Maybe a host is doing a DoS attack.
Do you have hosts on the administrative VLAN of the swtichs?
I you do not have a firewall between your hosts, you can filter source IP address for telnet connections.
http://www.informit.com/library/content.aspx?b=CCNP_Studies_Troubleshooting&seqNum=81
Example 7-58 illustrates the access list configuration to only allow hosta to telnet to r3.
Example 7-58. ACL Configuration
r3(config)#access-list ?
<1-99> IP standard access list
<100-199> IP extended access list
<1000-1099> IPX SAP access list
<1100-1199> Extended 48-bit MAC address access list
<1200-1299> IPX summary address access list
<1300-1999> IP standard access list (expanded range)
<200-299> Protocol type-code access list
<2000-2699> IP extended access list (expanded range)
<300-399> DECnet access list
<400-499> XNS standard access list
<500-599> XNS extended access list
<600-699> Appletalk access list
<700-799> 48-bit MAC address access list
<800-899> IPX standard access list
<900-999> IPX extended access list
rate-limit Simple rate-limit specific access list
r3(config)#access-list 1 ?
deny Specify packets to reject
permit Specify packets to forward
r3(config)#access-list 1 permit ?
Hostname or A.B.C.D Address to match
any Any source host
host A single host address
r3(config)#access-list 1 permit 192.168.5.17
r3(config)#access-list 1 deny any log
r3(config)#line vty 0 4
r3(config-line)#access-class 1 ?
in Filter incoming connections
out Filter outgoing connections
r3(config-line)#access-class 1 in
r3(config-line)#end
r3#copy running-config startup-config
Now test out the ACL as in Example 7-59.
Example 7-59. ACL Testing
sw3512xl#telnet 192.168.5.30
Trying 192.168.5.30 ...
% Connection refused by remote host
sw3512xl#ping 192.168.5.30
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
Guido.
Please rate all the helpful comments.
