Showing results for 
Search instead for 
Did you mean: 

Cannot access vty lines after ldp neighbor drop

Was able to access 2821 router fine. Using access-class on vty lines and login using aaa. We are running bgp/mpls over one of the links. The bgp neighbor timed out and dropped for a couple of minutes but reestablished soon after. Everything came back up and is working fine, except vty access.

I cannot telnet or ssh to the router from inside or outside. I can still access via console, it is still functioning fine, can ping, traceroute etc. We are using it for voip phones and they are all functioning fine. Logging in on the console still uses the aaa server credentials, so that is fine. SNMP still working fine.

Still plenty of memory available, cpu usage is low.

When i try to access it from a host that is not allowed in the access-class, it gets refused and logged.

But there is no response when trying to access otherwise.

when i debug telnet or ssh, nothing ever gets logged.

I cannot simply reload the router, not without some planning/notifying etc.

Any ideas on what may be the cause, and steps to remedy? Otherwise, i will try to schedule a reload and see if that helps.




reloaded the router, no change. Still cannot access vty lines.

Do not think is is access-class related. When i try to access, the hit counters increment in the access-list. Also, when i remove the access-class, i still cannot access.

This all just happened suddenly without any configuration changes.  I am out of ideas. anyone else experience this, where you could no longer access vty lines?

Hopefully someone has some input.


Emmanuel Valdez


I have a similar issue with a Catalyst 4500 many time ago, the problem was directly on the line vty's for some reason when I exit the session the line vty were not clear, after weeks of access I could not login anymore because all the lines were used, I only have to clear the lines from the console.

Issue the show users command maybe it is a similar problem but the reload had to clear the lines.


Sent from Cisco Technical Support iPhone App

Still no resolution to this issue. I have a Terminal server connected to the console port, so i have access now, but still cannot ssh or telnet as before.

On a side note, I just tried enabling http and https server, both are unresponsive just like the telnet and ssh access.

I've tried configuring control-plane host management-interface. No response still

No connection refused message, it just does nothing.


Could you share the configuration on the router? Also please enable debug aaa authetication and run test aaa group tacacs+ leg and share the result



Please rate when applicable or helpful !!!

user was successfully authenticated

don't think authentication is the issue. I can still log in to the console using my ACS credentials.

Will get config up shortly.

Content for Community-Ad