Ever busy with a scheduled change, and the configuration all of a sudden differs from what you configured five minutes ago?
Normal IOS (not XR) behaviour allows multiple users to make instant changes to the running configuration. Occasionally two users make changes to the same config portion at the same time. One overwriting the others. ONLY the last commands entered will take effect.
The Configuration Lock feature allows a one to have exclusive change access to the Cisco IOS running configuration, preventing multiple users from making concurrent configuration changes.
There are two modes:
The Auto option will lock the configuration and give exclusive access to the first user that enters configuration mode by entering ‘config terminal’. This option is configured with the command:
Router# configure terminal Router(config)# configuration mode exclusive auto Router(config)# exit Router# configure terminal '<---- Locks configuration mode exclusively.'
The Manual option will only lock configuration access if the manually enabled. This is my preferred choice. The manual option must first be enabled but exclusively enabled.
Router# configure terminal Router(config)# configuration mode exclusive manual Router(config)# exit Router# configure terminal lock Enter configuration commands, one per line. End with CNTL/Z. *Feb 05 17:02:45.928: Configuration mode locked exclusively. The lock will be cleared once you exit out of configuration mode using end/exit
At any time, an individual can see who has the configuration access locked, by using the following command (if TACACS is configured the username would show):
Router# show configuration lock