Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 2501 and the default VTY telnet ports

Status
Not open for further replies.
Rookcr

Rookcr

MIS
Joined
Aug 12, 2002
Messages
325
Location
US
Good day,

A quick question that should be easy for someone but the answer escapes me.

I have serveral Cisco 2501 routers in my company. Thay all have the default 5 Telnet or VTY terminals enabled. How would I reduce that number to just one or two?

Thanks,

Rook
 
Sort by date Sort by votes
hi, if I'm not mistaken, you can reduce that by specifying

line vty 0 1

instead of

line vty 0 4

Now you've got only two incoming telnet connections max.
 
Upvote 0 Downvote
So I type it just like that in the config t?

I will give it a try.
 
Upvote 0 Downvote
You probably need to remove your previous settings with the no command first. (This will probably disconnect you if you are remotely connected)

(config) no line vty 0 4
or something similar should do it.
 
Upvote 0 Downvote
Well I have had no luck. I cannot remove the router tellme me I am unable to remove the last 5 tty lines. I have even tried to seperate the line tty 0 1 and the line tty 2 4 and remove with the no command 2 4 and I am having no luck.

Any ideas.
 
Upvote 0 Downvote
Rook,

Since the router will not allow you to delete vty connections I see only two other options for this to work to your benifit.

First suggestion would be to go into config mode then go into line vty 0 4 and enter the following command session-limit 2 (this will allow you to define that at any given time that only to telnet sessions can be opened.

The second option would be to configure login and passwords for vty 0 1 and do not set login information for vty 2 4. This will cause the vty connections to require a login and if ones not set then it will not allow for a password to be entered. Caution: I believe you will still need to set the password for vty 2 4 but just dont put in the command login for vty 2 4.

I hope this helps you.
 
Upvote 0 Downvote
Everyone. Thanks for the input. I did a workaround and let me know what you think.

I did the following:

line vty 0 1
password
exec-timeout
login

and so on.

line vty 2 4
login
no password

This allows for someone to try to connect then it dumbs that user. what do you think?
 
Upvote 0 Downvote
Rooker,

Thats excellent. With Cisco Routers if you asign a password but do not put the command login in the settings it will disconnect the user stating that the password is set but unable to login. My only concern with what you put is that you allow someone to login but dont require them to enter a password. Have you tested this with telnet sessions to see if it works.
 
Upvote 0 Downvote
It works. My 1st 2 sessions login and then the 3rd or more cancel out with the login no password set.
 
Upvote 0 Downvote
Sounds great, thank you for the info. Someday I may need this info and now I know.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
316
Blackybear
Blackybear
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
555
CPM86
CPM86
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
397
badwolf1686
B
pbxcomm
  • Locked
  • Question Question
CISCO VG450
Replies
1
Views
809
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
791
madwok
madwok

Part and Inventory Search

Sponsor

Back
Top