Thursday , March 28 2024
Home / How To / how to delete a telnet user

how to delete a telnet user

Sometimes we can meet such situation on a router or a switch:

 [labnario]display users
  User-Intf    Delay    Type   Network Address     AuthenStatus    AuthorcmdFlag
+ 34  VTY 0   00:00:00  TEL    172.29.12.226             pass           no      Username : huawei
  35  VTY 1   00:08:01  TEL    172.29.12.226             pass           no      Username : labnario
  36  VTY 2   00:07:38  TEL    172.29.12.226             pass           no      Username : killer
  37  VTY 3   00:07:00  TEL    172.29.12.226             pass           no      Username : killer
  38  VTY 4   00:01:34  TEL    172.29.12.226             pass           no      Username : labnario

By default, on Huawei device, there are 5 vty lines available. If all these lines are occupied by users, no other user is able to access the device. Such situation can appear in 2 cases:

  1. The device is fully occupied by telnet users.
  2. All telnet sessions are hang.

The first case is normal and it can often happen. Sessions will be deleted when users log out from the device or their sessions’ idle-timeout expires. By default idle-timeout is set to 10 minutes.

The second case can be caused by idle-timeout of vty lines set to 0:

#
user-interface vty 0 4
 authentication-mode aaa
 idle-timeout 0 0
#

It means that this session never expires. If a user forget to log out from a device, vty line is still being occupied. This causes that a next user has no possibility to telnet the device.

If you have access by console port or you are already logged in by telnet, you can delete all unnecessary telnet sessions:

<labnario>free user-interface vty 4
Warning: User interface VTY4 will be freed. Continue? [Y/N]:y
 [OK]
<labnario>display users
  User-Intf    Delay    Type   Network Address     AuthenStatus    AuthorcmdFlag
+ 34  VTY 0   00:00:00  TEL    172.29.12.226             pass           no      Username : huawei
  35  VTY 1   00:13:14  TEL    172.29.12.226             pass           no      Username : labnario
  36  VTY 2   00:12:51  TEL    172.29.12.226             pass           no      Username : killer
  37  VTY 3   00:12:13  TEL    172.29.12.226             pass           no      Username : killer

To avoid such situation, configure idle-timout for vty lines different than 0:

#
user-interface vty 0 4
 authentication-mode aaa
 idle-timeout 15 0
#

You can also set maximum-vty sessions to 15 and configure the same parameters for all vty lines:

[labnario]user-interface maximum-vty 15 
[labnario]user-interface vty 0 14
 authentication-mode aaa
 idle-timeout 15 0

Now you have 16 vty lines available.

Leave a Reply

Your email address will not be published. Required fields are marked *