need help in switch 2960 telnet users!

Dr.X · ‎12-07-2011

heloo, i have a swich with a public ip , the problem that when i make a telnet connection , the switch tell me that the password not set, but im sure that the password is set.

when i type #sh users

i found the following:

Line User Host(s) Idle Location

1 vty 0 idle 2d14h xxx.153.43.139

2 vty 1 idle 23:36:10 1xxxx8.79.2

3 vty 2 idle 1d22h xxx.79.2

4 vty 3 idle 1d21h xxxx.79.2

*5 vty 4 idle 22:47:25 xxxx.79.2

i dont know who are those users????that saturated my vty command 0 4 ???????????

the configurations are:

line con 0

exec-timeout 0 0

password 111

logging synchronous

login

line vty 0 4

exec-timeout 0 0

password 111

logging synchronous

login

line vty 5 15

login

!

end

=====================

can any one help me? yesterday i connected with it many times , but today i cant !!!!!!!

thanks alot

vipinrajrc · ‎12-07-2011

Hi,

are you using telenet to access this switch using public?

from the configuration itself it is clear that you coonfigured telnet password for line vty 0 4.

line vty 0 4

exec-timeout 0 0

password 111.

But not configured for

line vty 5 15

login

From the show user it is clear that all the 5 terminals are occupied

Line User Host(s) Idle Location

1 vty 0 idle 2d14h xxx.153.43.139

2 vty 1 idle 23:36:10 1xxxx8.79.2

3 vty 2 idle 1d22h xxx.79.2

4 vty 3 idle 1d21h xxxx.79.2

*5 vty 4 idle 22:47:25 xxxx.79.2

lint vty 0 4 --> means five vty line.

for line vty 5 15 u didnt configured any password.

you can terminate the above conenctions....... by commands

please rate this post if it is helpful

thanks

vipin

Thanks and Regards, Vipin

vipinrajrc · ‎12-07-2011

you can remove the above sessions by

no line vty

Thanks and Regards, Vipin

Dr.X · ‎12-07-2011

thnak you very much , but my question is that actually there are no 5 connections above !!!!!!!!! why they are existed wheni type sh users????????

i mean that actually no one is connecting to the switch usibng telnet but the sessions are existed !!!!!!!!!!!!!!!!!

can any 1 help me !?

Dr.X · ‎12-07-2011

it denied my command when i typed no line vty command

here is the result

xp10(config)#no line vty 1

% Can't delete last 16 VTY lines

xp10(config)#no line vty 2

% Can't delete last 16 VTY lines

Peter Paluch · ‎12-07-2011

Hello Ahmed,

It should say clear line vty, not no line vty - actually, the second one is dangerous as it may deconfigure your VTYs, disabling the possibility to connect remotely altogether.

The clear line vty is used in privileged EXEC mode, outside of the global config.

Best regards,

Peter

Dr.X · ‎12-07-2011

thanks very much all> i ve solved the problem now.

but now i want to know , why there were a useres that actually are not exist !!!! ???????

johnlloyd_13 · ‎12-07-2011

Hi Ahmed,

Try using the "clear line vty x" command from privileged exec to kick out those idle users.

Switch#clear line vty 0

Your Telnet users stayed with their remote session due to the "exec-timeout 0 0" command. Try to tweak this line to force logout idle session after X minutes.

I would recommend reserving one vty line for using an ACL to prevent yourself from being locked out.

access-list 1 permit

line vty 5

access-class 1 in

Sent from Cisco Technical Support iPhone App

Dr.X · ‎12-07-2011

thanks very much , i doubted with it from the beginning.