Courseiva
SystemPrivileged EXEC

show users

Displays active user sessions on the router, including line type, idle time, and remote IP addresses, useful for monitoring who is logged in and troubleshooting connectivity issues.

Syntax·Privileged EXEC
show users

When to Use This Command

  • Check if unauthorized users are connected to the router via Telnet or SSH.
  • Verify your own session details when troubleshooting a hung connection.
  • Identify idle sessions that should be terminated to free up VTY lines.
  • Confirm remote IP addresses of administrators accessing the device.

Command Examples

Basic show users output

show users
    Line       User       Host(s)              Idle       Location
*  0 con 0                idle                 00:00:00   
   2 vty 0     admin      idle                 00:05:23   192.168.1.100
   3 vty 1                idle                 00:12:10   10.0.0.5

Line: line number and type (con=console, vty=virtual terminal). User: username if authenticated, blank if not. Host(s): connection state (idle, active). Idle: time since last keystroke. Location: source IP address for remote connections. The asterisk (*) indicates your current session.

Show users with active SSH session

show users
    Line       User       Host(s)              Idle       Location
   0 con 0                idle                 00:00:00   
*  2 vty 0     jdoe      idle                 00:02:15   192.168.1.50
   3 vty 1     admin      idle                 00:10:30   10.0.0.1

Your session (marked with *) is vty 0 as user jdoe from 192.168.1.50. Idle time shows 2 minutes 15 seconds since last activity. Other sessions can be cleared with 'clear line vty 1' if needed.

Understanding the Output

The 'show users' command output lists all active user sessions on the router. The first column 'Line' indicates the line number and type: 'con 0' is the console port, 'vty 0-4' are virtual terminal lines for remote access (Telnet/SSH). The 'User' column shows the username if login authentication is configured; blank means no username required. 'Host(s)' typically shows 'idle' or 'active'—idle means the session is waiting for input, active means a command is being processed. 'Idle' time is the duration since the last keystroke; a long idle time (e.g., >15 minutes) may indicate an abandoned session. 'Location' is the source IP address for remote connections; for console, it's blank. The asterisk (*) next to a line marks your current session. In a real network, use this command to verify who is accessing the device, especially after configuration changes or security incidents. High idle times or unknown IP addresses may indicate a security risk. If you need to disconnect a session, use 'clear line <line>' in privileged EXEC mode.

CCNA Exam Tips

1.

CCNA 200-301: Remember that the asterisk (*) indicates your own session; you cannot clear your own line.

2.

CCNA 200-301: Know that 'show users' is used to identify which VTY line to clear with 'clear line'.

3.

CCNA 200-301: Understand that idle time is reset on each keystroke; a long idle time suggests an unattended session.

4.

CCNA 200-301: Be aware that 'show users' does not show encrypted passwords; it only shows usernames if configured.

Common Mistakes

Mistake 1: Confusing 'show users' with 'show running-config' to see user accounts; 'show users' shows active sessions, not configured users.

Mistake 2: Trying to clear your own session (the one with the asterisk) using 'clear line'; this will disconnect you and is not allowed.

Mistake 3: Assuming 'Idle' time is the total session duration; it is actually time since last activity, not total uptime.

Related Commands

show ssh

Displays the status and configuration of SSH server connections on a Cisco device, used to verify SSH sessions, authentication methods, and encryption settings.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions