How to reduce number of set VTYs?

[wwwmario]

Hello,

I inherited a pretty old 2501 (IOS 10.2-need HW upgr to updt); and there are 178 VTYs set on it (0-177).

As IOS states everytime, this may impact performance (and anyway, who needs them?); so I'd like to reduce the configured number back to 5.

Searched cisco.com, forums, google, whatever and didn't
find how to do it...

Anyone has the solution?

Thanks you

/Mario

 

[rburke]

Well, it is realy easy, at least in IOS 12.2. All you do is go into global config mode (configure terminal) and use hte "no" command in front of the vty lines you want to delete. example:

router# conf t
router(config)# no line vty 5 177
router(config)# exit
router#

and it should be done. I tihnk that you will need to delete them in the groups they are in, so if it is grouped 5 10, etc, then you would have to delete each grouping, but it is worth a try to delete all at once. Hope this helps, let me know....

Burke

 

[wwwmario]

Hi Burke,

although cisco thingies weren't my childhood playground,
I guessed that could be a way as to add lines you just do:

router(config)#line vyt xx xx and add them, but it doesn't work...

strange thing is that at the router(config)#line ? command, I get:

<0-6> First Line number
aux Auxiliary line
console Primary terminal line
vty Virtual terminal

and then once I enter the vyt I get the 0-177...

why it displays the 0-6 range?
what are groupings?

I want to get rid of those vtys...

Ciao

/Mario

 

[rburke]

go ahead and post your config so I can see it and tell you exactly how to remove the vtys. Just do a &quot;show run&quot; and post what prints out.

Burke

 

[wwwmario]

Hi Burke,

you know what? in this IOS release there isn't sh run command...

when I make changes, first I use &quot;write mem&quot; (there's no &quot;copy run st&quot; as well); and then sh conf.. bah?!

anyway, here it is:

rtr-iconmedialab#sh conf
Using 10518 out of 32762 bytes
!
version 10.2
service password-encryption
!
hostname rtr-iconmedialab
!
enable password xxxxxxxxxxxxxxxxxxxxxx
!
ip subnet-zero
!
interface Ethernet0
description Ethernet LAN to ext-fw.cdn.lan
ip address 192.168.100.3 255.255.255.248
ip mask-reply
no ip directed-broadcast
no ip proxy-arp
!
interface Serial0
description WAN
no ip address
no ip directed-broadcast
encapsulation frame-relay IETF
bandwidth 256
shutdown
hold-queue 60 out
!
interface Serial1
no ip address
shutdown
!
ip name-server 10.2.1.6
ip route 10.2.1.0 255.255.255.0 192.168.100.1
ip route 192.168.255.8 255.255.255.252 192.168.100.4
ip route 172.41.15.0 255.255.255.0 192.168.100.4
no logging console
banner motd ^C

note that this is just a playground cisco... it's not connected to anything but the e0...

Thans pal,

/Mario

 

[wwwmario]

Yup! 1 more thing...

If I enter router(config)# no line vty 1 177
the cisco responds it can't delete the last five lines,
which lets me suppose actually this is the command...

if I make a sh conf, vty 0 through 4 are displayed,
but still if I got to (config)#line vty ? I have 0-177...

Maybe I'm just going crazy for something that isn't there,
I don't know... point is that the other cisco (IOS 12) doesn't behave the same way...

Ciao again,

/Mario

 

[tadiman]

When you do a 'line vty ?' it is showing you the possible values that can be entered (command line help). The 'sh conf' confirms that only 5 are defined.

 

[rburke]

Ok,

As long as the &quot;show conf&quot; does not have the 177 then it is ok, when you do the &quot;line vty ?&quot;, it shows the 177 because that is the max number you can have. I tested it with my 2514 with IOS 12.2:

p.gateway(config)#line vty ?
<0-197> First Line number

&quot;show run&quot;

...
line con 0
exec-timeout 60 0
logging synchronous
transport input none
line aux 0
line vty 0 4
password xxxxxx
absolute-timeout 60
login
...

So as long as it isn't in the &quot;show conf&quot; then you are ok, it isn't wasting processing power because it doesn't have any kind of config for the lines above 4. Hope this helps, let me know...

Burke

 

[NewbieGirl]

Actually, I'm having the same problem. I get a weird message when I tried to delete 5-15.

2912xl-s(config)#no line vty 5 15
% Can't delete last 16 VTY lines
----------------------------------
line con 0
password telnet
transport input none
stopbits 1
line vty 0 4
password telnet
login
line vty 5 15
login
!
end
Thanks,
Danielle

 

[rburke]

Ok, if the IOS comes back and says you can't delete the last 5 or 16 lines (or any other number) then that means that those are the default that the IOS makes you leave open. In the case of the router it makes you leave 5 open (0-4) and in hte case of the switch (I have a 2924, same thing as you) you have to leave 16 open (0-15). I don't particularly understand why Cisco decided to hard code that into their IOS but that is the way it is. So, there isn't anything wrong with the switches/routers that people have posted about, it is just a little odd, but everyone has the same odd thing so it is ok. Hope this helps....Let me know...

Burke

 

[NewbieGirl]

I'll take your word for it rburke, since I'm new to routing and switching. Thanks,
Danielle

 

[wwwmario]

Okey dokey, thanks man.

I was starting to thinking that actually I was seeing something it wasn't there...

I was tricked by the other 2500 which is running IOS 12,
that has default 0-4 instead...

Since I have the customer's 2500 IOS 11.0 here, I think I'll
go on and use it to upgrade mine, but 90% I'll need a hardware upgrade...

just checked... I do need it

My 2500 has 1024K RAM and a 4096K Flash;
The 11.0 2500 has 2048K RAM and 8192K Flash...

Do you know where can I quickly/easily find flash upgrade for it?

Do I have to expand also RAM? If so can I use standard
(SIMM? -compatible specs-) modules?

Thanks Burke!

/Mario

 

[rburke]

The easiest place to find Cisco 2500 flash and RAM is on Ebay. Just do a search for &quot;Cisco 2500 DRAM&quot; and &quot;Cisco 2500 flash&quot; and you will get all kinds of hits. I would recommend upgrading your RAM to 16 MB, and the flash to at least 8MB, if not 16 MB(really depends on how much you want to spend.) The flash is the more expensive of the two. Hope this helps...

Burke

 

[wwwmario]

Yup Burke!

I saw another post you made somewhere else on the forum,
so I checked Kingston and the flash/dram aren't expensive,
but they don't sell/ship online purchase outside US

You know, usually is less common to find quick ways (online);
to purchase the stuff you're looking for in Europe;
and I don't want to speak to dumb salesguys either...

I managed to find em offline new from Kingston @ few Euros..

Thanks anyway to put me in the right direction...

Let's begin a new chapter now...

I got here another 2500 from a customer, but they shipped it
here already config'd, so I can't check anything

Is there a way to friendly force into it? ...mhmm... maybe it's not a topic...

Ciao

/Mario

 

[rburke]

NO, the only way you would be able to get into the config was if the customer gave you the password. (Assuming that they even know it) If not then you can do a password recovery but it will erase the config, so if the customer has a backup file with their config (which hopefully they will) then you could use the password recovery to reset the enable password and then put their config in again. But there isn't any way I know of to get into enabled mode except for that. If you want to use the Password recovery then I wrote a FAQ on this forum that gives the Cisco link to all the Password recovery procedures for all their products. Let me know if this helps...

Burke

 

[wwwmario]

Acknowledged pal.

Gotta check trhough the console port if they set a login,
as via vty I don't have the login password first...

then I'm missing the enable one anyway...

yes, there's the config register, but I wouldn't
know how to tell my engagement managers why they lost
an account... hi hi hi

BOF inside

I'll look for your posts for my upcoming cisco probs,
your help has been really... helpful

Ciao

/Mario

 

[jimmyzz]

Burke / Mario,

You can perform a password recovery without losing the starting config. For a 2500 series router...

1. Send break to router to get ROMMON prompt
2. Type &quot;o/r 0x2142&quot;
3. Type &quot;i&quot; at the > prompt.
4. Type &quot;en&quot; to goto enable mode.
5. !!!Important: Type &quot;copy start running&quot;. This will reload your config from NVRAM.
6. Change your secrect/enable password.
7. Change your boot register back to 0x2102
8. Save config.
9. Reload router.

Most people leave out step 5 and end up losing the starup config.

JimmyZ

 

[rburke]

ok, thanks for letting me know..... learn alot everyday!!

Burke

 

[wwwmario]

Thanks JimmyZ!

I checked that out yesterday night while reading the daily
tale from &quot;Cisco CCNA Bedtime Stories&quot;.

No matter where, the important thing is making steps!

Ciao

/Mario

 

[nelsonv]

Please help me to remove the IOS (v12.0 with IP only) from Cisco 2503 so that I can install a new IOS with IP and IPX support.
Thank you.