To automatically prevent other users from making configuration changes at the same time as you, use the following command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#configuration mode exclusive auto
Router1(config)#end
Router1#
To enable the ability to lock the configuration file, on an as-needed basis, use the following command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#configuration mode exclusive manual
Router1(config)#end
Router1#
Tip
This feature was introduced in IOS Version 12.3(14)T.
By default, the router running IOS software allows multiple concurrent users to change the running configuration files at once. In some operating environments, preventing multiple concurrent users from making changes is beneficial. Being able to prevent two users attempting to modify the same portion of the configuration file is desired. By enabling this feature, you temporarily prevent multiple users from modifying the router configuration at the same time.
Essentially, this feature allows only a single user to enter the configuration mode at a time. All other users on the router are effectively locked out of the configuration mode until the first user exits it. As we’ve seen in our examples, this feature runs in two modes, auto and manual. In auto mode, the configuration mode is automatically locked each time a user enters the configuration mode. In manual mode, users have the ability to manually lock the configuration mode each time they change the router configuration by using the lock keyword:
Router1#configure terminal lock
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#
If you don’t issue the lock keyword, then the router will not lock the configuration mode and the router will function as normal. In auto mode, you don’t need to issue the lock keyword, since it is implicitly enabled.
If you attempt to enter the configuration mode and someone has already locked it, then you will receive the following message informing you that the configuration mode is locked and by whom:
Router1#configure terminal
Configuration mode locked exclusively by user 'ijbrown' process '31' from terminal '162'. Please try later.
Router1#
You can always show the status of the configuration lock by issuing the following command:
Router1#show configuration lock
Parser Configure Lock --------------------- Owner PID : 31 User :ijbrown
TTY :162
Type : EXCLUSIVE State : LOCKED Class : EXPOSED Count : 1 Pending Requests : 0 User debug info : configure terminal lock Router1#
If you absolutely need to change the router configuration and
someone has locked you out, then you always have the option of
terminating his or her session. Notice that user ijbrown
has currently locked the
configuration mode, and he is using TTY
162
.
In the next example, we will clear the TTY session and view the status
of the configuration lock:
Router1#clear line
[confirm]
162
<enter>
[OK] Router1#show configuration lock
Parser Configure Lock --------------------- Owner PID : -1 User : unknown TTY : -1 Type : NO LOCK State :FREE
Class : unknown Count : 0 Pending Requests : 0 User debug info : Router1#
Notice that once we clear the user’s session, the lock is removed and we are then free to make configuration changes. In addition, once someone does lock the configuration mode, a system message is sent to inform all other users:
Sep 2 22:39:03.304 EDT: Configuration mode locked exclusively. The lock will be cleared once you exit out of configuration mode using end/exit
Get Cisco IOS Cookbook, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.