Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can you tell from CLI if someone is currently using SDM?

I just had a funny thing happen... I was doing some config changes on a router at the same time that someone else was doing config changes with SDM. Needless to say, I was confused by the seemingly magical changes to the running config that I wasn't doing! ha ha.

Anyway, is there any way from the CLI to tell that someone is "connected" to the router via SDM? Or should I lock out SDM users by giving the "no ip http server" and "no ip http secure-server" commands first before I start doing CLI changes?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: Can you tell from CLI if someone is currently using SDM?

Thomas,

As Collin indicated the show users command will be able to display who is connected to the router, SDM or CLI.

The problem with SDM is that is not a persistent connection and the user will be listed when the command is executed and then it's removed from the list.

I tested in my lab - btw, who does the same. I'm connected via console and SDM, only console is shown because I haven't typed any command in SDM.

1#who

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

Interface User Mode Idle Peer Address

Now, I'm going to execute a ping on SDM, this should place me in the list.

R1#who

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

2 vty 0 idle 00:00:03 169.254.1.1

Interface User Mode Idle Peer Address

Once the ping finished, the connection is released by the router.

BTW, what version of IOS are you running? On the newer version of IOS, there is a command to archive config log changes and you should be able to tell who changed the config based on their username.

http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_config-logger_ps6350_TSD_Products_Configuration_Guide_Chapter.html

HTH,

__

Edison.

9 REPLIES

Re: Can you tell from CLI if someone is currently using SDM?

configuration mode exclusive auto will only allow one person at a time to make changes.

I'm pretty sure there is a command to see other users, I'll see if I can dig it up.

Hope that helps.

Update: The command is show users.

New Member

Re: Can you tell from CLI if someone is currently using SDM?

"show users" only shows CLI users...not SDM users (I'm on both CLI & SDM right this very second so I tested it... only my CLI session shows)

The "configuration mode exclusive" commands also seem to apply only to CLI users and not SDM

Hall of Fame Super Bronze

Re: Can you tell from CLI if someone is currently using SDM?

Thomas,

As Collin indicated the show users command will be able to display who is connected to the router, SDM or CLI.

The problem with SDM is that is not a persistent connection and the user will be listed when the command is executed and then it's removed from the list.

I tested in my lab - btw, who does the same. I'm connected via console and SDM, only console is shown because I haven't typed any command in SDM.

1#who

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

Interface User Mode Idle Peer Address

Now, I'm going to execute a ping on SDM, this should place me in the list.

R1#who

Line User Host(s) Idle Location

* 0 con 0 idle 00:00:00

2 vty 0 idle 00:00:03 169.254.1.1

Interface User Mode Idle Peer Address

Once the ping finished, the connection is released by the router.

BTW, what version of IOS are you running? On the newer version of IOS, there is a command to archive config log changes and you should be able to tell who changed the config based on their username.

http://www.cisco.com/en/US/docs/ios/fundamentals/configuration/guide/cf_config-logger_ps6350_TSD_Products_Configuration_Guide_Chapter.html

HTH,

__

Edison.

Re: Can you tell from CLI if someone is currently using SDM?

Edison-

If you still have it labbed up could you test the

configuration mode exclusive auto command and see if it blocks SDM config if a CLI user is in?

Hall of Fame Super Bronze

Re: Can you tell from CLI if someone is currently using SDM?

Collin,

The configuration mode exclusive enables the exclusive configuration lock feature.

Users accessing the device using the state-full, session-based transports (telnet, SSH) are able to enter single-user configuration mode.

However, the lock is placed when you enter in config mode by typing configure terminal lock from the EXEC mode. If you are in EXEC mode, the configuration isn't locked to other users until you type the command above.

For more details, please refer to the documentation:

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_c1.html#wp1030940

HTH,

__

Edison.

Re: Can you tell from CLI if someone is currently using SDM?

I am aware of what it does as we use it. I was just wondering if you were in config mode via the CLI if the SDM would prevent that user from making changes.

Hall of Fame Super Bronze

Re: Can you tell from CLI if someone is currently using SDM?

I was just wondering if you were in config mode via the CLI if the SDM would prevent that user from making changes.

No, I didn't test for that and I'll have to rebuild the lab for that test.. later date..

However, the link I posted confirms your initial post...

While a user is in single-user configuration mode, no other users can configure the device.

__

Edison.

New Member

Re: Can you tell from CLI if someone is currently using SDM?

I just tried it on an 1811 running 12.4(6)T3 and the SDM changes *silently* fail and the GUI interface changes to make it appear that things worked...but they didn't!

And, of course, if two CLI users try to make changes, one gets the message:

NEW1811#config t

Configuration mode locked exclusively by user 'dzubin' process '59' from terminal '7'. Please try later.

NEW1811#

New Member

Re: Can you tell from CLI if someone is currently using SDM?

Thanks Edison... So I only see SDM users when they are actually running a command...your explanation makes sense.

127
Views
5
Helpful
9
Replies