We have a router which used to provide NTP data to one of our Domain Controllers. Recently the domain controller didn't seem to be getting time from the router - and at the same time we were no longer able to telent to it (there's no firewall blocking telnet). Is it possible that if the time is out of sync between the router and the client that you can't telnet to the router?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Can't telnet anymore - NTP problem? 1
- Thread starter gmail2
- Start date
The only reason why you wouldnt be able to telnet to it was if it was running something like tacacs/aaa , but even then i dont know if time sync would stop you telnetting to it........
Sounds basic, but can you console on to it? Teh router hasnt locked up or rebooted into ROMMON or something?
Sounds basic, but can you console on to it? Teh router hasnt locked up or rebooted into ROMMON or something?
- Thread starter
- #3
Yea I can console into it - the router works fine as a router, I just can't telnet to it for some reason. What's tacas and aaa? When I do show run I can see the following in the config:
Could this be anything to do with it? We were able to telnet to it fine until recently though.
Code:
aaa new-model
!
!
aaa authentication login default local
aaa session-id common
ip subnet-zero-
1
- #4
You will also need a user configured in global config:
username cisco password cisco
The VTY lines should be using the default login unless you have changed it:
line vty 0 4
login authentication defualt
You could also check whether the VTY lines are just in use:
show line
You will see an asterix next to each line that is in use.
HTH
Andy
username cisco password cisco
The VTY lines should be using the default login unless you have changed it:
line vty 0 4
login authentication defualt
You could also check whether the VTY lines are just in use:
show line
You will see an asterix next to each line that is in use.
HTH
Andy
- Thread starter
- #5
- Thread starter
- #6
It could be - the default inactivity timeout is 10 minutes, this can be changed so there is no inactivity timeout:
line vty 0 4
no exec-timeout
You can manually clear the sessions by typing 'clear line x' where 'x' is the line you want to clear from the 'show line' command.
HTH
Andy
line vty 0 4
no exec-timeout
You can manually clear the sessions by typing 'clear line x' where 'x' is the line you want to clear from the 'show line' command.
HTH
Andy
- Thread starter
- #8
Yea, I figured out how to clear the "orphaned" sessions but thanks anyway. In our config, I've got
line vty 0 4
exec-timeout 0 0
Does this mean the connections never time out? For con 0 and aux 0 I don't have this and the console connection definitely times out. If there was no timeout on the telnet sessions could this be why they never got cleared?
line vty 0 4
exec-timeout 0 0
Does this mean the connections never time out? For con 0 and aux 0 I don't have this and the console connection definitely times out. If there was no timeout on the telnet sessions could this be why they never got cleared?
- Thread starter
- #10
- Thread starter
- #12
Sorry, I'm out of the office at the moment so I can't access the router. But I think I understand now. I change the config to exec-timeout 10 0 and the exec-timeout 0 0 dissappeared from the running config. So it looks like by setting it to 10 minutes I restored it back to default and therefore it doesn't get show? One last question, when I enter exec-timeout 10 0 - what does the 0 mean (ie the second number)?
Thanks for all your posts, you've been so helpful.
Thanks for all your posts, you've been so helpful.
- Thread starter
- #14
- Status
