Saturday, October 18, 2008

Config mode lock - auto and manual

I stumbled upon this command while browsing the doc cd. It allows you to lock global configuration mode so only 1 user can access it at a time. Here is how it works.

R6-----R7

On R6 we have the following:

R6(config)#configuration mode exclusive auto
R6(config)#username cisco pass cisco
R6(config)#line vty 0 4
R6(config-line)#login local

If you exit out of global config mode now and go back, you will see this message:

R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
*Oct 19 03:42:03.710: Configuration mode locked exclusively. The lock will be cleared once you exit out of configuration mode using end/exit

On R7 we telnet to R6:

R7#telnet 200.0.0.6
Trying 200.0.0.6 ... Open
CCC Blah, Blah, Blah... If you are not an authorized user, go away!

User Access Verification

Username: cisco
Password:
R6>en

Next we try to enter global config mode but we are denied:

R6#conf t
Configuration mode locked exclusively by user 'unknown' process '3' from terminal '0'. Please try later.
R6#

Back on R6 console we can verify the lock is in place:

R6(config)#do show configuration lock
Parser Configure Lock
---------------------
Owner PID : 3
User : unknown
TTY : 0
Type : EXCLUSIVE
State : LOCKED
Class : EXPOSED
Count : 1
Pending Requests : 0
User debug info : configure terminal
R6(config)#

You can also configure a manual lock with the following command:

R6(config)#configuration mode exclusive manual

With this command, another user can still enter config mode:

R7#telnet 200.0.0.6
Trying 200.0.0.6 ... Open
CCC Blah, Blah, Blah... If you are not an authorized user, go away!

User Access Verification

Username: cisco
Password:
R6>en
Password:
R6#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#

To lock the mode we have to manually lock it upon entering global config mode:

R6#conf term ?
lock Lock configuration mode


R6#conf term lock
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#
*Oct 19 03:55:16.806: Configuration mode locked exclusively. The lock will be cleared once you exit out of configuration mode using end/exit
R6(config)#

Now R7 console we are still in global config mode, we didn't get kicked out. But if we leave, we can't go back:

R6(config)#
R6(config)#exit
R6#conf t
Configuration mode locked exclusively by user 'unknown' process '3' from terminal '0'. Please try later.
R6#
posted by deadhead blues at 8:33 PM
Labels:

2 comments:

  1. mrityunjay singhDecember 3, 2012 at 11:39 AM

    thank u so so much sir it has helped me a lot. i got many post nothing this explains everythings with the output.so thanks again..

    ReplyDelete
  2. mrityunjay singhDecember 3, 2012 at 11:41 AM

    is there any other command which can lock configuration mode apart from configuration exclusive mode command.....plz help

    ReplyDelete

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)