Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1730
Views
10
Helpful
6
Replies

Unable to SSH switch due to no exec timeout set

chrismalone07
Level 1
Level 1

‎09-22-2015 03:20 AM - edited ‎03-08-2019 01:53 AM

Hi, it looks as though someone as set no exec timeout on the VTY lines of a remote switch.  We are unable to connect to this now via SSH even though it is up and running.  Looking at the configuration backups I can see that the no exec timeout command has been set on the VTY lines.  We don't have any IT presence on site at the moment and it looks as though the reason that we can't log on is due to idle users sessions using up all of the lines, would be my guess.

 

Does any one know of a way we can remotely clear these sessions without having to console onto this device or if this is in fact what is most likely the problem?

 

Labels:
0 Helpful
6 Replies 6

John Blakley
VIP Alumni
VIP Alumni

‎09-22-2015 03:44 AM

If you're not able to get a connection at all (your window pops up and then goes away - in the case of using putty), I'd venture to guess that it's due to the lines being taken up. No exec-timeout shouldn't have any effect on you being able to get into the device. There's no way that I know of to remotely clear them without being able to get into the device aside from rebooting it...

 

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Steve Fuller
Level 9
Level 9

‎09-22-2015 03:48 AM

Hi,

Do you have SNMP Read-Write access? If so then follow the procedure in How to Detect and Clear Hung TCP Connections using SNMP.

Regards

 

chrismalone07
Level 1
Level 1
In response to Steve Fuller

‎09-22-2015 04:07 AM

Hi Steve,

 

Thanks for your reply.  We have SNMP R/W access, however, do I need to install Perl in order to run this clear TCP session command?

0 Helpful

Steve Fuller
Level 9
Level 9
In response to chrismalone07

‎09-22-2015 05:15 AM

Hi,

You don't need Perl. As long as you have a host with snmpwalk and snmpset you should be OK. The process is essentially the following:

snmpget -c <rw_community> <device_name> .1.3.6.1.4.1.9.9.6.1.1.1.9

This will return a value that is the concatenation of the destination and source IP address and TCP ports. For example:

CISCO-SMI::ciscoMgmt.6.1.1.9.D.D.D.D.22.S.S.S.S.60239 = INTEGER: 376

In the above D.D.D.D is the destination IP address and S.S.S.S is the source IP address. The 22 is the destination TCP port (SSH in this case) and 60239 is the source TCP port.

You then run snmpset against the tcpConnState OID (.1.3.6.1.2.1.6.13.1.1) with the value from the snmpwalk concatenated. For example:

snmpset –c <rw_community> <device> .1.3.6.1.2.1.6.13.1.1.D.D.D.D.22.S.S.S.S.60239 integer deleteTCB

 

Regards

devils_advocate
Level 7
Level 7

‎09-22-2015 06:45 AM

A reboot or a console would be the only thing I can think of.

 

0 Helpful

Steve Fuller
Level 9
Level 9
In response to devils_advocate

‎09-22-2015 06:53 AM

Hi devils_advocate,

Take a read of How to Detect and Clear Hung TCP Connections using SNMP that I posted earlier. It shows how to clear VTY sessons using SNMP, which I summarised in a later response.

Regards

0 Helpful
Customers Also Viewed These Support Documents