Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Only one telnet connection


I need to allow only one telnet connection to a router.

Which set of commands will accomplish this this task?

Can "line vty 1, login, password cisco" be used?


Re: Only one telnet connection

we'll work with as being the only system IP that can telnet to the router on vty line 1.

create an access list

ip access-list extended 101

access-list 101 permit tcp any eq telnet

access-list 101 deny ip any any log

then apply the acl to vty 1 line


line vty 1

access-class 101 in

transport input telnet

you can configure one vty line with a unique password..


line vty 1

password xxxxx


Hall of Fame Super Gold

Re: Only one telnet connection


I will take a slightly different approach than Jorge (while his approach does control access to a single vty by a single host, I am not sure that this is what you were really asking for - especially since it does not address what happens on vty 0).

I will suggest that you configure vty 0 to accept the telnet connection (depending on how your router is configured - especially whether you are using aaa or not - the configuration that you posted would be fine, and that under all the other vty lines you configure:

no exec

This will prevent any telnet connection from becoming active on any other vty. Be aware that on many routers there are vty 0 4, but on some versions there are vty 0 15, and could possibly be other numbers of vty lines. So check how many are in your router and configure tham as I have suggested.



Re: Only one telnet connection

I agree with rick.

The no exec command turns off the EXEC process for the specified line and this would ensure only one telnet session at a time.

if you also want to allow acess to only one machine, you can use the access-list under the line which does not have the no exec command


Re: Only one telnet connection

Narayan/Rick, agree on the no exec command as a more effective approach.


Re: Only one telnet connection


Just to add one more thing here...

As you will be allowing just one telnet connection, do remember to apply with exec-time with appropriate timer.

otherwise you have to login to console to clear the only available vty line for telnet access.

"I have seen similar problem with 6500 with no exec-timeout applied"


Re: Only one telnet connection

yes a very valid point by rajat..

All you dont need is to lock yourself up and use the console to free the session..

line vty 0

access-class 1 in

exec-timeout 5 0

line vty 1 15

no exec



CreatePlease to create content