How do I telnet to a specific VTY line

you can't. if you have 5 vty lines (0-4), they fill up in the order of incoming telnet sessions

0 will be first, then 1, then 2...etc etc if someone telnets and they get vty 0, but they log out before your telnet session, you will then get vty 0

in the cisco text they tell

Telnet requires a password check. Different hardware platforms have different numbers

of vty lines defined. The range 0 through 4 is used to specify five vty lines. These

five incoming Telnet sessions can be simultaneous. The same password can be used for

all lines, or one line can be set uniquely. This often is used in large networks with many

network administrators. If a catastrophic problem occurs on a network and all common

vty lines are used, the one unique line can be reserved for recovery.

so how do i connect to the unique line

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ You configure one vty diffrently from the others to ensure no one can get to it but you. You do not specify the line, you merely insure the availability of at least one line.

To be exact, as I've just done it on one of my test 2500 router:

router1> en router1# conf t router1(config)# line vty 0 3 router1(config-line)#password general_access router1(config-line)#login router1(config-line)# line vty 4 router1(config-line) password emergency_access_only router1(config-line) login router1(config-line) exit router1(config)exit router1# %SYS-5-CONFIG_I: Configured from console by console copy run start

I think this is indeed in one of the Wendell Odom books, but can't find the reference right now.

PM

and how you would distinguish which vty is in use? (which password to use?) best guest - configure 2 sets of vty with different ACLs

Roman Nakhmanson

You would try the first one first, if that failed, the second.

Doan

HaHaHa - you got me on that one. How could I possibly miss THAT

ok, here comes some doubts ;-) in a company with the amount of network admins >=1 there is a BIG chance of people knowing ONLY the first OR the second, or more likely scenario with TACACS/RADIUS in place. Besides AFAIK you are not going to jump from ASSIGNED to your session vty just because you put a wrong password. The point is - on a normal day you could end up on EMERGENCY vty (if ACL are not in place) just because the other vtys were busy. The poster have asked how to RESERVE a vty from being used by regular activity. My opinion - only by using a dedicated (emergency) management terminal with an ACL.

Roman Nakhmanson

Yep, I'd agree with that. ACL pointing to s specific host using that "access-class" command. To check which vty lines are busy, that's "show sessions".

PM