My question is,is it possible to direct my telnet session to specific vty line..eg: telnet 192.168.1.10 VTY 2....so that i can give different passsword to different line...
- posted
17 years ago
My question is,is it possible to direct my telnet session to specific vty line..eg: telnet 192.168.1.10 VTY 2....so that i can give different passsword to different line...
you can't. if you have 5 vty lines (0-4), they fill up in the order of incoming telnet sessions
0 will be first, then 1, then 2...etc etc if someone telnets and they get vty 0, but they log out before your telnet session, you will then get vty 0in the cisco text they tell
Telnet requires a password check. Different hardware platforms have different numbers
of vty lines defined. The range 0 through 4 is used to specify five vty lines. These
five incoming Telnet sessions can be simultaneous. The same password can be used for
all lines, or one line can be set uniquely. This often is used in large networks with many
network administrators. If a catastrophic problem occurs on a network and all common
vty lines are used, the one unique line can be reserved for recovery.
so how do i connect to the unique line
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ You configure one vty diffrently from the others to ensure no one can get to it but you. You do not specify the line, you merely insure the availability of at least one line.
To be exact, as I've just done it on one of my test 2500 router:
router1> en router1# conf t router1(config)# line vty 0 3 router1(config-line)#password general_access router1(config-line)#login router1(config-line)# line vty 4 router1(config-line) password emergency_access_only router1(config-line) login router1(config-line) exit router1(config)exit router1# %SYS-5-CONFIG_I: Configured from console by console copy run start
I think this is indeed in one of the Wendell Odom books, but can't find the reference right now.
PM
and how you would distinguish which vty is in use? (which password to use?) best guest - configure 2 sets of vty with different ACLs
Roman Nakhmanson
You would try the first one first, if that failed, the second.
Doan
HaHaHa - you got me on that one. How could I possibly miss THAT
ok, here comes some doubts ;-) in a company with the amount of network admins >=1 there is a BIG chance of people knowing ONLY the first OR the second, or more likely scenario with TACACS/RADIUS in place. Besides AFAIK you are not going to jump from ASSIGNED to your session vty just because you put a wrong password. The point is - on a normal day you could end up on EMERGENCY vty (if ACL are not in place) just because the other vtys were busy. The poster have asked how to RESERVE a vty from being used by regular activity. My opinion - only by using a dedicated (emergency) management terminal with an ACL.
Roman Nakhmanson
Yep, I'd agree with that. ACL pointing to s specific host using that "access-class" command. To check which vty lines are busy, that's "show sessions".
PM
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.