Your VPS Server!

Friday, January 4, 2013

Cisco clear line does not work

Case:
When performing a "clear line" in a Cisco Router/Switch to disconnect a Telnet or SSH session does not work. The user still in the vty.

Example:


IMP# sh user
Line User Host (s) Idle Location
2 vty 0 idle 00:00:01 abcd aacosta
* 4 vty 2 idle 00:00:00 pepe xx.yy.zz.dd

We want to disconnect aacosta:
IMP# clear line vty 2


and still appearing:


IMP# who
Line User Host (s) Idle Location
2 vty 0 idle 00:00:39 abcd aacosta
* 4 vty 2 idle 00:00:00 pepe xx.yy.zz.dd


Procedure and solution:
There are two ways to do it:

a) Quickly and 99% sure it will works (and less likely to damage something else).
Instead of using "clear line vty" use "clear tcp line":

So (again to disconnect pepe):

IMP# clear tcp line 2
[Confirm]
[OK]

b) And the second way more drastically:

We have to search for the TCP connections in the router at that time. We use the command "show tcp brief". We filter port 23 (Telnet) or 22 (SSH) as applicable.  
For example:

IMP# show tcp brief | i \ 23 _
63820270  n.n.n.n.23        a.b.c.d.56691     ESTAB
637E1AC0  x.x.x.x.23             xx.yy.zz.dd.39431   ESTAB

The value on the left in the memory addrees within the TCB (TCP Block), this is precisely the TCP connection we will have to remove.
 
The command is:

IMP# clear tcp tcb 637E1AC0

NOTE: Please be sure of the value before deleting the TCP session, remember that the router may have HTTP, TCP connections, and other important TCP connections.

Good luck, I hope it was useful,

1 comment: