Cisco Systems SMC-127 manual Prerequisites for Configuring Secure Domain Routers, SMC-128

Page 2

Configuring Secure Domain Routers on Cisco IOS XR Software

Prerequisites for Configuring Secure Domain Routers

Prerequisites for Configuring Secure Domain Routers

Before configuring SDRs, the following conditions must be met:

Initial configuration

The router must be running the Cisco IOS XR software, including a Designated System Controller (DSC).

The root-system username and password must be assigned as part of the initial configuration.

For more information on booting a router and performing initial configuration, refer to Cisco IOS XR Getting Started Guide.

Required cards for each SDR

In Cisco CRS-1 routers, an additional RP pair, DRP or DRP pair must be installed in each line card (LC) chassis to manage each SDR in the system.

In Cisco XR 12000 Series Routers, an additional RP or RP pair must be installed to manage each SDR in the system.

For additional information on DRPs, refer to Cisco CRS-1 Carrier Routing System 16-Slot Line Card Chassis System Description. For instructions on installing DRPs, refer to Installing the Cisco CRS-1 Carrier Routing System 16-Slot Line Card Chassis.

Task ID requirements

You must be in a user group associated with a task group that includes the proper task IDs for SDR commands.

For detailed information about user groups and task IDs, see the Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Software Version Requirements for the Cisco XR 12000 Series Router

Multiple SDRs, including non-owner SDRs, are supported on Cisco XR 12000 Series Router running Cisco IOS XR Software Release 3.2 or higher.

Software Version Requirements for the Cisco CRS-1

Cisco IOS XR Software Releases 2.0, 3.0, and 3.2 support only one owner SDR on the Cisco CRS-1. Multiple (non-owner) SDRs are not supported in these releases. The owner SDR cannot be added or removed from the configuration.

Multiple SDRs, including non-owner SDRs, are supported on Cisco CRS-1 running Cisco IOS XR Software Release 3.3.0 or higher.

Maximum SDR configurations

The Cisco CRS-1 supports a maximum of eight SDRs, including one owner SDR and up to seven non-owner SDRs.

For the Cisco XR 12000 Series Router, we recommend a maximum of four SDRs, including one owner SDR and up to three non-owner SDRs.

Cisco IOS XR System Management Configuration Guide

SMC-128

Image 2
Contents Configuring Secure Domain Routers on Cisco IOS XR Software ContentsPrerequisites for Configuring Secure Domain Routers SMC-128Owner SDR and Administration Configuration Mode Information About Configuring Secure Domain RoutersWhat Is a Secure Domain Router? SMC-129Root-System Users SDR Access PrivilegesNon-Owner SDRs SMC-130SMC-131 Root-lr UsersOther SDR Users SMC-132 Designated Secure Domain Router System Controller DsdrscDSCs and DSDRSCs in a Cisco CRS-1 Router DSC and DSDRSCs in a Cisco XR 12000 Series Router SMC-133SMC-134 Default Software Profile for SDRs Default Configuration for New Non-Owner SDRsRemoving a Dsdrsc Configuration SMC-135High Availability Implications Fault IsolationRebooting an SDR Dsdrsc RedundancyCisco IOS XR Software Package Management SMC-137DSC Migration on Cisco CRS-1 Multishelf Systems SMC-138Caveats SMC-139Creating SDRs How to Configure Secure Domain RoutersContents Summary Steps SMC-141SMC-142 Command or Action PurposeExample To assign an RP pair as the Dsdrsc To assign a DRP pair as the DsdrscTo assign a single DRP node as the Dsdrsc SMC-143To add an RP pair To add a single nodeTo add a DRP pair SMC-144Creating SDRs in a 12000 Series Router SMC-145Cisco XR 12000 Series Router section on page SMC-133 DSDRSCs in a Cisco XR 12000 Series Router section onSee the DSC and DSDRSCs in a SMC-146Refer to the Adding Nodes to a Non-Owner SDR section SMC-147SMC-148 Adding Nodes to a Non-Owner SDRAdding Nodes to an SDR in a Cisco CRS-1 Router Creating SDRs in a Cisco CRS-1 Router SMC-149Adding Nodes to an SDR in a Cisco XR 12000 Series Router SMC-150SMC-151 Removing Nodes and SDRsA Cisco XR 12000 Series Router section on SMC-152 To remove a DRP pair To remove a DsdrscTo remove a single node To remove an RP pairSMC-154 SMC-155 Nodes to an SDR in a Cisco XR 12000 Series RouterSection on page SMC-150 Removing a Secure Domain Router SMC-156Configuring a Username and Password for a Non-Owner SDR SMC-157Group root-lr End or commit Exit SMC-158System Security Configuration Guide for more SMC-159SMC-160 SMC-161 Disabling Remote Login for SDRsSee Disabling Remote Login for SDRs, page SMC-161for Creating an SDR on a Cisco XR 12000 Series Router Configuration Examples for Secure Domain RoutersCreating a New SDR on a Cisco CRS-1 Router SMC-162SMC-163 Standards Additional ReferencesRelated Documents MIBsRFCs Title RFCsTechnical Assistance Description LinkSMC-166