Solved: Securing line vty

johnlloyd_13 · ‎06-14-2011

hi all,

im going to add an ACL on our switches to secure its vty lines. please advise if i need to secure 0-15 or all 871 vty lines. thanks in advance!

Switch(config)#line vty ?

<0-871> First Line number

Switch#show user all

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

129 aux 0 00:00:00

130 vty 0 00:00:00

131 vty 1 00:00:00

132 vty 2 00:00:00

133 vty 3 00:00:00

134 vty 4 00:00:00

135 vty 5 00:00:00

136 vty 6 00:00:00

137 vty 7 00:00:00

138 vty 8 00:00:00

139 vty 9 00:00:00

140 vty 10 00:00:00

141 vty 11 00:00:00

142 vty 12 00:00:00

143 vty 13 00:00:00

144 vty 14 00:00:00

145 vty 15 00:00:00

Interface User Mode Idle Peer Address

Peter Paluch · ‎06-14-2011

John,

You do not need to secure those VTYs which are not created. Your output suggests that only VTYs 0 through 15 are created, so secure only those. The higher-numbered VTYs are not currently created, therefore, it is not even possible to connect to them. Therefore it is not necessary to secure them.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎06-14-2011

John,

You do not need to secure those VTYs which are not created. Your output suggests that only VTYs 0 through 15 are created, so secure only those. The higher-numbered VTYs are not currently created, therefore, it is not even possible to connect to them. Therefore it is not necessary to secure them.

Best regards,

Peter

johnlloyd_13 · ‎06-14-2011

hi peter,

cool! thanks a lot for your response!