always just seen them as single digit line numbers unless you have lines defined 10-15. Anybody else seen that? In any case, clearing the lines by the single digit 0, 1, 2, etc. still worked. Problem solved.
LISP Protocol (Location Identifier Separation Protocol)! - The LISP protocol has become a brilliant stardom with the digital transformation that we are now experiencing. - Today we will talk about the LISP protocol and its advantages and method of p...
SD-Access provides automated end-to-end services (such as segmentation, quality of service, and analytics) for user, device, and application traffic. SD-Access automates user policy so organizations can ensure the appropriate access control and applicati...
Purpose: This document shows you how to create a group-based security policy in Cisco DNA Center.
Security policies determine the types of network traffic permitted or denied between scalable groups. Scalable groups are a critical compo...
Are you an experienced network professional?
If yes, we'd like to understand how we can better organize network management activities in a way that makes sense to you. Your response will help Cisco improve a product feature that could benefit you.&nb...
Hello I am getting this following error and get ACTV, XPS and S-PWR LEDs amber then suddenly all LEDs are off: Booting...(use DDR clock 667 MHz)*** Coprocessor Unusable Exception ***PC = 0x00000000 00000000SP = 0x00000000 00000000Cause Reg...