how to delete a telnet user

Sometimes we can meet such situation on a router or a switch:

[labnario]display users
  User-Intf    Delay    Type   Network Address     AuthenStatus    AuthorcmdFlag
+ 34  VTY 0   00:00:00  TEL    172.29.12.226             pass           no      Username : huawei              
  35  VTY 1   00:08:01  TEL    172.29.12.226             pass           no      Username : labnario            
  36  VTY 2   00:07:38  TEL    172.29.12.226             pass           no      Username : killer              
  37  VTY 3   00:07:00  TEL    172.29.12.226             pass           no      Username : killer              
  38  VTY 4   00:01:34  TEL    172.29.12.226             pass           no      Username : labnario

By default, on Huawei device, there are 5 vty lines available. If all these lines are occupied by users, no other user is able to access the device. Such situation can appear in 2 cases:

  1. The device is fully occupied by telnet users.
  2. All telnet sessions are hang.

The first case is normal and it can often happen. Sessions will be deleted when users log out from the device or their sessions’ idle-timeout expires. By default idle-timeout is set to 10 minutes.

The second case can be caused by idle-timeout of vty lines set to 0:

user-interface vty 0 4
 authentication-mode aaa
 idle-timeout 0 0

It means that this session never expires. If a user forget to log out from a device, vty line is still being occupied. This causes that a next user has no possibility to telnet the device.

If you have access by console port or you are already logged in by telnet, you can delete all unnecessary telnet sessions:

<labnario>free user-interface vty 4
Warning: User interface VTY4 will be freed. Continue? [Y/N]:y
 [OK]
display users
  User-Intf    Delay    Type   Network Address     AuthenStatus    AuthorcmdFlag
+ 34  VTY 0   00:00:00  TEL    172.29.12.226             pass           no      Username : huawei              
  35  VTY 1   00:13:14  TEL    172.29.12.226             pass           no      Username : labnario            
  36  VTY 2   00:12:51  TEL    172.29.12.226             pass           no      Username : killer              
  37  VTY 3   00:12:13  TEL    172.29.12.226             pass           no      Username : killer

To avoid such situation, configure idle-timout for vty lines different than 0:

user-interface vty 0 4
 authentication-mode aaa
 idle-timeout 15 0

You can also set maximum-vty sessions to 15 and configure the same parameters for all vty lines:

[labnario]user-interface maximum-vty 15 
[labnario]user-interface vty 0 14
 authentication-mode aaa
 idle-timeout 15 0

Now you have 16 vty lines available.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s