This article mainly introduces how to configure the vro for Cisco IOS configuration lock to prevent configuration disorder. I believe this article will help you.
If multiple network administrators connect to the vro at the same time to modify the configurations, the changes may be lost or only part of the content can be executed, resulting in problems in the operation of the entire network. In this article, David Davis will introduce a new feature of the Cisco network operating system: configuration lock, which can be used to prevent this situation.
How can I configure a lock?
As everyone knows, as long as you have the permissions of the network administrator, you can change the running configuration of the router at any time. If you are in charge of a large computer mall or a team of several technical personnel, this new feature of the Cisco network operating system can help you control the change of operating configurations. It can be used to control configuration changes. because it includes the Access session lock function, it is called a configuration lock. The following shows the content of this command:
Router (config) # configuration mode exclusive {auto | manual} [expire seconds] [lock-show] [interleave] [terminate] [config_wait seconds] [retry_wait seconds]
The lock configuration function supports automatic or manual settings. I personally think most network administrators will choose to set the settings to work in automatic mode.
How to configure the lock in automatic mode
In automatic mode, activating the lock configuration function is very simple.
Router (config) # configuration mode exclusive auto
If you choose to use the automatic keyword setting, it will automatically lock the related configuration at the time when you use the terminal to configure the router. If you select manual keyword setting, it will lock the configuration at the time when the keyword is used. Let's take a few examples to see how powerful this function is.
If you choose to use the manual keyword mode, you must enable the lock configuration function every time you enter the global configuration mode. Therefore, you must add a keyword at the end of the vro configuration using the terminal as shown in the following example:
Router # configure terminal lock
Enter configuration commands, one per line. End with CNTL/Z
Router (config )#
Display the lock configuration command
How can I understand the running status of the configured lock? How can I know if someone is modifying the config file? You can use the show lock configuration command to complete the corresponding work. Note that the command output results are completely different when no lock or lock is available.
· Output results when no one is Edited:
Router (config) # show configuration lock
Parser Configure Lock
Owner PID: 10
User: User3
TTY: 3
Type: EXCLUSIVE
State: LOCKED
Class: Exposed
Count: 0
Pending Requests: 0
User debug info: 0
· Output result when someone is editing:
Router # show configuration lock
Parser Configure Lock
------------------
Owner PID: 3
User: unknown
TTY: 0
Type: EXCLUSIVE
State: LOCKED
Class: EXPOSED
Count: 1
Pending Requests: 0
User debug info: configure terminal
Session idle state: TRUE
No of exec cmds getting executed: 0
No of exec cmds blocked: 0
Config wait for show completion: FALSE
Remote ip address: Unknown
Lock active time (in Sec): 6
Lock expirationtimer (in Sec): 593
Router (config )#
Note that the effect of the lock configuration function is temporary. In this case, the network administrator should exit the configuration mode of the Cisco network operating system as soon as possible. When another network administrator attempts to remotely log on to the vro, the user name may be incorrect due to the exclusive lock function. With its help, it is more convenient to modify the running configuration. To some extent, this is a good opportunity to reevaluate the existing network management rules to understand the actual network operation. You should also create new rules based on the problems that arise to make the work of the network administrator more effective.
This is a good opportunity. I will briefly introduce the rollback function of the exclusive lock. It can be used when your administrator tries to restore the running configuration to the saved configuration copy. This feature is not exactly the same as the configuration rollback feature. It will replace all current operating configurations of the Cisco network operating system. However, there are also some restrictions. This feature is available in the Access session lock mode. It supports operations such as displaying the execution status of related commands when the configuration is modified. For more information, visit the Cisco Official Website: Configuration Replace and Configuration Rollback ).
For network management, the configuration lock function provided by Cisco network operating system is a very important component. You can use this function to lock the running configurations of other network administrators and even view the command execution status. You can also set the time of the configuration lock to ensure that the effect of configuration changes can be displayed. With the help of the lock configuration function, the level and efficiency of the network will be maximized. For more information, log on to Cisco's official website: Exclusive Configuration Change Access (Config Lock ).