Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't telnet anymore - NTP problem? 1

Status
Not open for further replies.

gmail2

Programmer
Joined
Jun 15, 2005
Messages
987
Location
IE
We have a router which used to provide NTP data to one of our Domain Controllers. Recently the domain controller didn't seem to be getting time from the router - and at the same time we were no longer able to telent to it (there's no firewall blocking telnet). Is it possible that if the time is out of sync between the router and the client that you can't telnet to the router?
 
The only reason why you wouldnt be able to telnet to it was if it was running something like tacacs/aaa , but even then i dont know if time sync would stop you telnetting to it........

Sounds basic, but can you console on to it? Teh router hasnt locked up or rebooted into ROMMON or something?
 
Yea I can console into it - the router works fine as a router, I just can't telnet to it for some reason. What's tacas and aaa? When I do show run I can see the following in the config:
Code:
aaa new-model
!
!
aaa authentication login default local
aaa session-id common
ip subnet-zero
Could this be anything to do with it? We were able to telnet to it fine until recently though.
 
You will also need a user configured in global config:

username cisco password cisco

The VTY lines should be using the default login unless you have changed it:

line vty 0 4
login authentication defualt

You could also check whether the VTY lines are just in use:

show line

You will see an asterix next to each line that is in use.

HTH

Andy
 
ABD100 - you might have hit on something there. All teh VTY lines are in use for some reason. How can I "kill" those off? Or find out what IP they're coming from?
 
Sorry - just found the command: show users. When I done this it gave me the info that I needed. All 5 of the telnet sessions have been active for over 3 weeks !! Is it possible that IOS wasn't "releasing" the session after the user exited?
 
It could be - the default inactivity timeout is 10 minutes, this can be changed so there is no inactivity timeout:

line vty 0 4
no exec-timeout

You can manually clear the sessions by typing 'clear line x' where 'x' is the line you want to clear from the 'show line' command.

HTH

Andy
 
Yea, I figured out how to clear the "orphaned" sessions but thanks anyway. In our config, I've got
line vty 0 4
exec-timeout 0 0
Does this mean the connections never time out? For con 0 and aux 0 I don't have this and the console connection definitely times out. If there was no timeout on the telnet sessions could this be why they never got cleared?
 
Yes the 'exec-timeout 0 0' is the same as 'no exec-timeout'. The inactivity timer is disabled so any sessions not 'cleanly' exited will lock up the VTY line. restore the defaults with:

line vty 0 4
exec-timeout 10 0

HTH

Andy
 
Yea, that makes sense. But why is it that there's no timeout set for aux and still that connection times out?
 
Post the config - or at least the parts from 'line con 0' onwards.

Andy
 
Sorry, I'm out of the office at the moment so I can't access the router. But I think I understand now. I change the config to exec-timeout 10 0 and the exec-timeout 0 0 dissappeared from the running config. So it looks like by setting it to 10 minutes I restored it back to default and therefore it doesn't get show? One last question, when I enter exec-timeout 10 0 - what does the 0 mean (ie the second number)?

Thanks for all your posts, you've been so helpful.
 
Yes, you are correct - if you entered 'exec-timeout 10 0' you restored the default so it no longer appears in the config. The second value is seconds, so by default the idle timeout is 10 minutes and 0 seconds.

Andy
 
seems so obvious when you put it like that !!!!!

Thanks again for all your help, much appreciated.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top