Problems with VTY

ieasm0001 · ‎12-21-2011

Hi.

I can't login to my router using ssh, when i connected using console and entered "sh users" i saw next:

Line User Host(s) Idle Location

* 0 con 0 user idle 00:00:00

514 vty 0 Exec 00:00:00

515 vty 1 Exec 00:00:00

516 vty 2 Exec 00:00:00

517 vty 3 Exec 00:00:00

518 vty 4 Exec 00:00:00

my vty config:

line vty 0 4

exec-timeout 120 0

transport input ssh

escape-character 3

I tried kill sessions using "clear line ", "clear line vty", " sh tcp brief", in global config entered "no line vty 5 15" it was permitted, but i can't add line lines, when i configure new lines:

line vty 5 15

exec-timeout 120 0

transport input ssh

escape-character 3

nothing happen.

Router model: Cisco 2811

IOS: c2800nm-adventerprisek9-mz.124-22.T.bin

Somebody know, how i can kill this session and reconfigure line vty?

PS: reboot isn't welcome.

smitesh kharecha · ‎12-21-2011

Hi Maxim,

Do you have SNMP RW configured ?

If yes, can you post the output of below command

snmpwalk -v 2c - c tcpconnstate

Regards,

Smitesh

ieasm0001 · ‎12-21-2011

I done it:

iso.3.6.1.2.1.6.13.1.1.81.26.144.201.61746.81.26.144.193.179 = INTEGER: 5

smitesh kharecha · ‎12-22-2011

Hi Maxim,

Maxim Gusev wrote:

I done it:

iso.3.6.1.2.1.6.13.1.1.81.26.144.201.61746.81.26.144.193.179 = INTEGER: 5

Is this the only line which you get by issuing the said command.

If yes, then unfortunately this is not we are looking for as that says that only TCP connection state route does have as of now is on port 179 (which is of BGP, btw).

If no, then can you share the complete output of the said command.

Also, can you once more share the results of the following:

show caller ip

show user

show run | sec vty

Regards,

Smitesh

ieasm0001 · ‎12-23-2011

show caller ip output:

#show caller ip

Line User IP Address Local Number Remote Number <->

#

show users output:

#sh users

Line User Host(s) Idle Location

* 0 con 0 ieasm idle 00:00:00

514 vty 0 Exec 00:00:00

515 vty 1 Exec 00:00:00

516 vty 2 Exec 00:00:00

517 vty 3 Exec 00:00:00

518 vty 4 Exec 00:00:00

Interface User Mode Idle Peer Address

#

show run | sec vty output:

#sh run | sec line vty

line vty 0 4

exec-timeout 120 0

transport input ssh

escape-character 3

#

smitesh kharecha · ‎12-23-2011

Hi Maxim,

Do didn't unanswered my question about output of the command snmpwalk, whether that was the only line you were seeing or more lines followed.

Still, can you do the following

(config)line vty 0 4

session-timeout 1

end

HTH,

Smitesh

Rozsa Illes · ‎12-28-2011

Hello Maxim,

The output seems very strange with no user listed and all lines having the idle time as 00:00:00. I am not clear if you tried the following as you mentioned that you did a show tcp brief. Does it list any connection on the vty lines? It should list a TCB number for every connection and it is possible to clear the lines via:

clear tcp tcb

Warm Regards,

Rose

ieasm0001 · ‎12-28-2011

After "sh tcp brief" i don't see line sessions becouse i don't have a target to kill with "clear tcp tcb " command.

Rozsa Illes · ‎12-29-2011

Hello Maxim,

Was this working before?

Aside from what I mentioned and what you already tried, I cannot think of other ways to clear the lines. Maybe we can try to zeroize the RSA key and create a new one.

I am also wondering if you get any message and if you would prefer to do some debugging like if regenerating the RSA key does not help either:

debug ip ssh

debug ip tcp transaction / packet vty ?

Warm Regards,

Rose