Unable to open more than 5 tabs in SecureCRT

SecureCRT version 0.7.1 BETA (build 136)
At the 6th tab, it gives me this message "The remote system refused the connection."

Am I missing something here?

Here's my config:

AccessServer#s run
Building configuration...

Current configuration : 3131 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AccessServer
!
logging queue-limit 100
!
ip subnet-zero
no ip routing
no ip domain lookup
ip host SW1 2001 10.0.0.1
ip host SW2 2002 10.0.0.1
ip host SW3 2003 10.0.0.1
ip host SW4 2004 10.0.0.1
ip host R1 2005 10.0.0.1
ip host R2 2006 10.0.0.1
ip host R3 2007 10.0.0.1
ip host R4 2008 10.0.0.1
ip host R5 2009 10.0.0.1
ip host R6 2010 10.0.0.1
ip host BB1 2011 10.0.0.1
ip host BB2 2012 10.0.0.1
ip host BB3 2013 10.0.0.1
!
!
!
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
no ip route-cache
no ip mroute-cache
!
interface Ethernet0
ip address 192.168.1.50 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no fair-queue
!
ip default-gateway 192.168.1.47
no ip http server
no ip classless

alias exec s1 telnet 10.0.0.1 2001
alias exec s2 telnet 10.0.0.1 2002
alias exec s3 telnet 10.0.0.1 2003
alias exec s4 telnet 10.0.0.1 2004
alias exec r1 telnet 10.0.0.1 2005
alias exec r2 telnet 10.0.0.1 2006
alias exec r3 telnet 10.0.0.1 2007
alias exec r4 telnet 10.0.0.1 2008
alias exec r5 telnet 10.0.0.1 2009
alias exec r6 telnet 10.0.0.1 2010
alias exec b1 telnet 10.0.0.1 2011
alias exec b2 telnet 10.0.0.1 2012
alias exec b3 telnet 10.0.0.1 2013
alias exec s11 clear line 1
alias exec s22 clear line 2
alias exec s33 clear line 3
alias exec s44 clear line 4
alias exec r11 clear line 5
alias exec r22 clear line 6
alias exec r33 clear line 7
alias exec r44 clear line 8
alias exec r55 clear line 9
alias exec r66 clear line 10
alias exec b11 clear line 11
alias exec b22 clear line 12
alias exec b33 clear line 13
line con 0
exec-timeout 0 0
line 1 16
exec-timeout 0 0
flush-at-activation
transport input all
line aux 0
exec-timeout 0 0
line vty 0 4
password cisco
login
!
end

Find more posts tagged with

Comments

reaper81

NOC-Ninja wrote: »

SecureCRT version 0.7.1 BETA (build 136)
At the 6th tab, it gives me this message "The remote system refused the connection."

Am I missing something here?

Here's my config:

AccessServer#s run
Building configuration...

Current configuration : 3131 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AccessServer
!
logging queue-limit 100
!
ip subnet-zero
no ip routing
no ip domain lookup
ip host SW1 2001 10.0.0.1
ip host SW2 2002 10.0.0.1
ip host SW3 2003 10.0.0.1
ip host SW4 2004 10.0.0.1
ip host R1 2005 10.0.0.1
ip host R2 2006 10.0.0.1
ip host R3 2007 10.0.0.1
ip host R4 2008 10.0.0.1
ip host R5 2009 10.0.0.1
ip host R6 2010 10.0.0.1
ip host BB1 2011 10.0.0.1
ip host BB2 2012 10.0.0.1
ip host BB3 2013 10.0.0.1
!
!
!
!
interface Loopback0
ip address 10.0.0.1 255.255.255.255
no ip route-cache
no ip mroute-cache
!
interface Ethernet0
ip address 192.168.1.50 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Serial0
no ip address
no ip route-cache
no ip mroute-cache
shutdown
no fair-queue
!
ip default-gateway 192.168.1.47
no ip http server
no ip classless

alias exec s1 telnet 10.0.0.1 2001
alias exec s2 telnet 10.0.0.1 2002
alias exec s3 telnet 10.0.0.1 2003
alias exec s4 telnet 10.0.0.1 2004
alias exec r1 telnet 10.0.0.1 2005
alias exec r2 telnet 10.0.0.1 2006
alias exec r3 telnet 10.0.0.1 2007
alias exec r4 telnet 10.0.0.1 2008
alias exec r5 telnet 10.0.0.1 2009
alias exec r6 telnet 10.0.0.1 2010
alias exec b1 telnet 10.0.0.1 2011
alias exec b2 telnet 10.0.0.1 2012
alias exec b3 telnet 10.0.0.1 2013
alias exec s11 clear line 1
alias exec s22 clear line 2
alias exec s33 clear line 3
alias exec s44 clear line 4
alias exec r11 clear line 5
alias exec r22 clear line 6
alias exec r33 clear line 7
alias exec r44 clear line 8
alias exec r55 clear line 9
alias exec r66 clear line 10
alias exec b11 clear line 11
alias exec b22 clear line 12
alias exec b33 clear line 13
line con 0
exec-timeout 0 0
line 1 16
exec-timeout 0 0
flush-at-activation
transport input all
line aux 0
exec-timeout 0 0
line vty 0 4
password cisco
login
!
end

I'm no expert at access servers but you have 5 VTYs and can only have 5 connections. Does not seem like a coincidence to me. It is called reverse telnet right? So try bumping up the number of VTYs.

instant000

NOC-Ninja wrote: »

SecureCRT version 0.7.1 BETA (build 136)
At the 6th tab, it gives me this message "The remote system refused the connection."

Am I missing something here?

Here's my config:
<output omitted>
alias exec s1 telnet 10.0.0.1 2001
alias exec s2 telnet 10.0.0.1 2002
alias exec s3 telnet 10.0.0.1 2003
alias exec s4 telnet 10.0.0.1 2004
alias exec r1 telnet 10.0.0.1 2005
alias exec r2 telnet 10.0.0.1 2006
alias exec r3 telnet 10.0.0.1 2007
alias exec r4 telnet 10.0.0.1 2008
alias exec r5 telnet 10.0.0.1 2009
alias exec r6 telnet 10.0.0.1 2010
alias exec b1 telnet 10.0.0.1 2011
alias exec b2 telnet 10.0.0.1 2012
alias exec b3 telnet 10.0.0.1 2013
<output omitted>
line vty 0 4
password cisco
login
!
end

I think the case is that you only set up 5 telnet lines, and it appears you're using telnet commands

Hope this helps!

instant000

Can you do a "sh session" and check what lines are being used?

I'll boot up over here and test on my access server, to see what's really going on.

instant000

I'm not sure what you're doing, but this is my guess at it:

you're running the access server, and then you're running multiple telnet sessions to access it, and then launch the sessions to the lines. in this case, you're using up the allotment of vty lines on your router. It's just an idea, no idea, really.

to test my case, do a "sh line" that's my only idea, especially since you mention multiple secureCRT tabs. a "sh line" @ the access server will show what lines are being used up on the access server.

NOC-Ninja

reaper81 wrote: »

I'm no expert at access servers but you have 5 VTYs and can only have 5 connections. Does not seem like a coincidence to me. It is called reverse telnet right? So try bumping up the number of VTYs.

Thanks daniel.

I tried it before but ill try it again just in case I missed it.

NOC-Ninja

reaper81 wrote: »

I'm no expert at access servers but you have 5 VTYs and can only have 5 connections. Does not seem like a coincidence to me. It is called reverse telnet right? So try bumping up the number of VTYs.

This is really weird. I know the ports on my access server are working because I can connect 1 to 17 if i limit the tab to 5. Also, I can connect to it one at a time through CTRL + SHIFT + 6 + X.

AccessServer#conf t
Enter configuration commands, one per line. End with CNTL/Z.
AccessServer(config)#line vty 0 ?
<1-4> Last Line number
<cr>

AccessServer(config)#line vty 0 14
^
% Invalid input detected at '^' marker.

AccessServer(config)#line vty 0 10
^
% Invalid input detected at '^' marker.

AccessServer(config)#

its not letting me type "line vty 0 14"

chrisone

What instant000 said:

line vty 0 4

try line vty 0 15

see if it lets you configure more VTY lines.

try 5 and then ? to see if it splits them up in that manner? I have seen some routersdo 0-4 then then 5-15

NOC-Ninja

instant000 wrote: »

I'm not sure what you're doing, but this is my guess at it:

you're running the access server, and then you're running multiple telnet sessions to access it, and then launch the sessions to the lines. in this case, you're using up the allotment of vty lines on your router. It's just an idea, no idea, really.

to test my case, do a "sh line" that's my only idea, especially since you mention multiple secureCRT tabs. a "sh line" @ the access server will show what lines are being used up on the access server.

I also did "s line"last week. I still dont get how it has data but I cant open multiple tabs.

Anyhow, this is what I pulled out right now.

[PHP]AccessServer#s line
Tty Typ Tx/Rx A Modem Roty AccO AccI Uses Noise Overruns Int
* 0 CTY - - - - - 0 1 0/0 -
* 1 TTY 9600/9600 - - - - - 3 43 1/5 -
* 2 TTY 9600/9600 - - - - - 3 45 13/47 -
* 3 TTY 9600/9600 - - - - - 2 10 5/13 -
* 4 TTY 9600/9600 - - - - - 2 22 3/11 -
* 5 TTY 9600/9600 - - - - - 1 4 158/477 -
* 6 TTY 9600/9600 - - - - - 0 11 58/180 -
* 7 TTY 9600/9600 - - - - - 0 34 148/445 -
* 8 TTY 9600/9600 - - - - - 0 0 10/32 -
* 9 TTY 9600/9600 - - - - - 0 0 47/144 -
* 10 TTY 9600/9600 - - - - - 0 10 21/65 -
* 11 TTY 9600/9600 - - - - - 0 1 22/67 -
* 12 TTY 9600/9600 - - - - - 0 14 22/70 -
* 13 TTY 9600/9600 - - - - - 0 12 22/73 -[/PHP]

NOC-Ninja

chrisone wrote: »

What instant000 said:

line vty 0 4

try line vty 0 15

see if it lets you configure more VTY lines.

try 5 and then ? to see if it splits them up in that manner? I have seen some routersdo 0-4 then then 5-15

Here's what I pulled just now. Thanks!

[PHP]AccessServer(config)#line vt
AccessServer(config)#line vty 0 4
AccessServer(config-line)#logi
AccessServer(config-line)#pass
AccessServer(config-line)#password cisco
AccessServer(config-line)#exit
AccessServer(config)#line vt
AccessServer(config)#line vty 5
AccessServer(config)#line vty 5?
% Unrecognized command
AccessServer(config)#line vty 5 15
^
% Invalid input detected at '^' marker.

AccessServer(config)#line vty 0 15
^
% Invalid input detected at '^' marker.

AccessServer(config)#line vty 5 ?
% Unrecognized command
AccessServer(config)#line vty 5-?
% Unrecognized command
AccessServer(config)#line vty 5-[/PHP]

chrisone

I see, looks like you can only open 4 VTY lines to the access server.

If you think about it, and this is the way i use mine, I only VTY using one line to the access server. Then within the access server i connect to the other sessions. I never really tried having CRT open sessions from the outside using the VTY lines. It seems like it works since you are able to get 5 open sessions and your 6th doesnt work. I would assume this is because the router only supports 5 VTY open lines (0 , 1 , 2 , 3 , 4).

I would suggest not doing this in a production environment because you will lock out everyone else out of the router since the VTY lines will be all used up.

NOC-Ninja

chrisone wrote: »

I see, looks like you can only open 4 VTY lines to the access server.

If you think about it, and this is the way i use mine, I only VTY using one line to the access server. Then within the access server i connect to the other sessions. I never really tried having CRT open sessions from the outside using the VTY lines. It seems like it works since you are able to get 5 open sessions and your 6th doesnt work. I would assume this is because the router only supports 5 VTY open lines (0 , 1 , 2 , 3 , 4).

I would suggest not doing this in a production environment because you will lock out everyone else out of the router since the VTY lines will be all used up.

Its not in production. This is my IE RS home lab. Its annoying to CTRL + SHIFT + 6 + X all the time. It would be nice to open up all the tabs at the same time to configure and see the the effect thru debug.

Thanks!

chrisone

yeah i agree, in fact i am going to test your findings in my lab environment but i doubt my access server has more than 4 VTY lines since its old. I think if you can get the card/module that supports the octal cable for a newer router, the IOS there would have more VTY lines. The 2511 is really old, if that is one you use, its the one i have

i hate it , works like **** and my sessions bug out and spit a crap load of characters to the CLI for no apparent reason. Its old a defective i think, or my USB to serial converter drivers suck lol

I just use GNS now for routing and any hardware is for ASA/Security/switching.

instant000

chrisone wrote: »

works like **** and my sessions bug out and spit a crap load of characters to the CLI for no apparent reason.

i heard that "no exec" under the line configuration would clear this issue up. If you already have that, then no idea.

instant000

NOC-Ninja wrote: »

Its not in production. This is my IE RS home lab. Its annoying to CTRL + SHIFT + 6 + X all the time. It would be nice to open up all the tabs at the same time to configure and see the the effect thru debug.

Thanks!

From what I've heard, in the actual lab, you only get something like putty, not SecureCRT.

but, with regards to your issue, I heard if you download an "access server" version of the IOS, that will give you access to more VTY lines, I'm testing to download that right now, will post back in a few.

EDIT: Oh well, we can forget about that, I don't have enough ram in my access server to load a newer image. Let me see if I can find text stating a new image allows more vty lines.

Forsaken_GA

you're not going to get more than 5 telnet lines, and you're doing it wrong if you try. You do not telnet to the access server, and then telnet to the device from there.

This is my line config

line con 0
line 1 16
no exec
transport input all
line aux 0
line vty 0 4
password <omitted>
login

To actually access my routers via the console server, I telnet directly to the port on the access server that's assigned to that line.

For example, my access server is at 192.168.55.3. Router 1 is off port 2005. When I want to access router 1, I telnet to 192.168.55.3 on port 2005

dayne@mormont:~$ telnet 192.168.55.3 2005
Trying 192.168.55.3...
Connected to 192.168.55.3.
Escape character is '^]'.

Rack7R1#

This is how I access all 16 lines (I have 12 open right now, as I'm doing some labs)

Mapping the port to the line is easy - port 2001 is line 1, port 2002 is line 2, etc, etc, all the way up to 2008 or 2016, depending on how many lines your access server has

jamesp1983

Forsaken_GA wrote: »

you're not going to get more than 5 telnet lines, and you're doing it wrong if you try. You do not telnet to the access server, and then telnet to the device from there.

This is my line config

line con 0
line 1 16
no exec
transport input all
line aux 0
line vty 0 4
password <omitted>
login

To actually access my routers via the console server, I telnet directly to the port on the access server that's assigned to that line.

For example, my access server is at 192.168.55.3. Router 1 is off port 2005. When I want to access router 1, I telnet to 192.168.55.3 on port 2005

dayne@mormont:~$ telnet 192.168.55.3 2005
Trying 192.168.55.3...
Connected to 192.168.55.3.
Escape character is '^]'.

Rack7R1#

This is how I access all 16 lines (I have 12 open right now, as I'm doing some labs)

That's how INE is setup as well.

keenon

i had something like that happen but it was due to my antivirus software.

instant000

Cisco 2511 only 5 VTY Lines available? - IEOC - INE's Online Community

A guy in this thread says that upgrading his IOS repaired his problem. I didn't have enough RAM to upgrade mine, so I can't test anytime soon

. I guess if I ever need access to more than 5 devices simultaneously, I would look into a ram upgrade, I guess. I guess it would have some utility for this case.

EDIT: Disregard Forsaken posted appropriate solution.

chrisone

instant000 wrote: »

i heard that "no exec" under the line configuration would clear this issue up. If you already have that, then no idea.

Awesome, i will try this,i didnt really care about it that much which is why i never really researched it.

Forsaken_GA wrote: »

you're not going to get more than 5 telnet lines, and you're doing it wrong if you try. You do not telnet to the access server, and then telnet to the device from there.

This is my line config

line con 0
line 1 16
no exec
transport input all
line aux 0
line vty 0 4
password <omitted>
login

To actually access my routers via the console server, I telnet directly to the port on the access server that's assigned to that line.

For example, my access server is at 192.168.55.3. Router 1 is off port 2005. When I want to access router 1, I telnet to 192.168.55.3 on port 2005

dayne@mormont:~$ telnet 192.168.55.3 2005
Trying 192.168.55.3...
Connected to 192.168.55.3.
Escape character is '^]'.

Rack7R1#

This is how I access all 16 lines (I have 12 open right now, as I'm doing some labs)

Mapping the port to the line is easy - port 2001 is line 1, port 2002 is line 2, etc, etc, all the way up to 2008 or 2016, depending on how many lines your access server has

nice! thanks for the info

NOC-Ninja

Forsaken_GA wrote: »

you're not going to get more than 5 telnet lines, and you're doing it wrong if you try. You do not telnet to the access server, and then telnet to the device from there.

This is my line config

line con 0
line 1 16
no exec
transport input all
line aux 0
line vty 0 4
password <omitted>
login

To actually access my routers via the console server, I telnet directly to the port on the access server that's assigned to that line.

For example, my access server is at 192.168.55.3. Router 1 is off port 2005. When I want to access router 1, I telnet to 192.168.55.3 on port 2005

dayne@mormont:~$ telnet 192.168.55.3 2005
Trying 192.168.55.3...
Connected to 192.168.55.3.
Escape character is '^]'.

Rack7R1#

This is how I access all 16 lines (I have 12 open right now, as I'm doing some labs)

Mapping the port to the line is easy - port 2001 is line 1, port 2002 is line 2, etc, etc, all the way up to 2008 or 2016, depending on how many lines your access server has

Thanks. Ill try that tonight when I get home.
I didn't get a chance to try it yesterday since I wasn't feeling well. `

NOC-Ninja

Forsaken_GA wrote: »

you're not going to get more than 5 telnet lines, and you're doing it wrong if you try. You do not telnet to the access server, and then telnet to the device from there.

This is my line config

line con 0
line 1 16
no exec
transport input all
line aux 0
line vty 0 4
password <omitted>
login

To actually access my routers via the console server, I telnet directly to the port on the access server that's assigned to that line.

For example, my access server is at 192.168.55.3. Router 1 is off port 2005. When I want to access router 1, I telnet to 192.168.55.3 on port 2005

dayne@mormont:~$ telnet 192.168.55.3 2005
Trying 192.168.55.3...
Connected to 192.168.55.3.
Escape character is '^]'.

Rack7R1#

This is how I access all 16 lines (I have 12 open right now, as I'm doing some labs)

Mapping the port to the line is easy - port 2001 is line 1, port 2002 is line 2, etc, etc, all the way up to 2008 or 2016, depending on how many lines your access server has

To actually access my routers via the console server, I telnet directly to the port on the access server that's assigned to that line.

For example, my access server is at 192.168.55.3. Router 1 is off port 2005. When I want to access router 1, I telnet to 192.168.55.3 on port 2005

Can you please clarify it? Whats your physical connection on this statement?
My current connection is:
PC ---> crossover cable ---> BL20R transceiver ----> (port e0) access server

Forsaken_GA

NOC-Ninja wrote: »

Can you please clarify it? Whats your physical connection on this statement?
My current connection is:
PC ---> crossover cable ---> BL20R transceiver ----> (port e0) access server

If you're hitting the vty limit, you're already setup correctly, you're just telnetting into the access server directly, and then I'm guessing reverse telnetting to the line on the access server. Totally unnecessary, just telnet to the appropriate port on the access server and you'll be connected to that routers console that's attached to the line, skipping the login to the access server.

Ie, instead of telnetting to the access server on port 23 like you have been, try telnetting to port 2010 instead. ANd then open a new session and telnet to port 2011, and so on. it should work fine, as long as you've configured your line access properly.

As far as my setup goes, my access server, my desktop, and my wireless AP are all plugged into one switch, a 3550. The access sever is just another node on my network. It's no different than if I had a linux server setup on the home network that I was sshing to (which I have as well)

NOC-Ninja

Forsaken_GA wrote: »

If you're hitting the vty limit, you're already setup correctly, you're just telnetting into the access server directly, and then I'm guessing reverse telnetting to the line on the access server. Totally unnecessary, just telnet to the appropriate port on the access server and you'll be connected to that routers console that's attached to the line, skipping the login to the access server.

Ie, instead of telnetting to the access server on port 23 like you have been, try telnetting to port 2010 instead. ANd then open a new session and telnet to port 2011, and so on. it should work fine, as long as you've configured your line access properly.

As far as my setup goes, my access server, my desktop, and my wireless AP are all plugged into one switch, a 3550. The access sever is just another node on my network. It's no different than if I had a linux server setup on the home network that I was sshing to (which I have as well)

Its working!!!!! W000000000t!!!!!! Thank you! I owe you one!

More than 5 tabs. FINALLY! time to fully lab! its so beautiful!!!!

working.jpg

joemendola

NOC-Ninja wrote: »

PC ---> crossover cable ---> BL20R transceiver ----> (port e0) access server

hi noc, id love to know if it is that, the correct chain of cable+devices you use in order to connect your pc/laptop to the access server please.

do you use the rollover cable only for the initial configuration of the access server? then what kind of cable do you use by means securecrt? it is the crossover cable, isnt it?

thanks in advance for your reply

greetings from italy
joe

Forsaken_GA

joemendola wrote: »

hi noc, id love to know if it is that, the correct chain of cable+devices you use in order to connect your pc/laptop to the access server please.

do you use the rollover cable only for the initial configuration of the access server? then what kind of cable do you use by means securecrt? it is the crossover cable, isnt it?

thanks in advance for your reply

greetings from italy
joe

Once you have the access server setup properly, all you need is telnet access to the access server. Just assign it's ethernet interface and IP address and it becomes another node on your network with open ports.