Solved: Re: Restricting line vty

gautamzone · ‎03-17-2009

Dear Friends,

I wanted to restrict line vty access to the core / dist devices. My purpose is to restrict the number of sessions to each device as 6 (3 for telnet and 3 for ssh).

This is the config that i am planning to use. Can you please help me know if this is correct.

line vty 0 2

transport input ssh

line vty 3 5

transport input telnet

line vty 5 15

no exec

transport input none

I also wanted to know how exactly are sessions allocated. As per the above config, will the first ssh user get allocated to line 0 and the first telnet user allocated to line 3? Is that the way it works.

Thanks a lot

Gautam

Edison Ortiz · ‎03-17-2009

Yes.

__

Edison.

View solution in original post

Edison Ortiz · ‎03-17-2009

Gautam,

Sessions will be allocated sequentially per the protocol support. In other words, if you attempt to ssh, line 0-2 will offer this service and most likely if you are the only person connection, you will be given line vty 0.

If you attempt to telnet, it will fail on line vty 0-2 but succeed with line vty 3-5.

BTW, you can eliminate 5-15 with no line vty 5 15 command.

HTH,

__

Edison.

gautamzone · ‎03-17-2009

Thanks Edison. But will my telnet session land automatically on vty 3 if i am the first telnet user?

Edison Ortiz · ‎03-17-2009

Yes.

__

Edison.

gautamzone · ‎03-17-2009

Dear Edison,

When i tried to say no line vty 6 15, it gave me the error message

% Can't delete last 16 VTY lines

I believe there is some platform limitation on this. Hence, i went with no exec and the transport input none command on these lines.

Thanks a lot again