Managing vty Lines

The system supports 30 virtual tty (vty) lines for Telnet, SSH, and FTP services. Each Telnet, SSH, or FTP session requires one vty line. When you connect to the router through a vty line, the number of the vty line is not assigned sequentially; instead, the system assigns the first vty line that passes the host access list check rules.

Configuring vty Lines

By default five vty lines (0–4) are open. You can open additional lines using the line vty command. Once lines are open, login is enabled by default. Before users can access the lines, you must configure a password, disable login using the no login command, or configure AAA authentication on the lines.

line vty

Use to open or configure vty lines.
You can specify a single line or a range of lines. The range is 0–29.
Example
host1(config)#line vty 6 10host1(config-line)#
Use the no version to remove a vty line or a range of lines from the configuration. Lines that you remove will no longer be available for use by Telnet, FTP, or SSH. When you remove a vty line, the system removes all lines above that line. For example, no line vty 6 causes the system to remove lines 6 through 29. You cannot remove lines 0 through 4.
See line.

password

Use to specify a password on a single line or a range of lines.
If you enable login but do not configure a password, the system will not allow you to access virtual terminals.
Specify a password in plain text (unencrypted) or cipher text (encrypted). In either case, the system stores the password as encrypted.
You can use the following keywords:
- 0 (zero)—Specifies an unencrypted password
- 5—Specifies a secret
- 7—Specifies an encrypted password
Example 1 (unencrypted password)
host1(config-line)#password 0 mypassword
Example 2 (secret)
host1(config-line)#password 5 y13_x
Example 3 (encrypted password)
host1(config-line)#password 7 x13_2
Use the no version to remove the password. By default, no password is specified.
See password.

For more information about configuring security for vty lines, see Managing the System .

Monitoring vty Lines

Use the show line vty command to monitor vty lines.

show line vty

Use to display the configuration of a vty line.
Field descriptions
- access-class—Access class associated with the vty line
- data-character-bits—Number of bits per character
  - 7—Setting for the standard ASCII set
  - 8—Setting for the international character set
- exec-timeout—Time interval that the terminal waits for expected user input
  - Never—Indicates that there is no time limit
- exec-banner—Status for the exec banner: enabled or disabled. This banner is displayed by the CLI after user authentication (if any) and before the first prompt of a CLI session.
- motd-banner—Status for the MOTD banner: enabled or disabled. This banner is displayed by the CLI when a connection is initiated.
- login-timeout—Time interval during which the user must log in.
  - Never—Indicates that there is no time limit

Example

host1#show line vty 0
no access-class in
data-character-bits 8
exec-timeout 3w 3d 7h 20m 0s
exec-banner enabled
motd-banner enabled
login-timeout 30 seconds

See show line vty.