The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Exclusive Configuration Change Access (also called the “Configuration Lock” feature) allows you to have exclusive change access to the Cisco IOS XE running configuration, preventing multiple users from making concurrent configuration changes.
The Access Session Locking addition to this feature extends the Exclusive Configuration Change Access feature such that show and debug commands entered by the user holding the configuration lock always have execution priority; show and debug commands entered by other users are only allowed to run after the processes initiated by the configuration lock owner have finished.
The Exclusive Configuration Change Access feature (“exposed lock”) is complementary with the locking mechanism in the Configuration Replace and Configuration Rollback feature (“rollback lock”).
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Devices running Cisco IOS software maintain a running configuration that determines the configuration state of the device. Changes to the running configuration alter the behavior of the device. Because Cisco IOS software allows multiple users to change the running configuration via the device CLI (including the device console and telnet Secure Shell (SSH)), in some operating environments it would be beneficial to prevent multiple users from making concurrent changes to the Cisco IOS running configuration. Temporarily limiting access to the Cisco IOS running configuration prevents inadvertent conflicts or cases where two users attempt to configure the same portion of the running configuration.
The Exclusive Configuration Change Access feature (also called the “Configuration Lock” feature) allows you to have exclusive change access to the Cisco IOS running configuration, preventing multiple users from making concurrent configuration changes.
This feature provides exclusive change access to the Cisco IOS running configuration from the time you enter global configuration mode by using the configure terminal command. This gives the effect of a “configuration lock,” preventing other users from changing the Cisco IOS running configuration. The configuration lock is automatically released when the user exits Cisco IOS configuration mode.
The Exclusive Configuration Change Access feature is enabled using the configuration mode exclusive command in global configuration mode. Exclusive configuration change access can be set to auto, so that the Cisco IOS configuration mode is locked whenever anyone uses the configure terminal command, or it can be set to manual, so that the Cisco IOS configuration mode is locked only when the configure terminal lock command is issued.
The Exclusive Configuration Change Access feature is complementary with the locking mechanism for the Configuration Replace and Configuration Rollback feature introduced in Cisco IOS Release 12.2(25)S and 12.3(7)T.
The Access Session Locking feature extends the Exclusive Configuration Change Access feature such that show and debug commands entered by the user holding the configuration lock always have execution priority. This feature prevents concurrent configuration access and also provides an option to prevent simultaneous processes, such as a show command entered by another user, from executing while other configuration commands are being executed. When this feature is enabled, the commands entered by the user with the configuration lock (such as configuration commands) always have priority over commands entered by other users.
Note | Effective with Cisco IOS Release 12.2(33)SRE, the Exclusive Configuration Change Access and Access Session Locking feature is not available in Cisco IOS software. Use the Parser Concurrency and Locking Improvements feature instead of this feature. See the “Enabling Parser Concurrency and Locking Improvements” section for more information. |
1.
enable
2.
configure
terminal
3.
configuration
mode
exclusive
4.
end
Perform this task to obtain exclusive configuration change access manually for the duration of your configuration session. Use the lock keyword with the configure terminal command.
1.
enable
2.
configure
terminal
3.
configure
terminal
lock
4. Configure the system by entering your changes to the running configuration.
Perform either or both steps in this task to monitor or troubleshoot the Exclusive Configuration Change Access and Access Session Locking feature.
1.
show
configuration
lock
2.
debug
configuration
lock
Step 1 |
show
configuration
lock
Use this command to display the status and details of any current configuration locks, including the owner, user, terminal, lock state, and lock class. If you cannot enter global configuration mode, you can use this command to determine if the configuration session is locked by another user, and who that user is. Example: Router# show configuration lock Config Session Lock ------------------------------------------------------ Owner PID : 543 TTY number : 2 TTY username : unknown User debug info : CLI Session Lock Lock Active time (in Sec) : 63 Router(config)# |
Step 2 |
debug
configuration
lock
Use this command to enable debugging of Cisco IOS configuration locks (exposed class locks or rollback class locks): Example: Router# debug configuration lock Session1 from console ========================== Router# configure terminal lock Configuration mode locked exclusively. The lock will be cleared once you exit out of configuration mode using end/exit Enter configuration commands, one per line. End with CNTL/Z. Router(config)# Parser : LOCK REQUEST in EXCLUSIVE mode Parser: <configure terminal lock> - Config. Lock requested by process <3> client <PARSER Client> Parser: <configure terminal lock> - Config. Lock acquired successfully ! Router(config)# |
The following example shows how to enable the exclusive lock in auto mode for single-user auto configuration mode using the configurationmodeexclusive command. Once the Cisco IOS configuration file is locked exclusively, you can verify this configuration by using the showconfigurationlockcommand.
Router# configure terminal Router(config)# configuration mode exclusive Router(config)# exit Router# configure terminal ! Locks configuration mode exclusively. Router# show configuration lock Parser Configure Lock Owner PID : 10 User : User1 TTY : 3 Type : EXCLUSIVE State : LOCKED Class : Exposed Count : 0 Pending Requests : 0 User debug info : 0
The following example shows how to enable the exclusive locking feature in manual mode by using the configure terminal lock command. Use the configure terminal lock command to lock manually. In this mode, the configure terminal command will not automatically lock the parser configuration mode.
Router# configure terminal Router# configure terminal lock Enter configuration commands, one per line. End with CNTL/Z. *Mar 25 17:02:45.928: Configuration mode locked exclusively. The lock will be cleared once you exit out of configuration mode using end/exit
The following sections provide references related to locking the configuration.
Related Topic |
Document Title |
---|---|
Commands for managing configuration files |
Cisco IOS Configuration Management Command Reference |
Information about managing configuration files |
Managing Configuration Files |
Standard |
Title |
---|---|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
-- |
MIB |
MIBs Link |
---|---|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFC |
Title |
---|---|
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature. |
-- |
Description |
Link |
---|---|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |