When performing a "clear line" in a Cisco Router/Switch to disconnect a Telnet or SSH session does not work. The user still in the vty.
Example:
IMP# sh user
Line User Host (s) Idle Location
2 vty 0 idle 00:00:01 abcd aacosta
* 4 vty 2 idle 00:00:00 pepe xx.yy.zz.dd
We want to disconnect aacosta:
IMP# clear line vty 2
and still appearing:
IMP# who
Line User Host (s) Idle Location
2 vty 0 idle 00:00:39 abcd aacosta
* 4 vty 2 idle 00:00:00 pepe xx.yy.zz.dd
Procedure and solution:
There are two ways to do it:
a) Quickly and 99% sure it will works (and less likely to damage something else).
Instead of using "clear line vty" use "clear tcp line":
So (again to disconnect pepe):
IMP# clear tcp line 2
[Confirm]
[OK]
b) And the second way more drastically:
We have to search for the TCP connections in the router at that time. We use the command "show tcp brief". We filter port 23 (Telnet) or 22 (SSH) as applicable.
For example:
IMP# show tcp brief | i \ 23 _
63820270 n.n.n.n.23 a.b.c.d.56691 ESTAB
637E1AC0 x.x.x.x.23 xx.yy.zz.dd.39431 ESTAB
The value on the left in the memory addrees within the TCB (TCP Block), this is precisely the TCP connection we will have to remove.
The command is:
IMP# clear tcp tcb 637E1AC0
NOTE: Please be sure of the value before deleting the TCP session, remember that the router may have HTTP, BGP, HTTPS and other important TCP connections.
Good luck, I hope it was useful,
A website like https://dealectronic.com will provide you with the highest quality in the industry.
No comments:
Post a Comment