03-17-2009 08:22 AM - edited 03-06-2019 04:38 AM
Dear Friends,
I wanted to restrict line vty access to the core / dist devices. My purpose is to restrict the number of sessions to each device as 6 (3 for telnet and 3 for ssh).
This is the config that i am planning to use. Can you please help me know if this is correct.
line vty 0 2
transport input ssh
line vty 3 5
transport input telnet
line vty 5 15
no exec
transport input none
I also wanted to know how exactly are sessions allocated. As per the above config, will the first ssh user get allocated to line 0 and the first telnet user allocated to line 3? Is that the way it works.
Thanks a lot
Gautam
Solved! Go to Solution.
03-17-2009 09:36 AM
03-17-2009 08:29 AM
Gautam,
Sessions will be allocated sequentially per the protocol support. In other words, if you attempt to ssh, line 0-2 will offer this service and most likely if you are the only person connection, you will be given line vty 0.
If you attempt to telnet, it will fail on line vty 0-2 but succeed with line vty 3-5.
BTW, you can eliminate 5-15 with no line vty 5 15 command.
HTH,
__
Edison.
03-17-2009 08:38 AM
Thanks Edison. But will my telnet session land automatically on vty 3 if i am the first telnet user?
03-17-2009 09:36 AM
Yes.
__
Edison.
03-17-2009 11:42 PM
Dear Edison,
When i tried to say no line vty 6 15, it gave me the error message
% Can't delete last 16 VTY lines
I believe there is some platform limitation on this. Hence, i went with no exec and the transport input none command on these lines.
Thanks a lot again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide