Re: VTY lines

launchnow · ‎06-03-2022

Is there such thing as VTY line groups? like, 0 4 or 5 15? yes there are but are they really groups? Can you put different configurations in them?

But that would me that a user has to log in to a particular group. How is that done?

Or do users automatically get VTY lines sequentially? Therefore of course there are no groups?

HAVE NO IDEA WHAT LABELS ARE!!!!!

launchnow · ‎06-03-2022

mean

@launchnow wrote:
Is there such thing as VTY line groups? like, 0 4 or 5 15? yes there are but are they really groups? Can you put different configurations in them?
But that would me that a user has to log in to a particular group. How is that done?
Or do users automatically get VTY lines sequentially? Therefore of course there are no groups?

HAVE NO IDEA WHAT LABELS ARE!!!!!

MHM Cisco World · ‎06-03-2022

absolutely yes you can make different config for each group and config different password for each one.
please see below comment

launchnow · ‎06-03-2022

OK so here is the excruciating, maddening, obvious question that is not seen anywhere: How does a user direct his connection to a particular group? And if he does not then what group is used? Thanks

MHM Cisco World · ‎06-03-2022

please see below comment

launchnow · ‎06-03-2022

WHAT? He will direct to this group?

Thanks for your reply.

What will he write to use group "line vty 5 15"? Or "line vty 16 20"?

MHM Cisco World · ‎06-03-2022

I do small lab and I see exactly what you mention about the group and how we can control which group we hit when telnet,
router select VTY one by one and when select first group first line you need right password for it to telnet and if you failed then the router will not go to other group and try group password
BUT
workaround is in this link
http://brbccie.blogspot.com/2014/01/mini-vty-rotary_5.html

where we will use port with telnet to make router select the group we want.

Richard Burts · ‎06-04-2022

Let me first address what appears to be "groups" of vty lines. In early versions of IOS there were 5 vty lines (0 through 4). Then Cisco expanded the number of vty lines (typically to 16 but other number of vty is possible). In the output of show commands the vty 0 4 are separated from vty 5 15 which suggests a grouping. I am not sure why it is this way and assume that it is to provide backwards compatibility.

There is not anything inherently different between vty 0 4 and vty 5 15. But it is possible to configure them differently. For example you might configure vty 0 4 with transport input telnet and configure vty 5 15 with transport input ssh. The result is that any user connecting to the device using telnet would connect to 0 4 (and could not connect to 5 15) while a user connecting to the device using ssh would connect to 5 15 (and could not connect to 0 4).

HTH

Rick

Flavio Miranda · ‎06-04-2022

Hi

If you are running IOS XE 17.4 or newer, you can have many possibilities when grouping Line VTY:

"Starting with Cisco IOS XE 17.4.1 release, you can use the no line auto-consolidation command, in the global configuration mode, to disable the auto consolidation of LINE commands. Auto consolidation is enabled by default. To disable it use the no form of the command. "

Device#show run | sec line

line vty 0 4
transport input ssh

line vty 5 9
transport input all

Device#configure terminal
Device(config)#no line auto-consolidation
Device(config)#line vty 10 15
Device(config-line)#transport input all
Device(config-line)#end

Device#show run | sec line
no line auto-consolidation

line vty 0 4
transport input ssh

line vty 5 9
transport input all

line vty 10 15
transport input all
!

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/17-4/configuration_guide/sys_mgmt/b_174_sys_mgmt_9300_cg/line_auto_consolidation.html