Yup, this is what I struggled with for the last couple of days and I wanted to save other people some brain damage, so here goes:
line vty 0 4
exec-timeout 5 0
transport input ssh
ip ssh version 2
crypto key generate rsa general-keys modulus 2048
So that's the basics for the config. No ACLs on the line (removed them for troubleshooting). So I did the usual increase logging level, debug ip ssh, yadda yadda. Ended up opening a case with Cisco. Here's the "Ah ha!" moment that I didn't even consider:
Line User Host(s) Idle Location
* 0 con 0 root idle 00:00:00
vty 450 idle 7w5d x.x.x.x
vty 451 idle 6w5d x.x.x.x
vty 452 idle 6w0d x.x.x.x
vty 453 idle 5w5d x.x.x.x
vty 454 idle 5w2d x.x.x.x
Yikes! These sessions never exited or were torn down. So to test I added line vty 5 and was able to login so now I had proof that I simply had all of my vty sessions tied up. Clearing them was a bit tricky as you'll see later. I took over managing this system a while back and the WAN is typically one place in your environment where very few changes are made. Apparently the ISP had been logging in because the IP addresses in x.x.x.x were not any of my public IPs and the vty lines did NOT have any session timeout or exec timeout (I added that). For this reason, I didn't even think to check if any sessions had been opened! So the part that was very strange, however, is the naming of the lines as '450', '451', '452', etc. Trying to clear those lines resulted in
% 450 is an illegal line number [OK]
I have always just seen them as single digit line numbers unless you have lines defined 10-15. Anybody else seen that? In any case, clearing the lines by the single digit 0, 1, 2, etc. still worked. Problem solved.
We'd like to learn a little about your network, your pain points with monitoring an enterprise network, and your preferred solution and workflow to solve issues.
We ask that you complete our brief survey: https://ciscoux.az1.qualtrics.com/jfe/form/SV...
Have you ever wondered why pluggable optics exist? Have you ever wondered what acronyms like QSFP, LR4, FEC, and PAM4 actually mean? In this episode I continue my conversation with my colleague Ray Nering. He explains to me how a lot of these came to be, ...
Community Live- Smart Licensing Using Policy (Routing) – A Simplified Licensing Approach
(Live event - Tuesday, 18 May, 2021 at 9:00 am Pacific/ 1:00 pm Eastern / 7:00 pm Paris)
This event had place on Tuesday 18th, May 2021 at 9:00 hrs PDT
Today I'm going to write SD-WAN Overview & Advanced Deployment Lab Part ||* check out SD-WAN Overview & Advanced Deployment Lab Part | through this link : https://community.cisco.com/t5/networking-documents/sd-wan-overview-amp-advan...
Have you ever wondered why pluggable optics exist? Have you ever wondered what acronyms like QSFP, LR4, FEC, and PAM4 actually mean? In this first episode I start a conversation with my colleague Ray Nering. He explains to me how a lot of these came to be...