12-30-2008 12:19 PM - edited 03-06-2019 03:11 AM
I just had a funny thing happen... I was doing some config changes on a router at the same time that someone else was doing config changes with SDM. Needless to say, I was confused by the seemingly magical changes to the running config that I wasn't doing! ha ha.
Anyway, is there any way from the CLI to tell that someone is "connected" to the router via SDM? Or should I lock out SDM users by giving the "no ip http server" and "no ip http secure-server" commands first before I start doing CLI changes?
Solved! Go to Solution.
12-30-2008 01:25 PM
Thomas,
As Collin indicated the show users command will be able to display who is connected to the router, SDM or CLI.
The problem with SDM is that is not a persistent connection and the user will be listed when the command is executed and then it's removed from the list.
I tested in my lab - btw, who does the same. I'm connected via console and SDM, only console is shown because I haven't typed any command in SDM.
1#who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
Interface User Mode Idle Peer Address
Now, I'm going to execute a ping on SDM, this should place me in the list.
R1#who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 idle 00:00:03 169.254.1.1
Interface User Mode Idle Peer Address
Once the ping finished, the connection is released by the router.
BTW, what version of IOS are you running? On the newer version of IOS, there is a command to archive config log changes and you should be able to tell who changed the config based on their username.
HTH,
__
Edison.
12-30-2008 12:42 PM
configuration mode exclusive auto will only allow one person at a time to make changes.
I'm pretty sure there is a command to see other users, I'll see if I can dig it up.
Hope that helps.
Update: The command is show users.
12-30-2008 12:57 PM
"show users" only shows CLI users...not SDM users (I'm on both CLI & SDM right this very second so I tested it... only my CLI session shows)
The "configuration mode exclusive" commands also seem to apply only to CLI users and not SDM
12-30-2008 01:25 PM
Thomas,
As Collin indicated the show users command will be able to display who is connected to the router, SDM or CLI.
The problem with SDM is that is not a persistent connection and the user will be listed when the command is executed and then it's removed from the list.
I tested in my lab - btw, who does the same. I'm connected via console and SDM, only console is shown because I haven't typed any command in SDM.
1#who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
Interface User Mode Idle Peer Address
Now, I'm going to execute a ping on SDM, this should place me in the list.
R1#who
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
2 vty 0 idle 00:00:03 169.254.1.1
Interface User Mode Idle Peer Address
Once the ping finished, the connection is released by the router.
BTW, what version of IOS are you running? On the newer version of IOS, there is a command to archive config log changes and you should be able to tell who changed the config based on their username.
HTH,
__
Edison.
12-30-2008 01:38 PM
Edison-
If you still have it labbed up could you test the
configuration mode exclusive auto command and see if it blocks SDM config if a CLI user is in?
12-30-2008 04:50 PM
Collin,
The configuration mode exclusive enables the exclusive configuration lock feature.
Users accessing the device using the state-full, session-based transports (telnet, SSH) are able to enter single-user configuration mode.
However, the lock is placed when you enter in config mode by typing configure terminal lock from the EXEC mode. If you are in EXEC mode, the configuration isn't locked to other users until you type the command above.
For more details, please refer to the documentation:
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_c1.html#wp1030940
HTH,
__
Edison.
12-31-2008 06:10 AM
I am aware of what it does as we use it. I was just wondering if you were in config mode via the CLI if the SDM would prevent that user from making changes.
12-31-2008 07:25 AM
I was just wondering if you were in config mode via the CLI if the SDM would prevent that user from making changes.
No, I didn't test for that and I'll have to rebuild the lab for that test.. later date..
However, the link I posted confirms your initial post...
While a user is in single-user configuration mode, no other users can configure the device.
__
Edison.
12-31-2008 10:15 AM
I just tried it on an 1811 running 12.4(6)T3 and the SDM changes *silently* fail and the GUI interface changes to make it appear that things worked...but they didn't!
And, of course, if two CLI users try to make changes, one gets the message:
NEW1811#config t
Configuration mode locked exclusively by user 'dzubin' process '59' from terminal '7'. Please try later.
NEW1811#
12-30-2008 01:59 PM
Thanks Edison... So I only see SDM users when they are actually running a command...your explanation makes sense.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide