Configuration Lock Feature on Routers and Switches

Answered Question
Jun 8th, 2010
User Badges:

Is there a "configuration lock" feature in cisco routers and switches that prevent multiple users from making changes at the same time?

What is the command? Thank you in advance.

Correct Answer by podhillo about 7 years 1 month ago

Hi,


configuration mode exclusive

To enable single-user (exclusive) access functionality for the Cisco IOS command-line interface (CLI), use the configuration mode exclusive command in global configuration mode. To disable the single-user access (configuration locking) feature, use the no form of this command.

Syntax for Releases 12.3T/12.2S:

configuration mode exclusive {auto | manual}

no configuration mode exclusive {auto | manual}

Syntax for Release 12.0(31)S, 12.2(33)SRA, and Later Releases:

configuration mode exclusive {auto | manual} [expire seconds] [lock-show] [interleave] [terminate] [config_wait seconds]  [retry_wait seconds]

Usage Guidelines

The configuration mode exclusive command enables the exclusive configuration lock feature. The exclusive configuration lock allows single-user access to configuration modes using single-user configuration mode. While the device configuration is locked, no other users can enter configuration commands.

Users accessing the device using the state-full, session-based transports (telnet, SSH) are able to enter single-user configuration mode. The user enters single-user configuration mode by acquiring the exclusive configuration lock using the configure terminal lock privileged EXEC mode command. The configuration lock is released when the user exits configuration mode by using the end or exit command, or by pressing Ctrl-Z. While a user is in single-user configuration mode, no other users can configure the device. Users accessing CLI options through stateless protocols (that is, the HTTP web-based user interface) cannot access single-user configuration mode. (However, an API allows the stateless transports to lock the configuration mode, complete its operations, and release the lock.)



giuslar has answered your query.


Regards,

podhillo

Correct Answer by Giuseppe Larosa about 7 years 1 month ago

Hello David,


it should be



configuration mode ?

  exclusive  Configuration mode exclusive


Hope to help

Giuseppe

Correct Answer by Calin Chiorean about 7 years 1 month ago

I don't know about such feature, but what if you would allow only one user to be connected at the time on the Cisco device?

The configuration shoul look  like:


line vty 0

password cisco

transport input telnet ssh


line vty 1-4

transport input none


Or assign different levels to different users, so only one user (login) can configure the device. If you are using TACACS+, you can limit to only one login at the time per user.


Hope this helps you!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Loading.
Correct Answer
Calin Chiorean Tue, 06/08/2010 - 07:49
User Badges:
  • Silver, 250 points or more

I don't know about such feature, but what if you would allow only one user to be connected at the time on the Cisco device?

The configuration shoul look  like:


line vty 0

password cisco

transport input telnet ssh


line vty 1-4

transport input none


Or assign different levels to different users, so only one user (login) can configure the device. If you are using TACACS+, you can limit to only one login at the time per user.


Hope this helps you!

Correct Answer
Giuseppe Larosa Tue, 06/08/2010 - 08:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello David,


it should be



configuration mode ?

  exclusive  Configuration mode exclusive


Hope to help

Giuseppe

Correct Answer
podhillo Tue, 06/08/2010 - 08:09
User Badges:
  • Bronze, 100 points or more

Hi,


configuration mode exclusive

To enable single-user (exclusive) access functionality for the Cisco IOS command-line interface (CLI), use the configuration mode exclusive command in global configuration mode. To disable the single-user access (configuration locking) feature, use the no form of this command.

Syntax for Releases 12.3T/12.2S:

configuration mode exclusive {auto | manual}

no configuration mode exclusive {auto | manual}

Syntax for Release 12.0(31)S, 12.2(33)SRA, and Later Releases:

configuration mode exclusive {auto | manual} [expire seconds] [lock-show] [interleave] [terminate] [config_wait seconds]  [retry_wait seconds]

Usage Guidelines

The configuration mode exclusive command enables the exclusive configuration lock feature. The exclusive configuration lock allows single-user access to configuration modes using single-user configuration mode. While the device configuration is locked, no other users can enter configuration commands.

Users accessing the device using the state-full, session-based transports (telnet, SSH) are able to enter single-user configuration mode. The user enters single-user configuration mode by acquiring the exclusive configuration lock using the configure terminal lock privileged EXEC mode command. The configuration lock is released when the user exits configuration mode by using the end or exit command, or by pressing Ctrl-Z. While a user is in single-user configuration mode, no other users can configure the device. Users accessing CLI options through stateless protocols (that is, the HTTP web-based user interface) cannot access single-user configuration mode. (However, an API allows the stateless transports to lock the configuration mode, complete its operations, and release the lock.)



giuslar has answered your query.


Regards,

podhillo

Actions

This Discussion