what command? Here is sh line before and after the second host telenets in
before edu-cer-3750A#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0
0 -After second host telnet in edu-cer-3750A#show line Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int 0 CTY - - - - - 0 0
0 -edu-cer-3750A#
The "show access-list 1" command. Are you getting hits on the ACL?
Doan
UPGRADE THE IOS SOFTWARE !!!
I suspect you have stepped on this bug:
CSCed10210
Headline access-class on vty fails to secure vty after reboot Product IOS Feature OTHERS Components Duplicate of Severity 2 Severity help Status Verified Status help First Found-in Version 12.1(14)EA1 All affected versions First Fixed-in Version 12.2(18)SE, 12.1(19)EA1a, 12.1(20)EA1, 12.2(20)SE,
12.1(14)AX1 Version help Release NotesSymptom: A Catalyst 3750 or 2970 switch running 12.1(19)EA1 or earlier may allow telnet sessions to the device from unauthorized hosts with an access-class applied inbound to the vty lines.
Thie issue occurs only after a reboot and only if a keystroke has not been echoed to the console port. After the console port has received a single character from some kind of terminal, the access-class applied to the vty will activate and filter any new inbound connections.
The configuration under the vty will look similar to this: line vty 0 4 password cisco access-class 3 in login ! access-list 3 permit host 10.1.1.1 access-list 3 deny any
When this configuration is applied, any host will be able to telnet to the switch until at least a character is sent to the console port.
Conditions: This only affects Catalyst 3750 and 2970 switches running 12.1(19)EA1 or earlier. This does not affect any other product.
Workaround:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.