Cisco Systems SMC-127 manual Information About Configuring Secure Domain Routers, SMC-129

Page 3

Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

Information About Configuring Secure Domain Routers

Review the following topics before configuring secure domain routers:

What Is a Secure Domain Router?, page SMC-129

Owner SDR and Administration Configuration Mode, page SMC-129

Non-Owner SDRs, page SMC-130

SDR Access Privileges, page SMC-130

Root-System Users, page SMC-130

root-lr Users, page SMC-131

Other SDR Users, page SMC-131

Designated Secure Domain Router System Controller (DSDRSC), page SMC-132

DSCs and DSDRSCs in a Cisco CRS-1 Router, page SMC-132

DSC and DSDRSCs in a Cisco XR 12000 Series Router, page SMC-133

High Availability Implications, page SMC-136

Cisco IOS XR Software Package Management, page SMC-137

DSC Migration on Cisco CRS-1 Multishelf Systems, page SMC-138

Caveats, page SMC-139

What Is a Secure Domain Router?

Cisco routers running Cisco IOS XR software can be partitioned into multiple, independent routers known as secure domain routers (SDRs). SDRs are a means of dividing a single physical system into multiple logically separated routers. SDRs perform routing functions the same as a physical router, but they share resources with the rest of the system. For example, the software, configurations, protocols, and routing tables assigned to an SDR belong to that SDR only, but other functions, such as chassis-control and switch fabric, are shared with the rest of the system.

Owner SDR and Administration Configuration Mode

The owner SDR is created at system startup and cannot be removed. This owner SDR performs system-wide functions, including the creation of additional non-ownerSDRs. You cannot create the owner SDR because it always exists, nor can you completely remove the owner SDR, because it is necessary to manage the router. By default, all nodes in the system belong to the owner SDR.

The owner SDR also provides access to the Administration EXEC and Administration configuration modes. Only users with root-system privileges can access the Administration modes by logging in to the primary Route Processor for the owner SDR (called the Designated Shelf Controller, or DSC).

Administration modes are used for the following purposes:

Create and remove additional non-owner SDRs

Assign nodes to the non-owner SDRs

View the configured SDRs in the system.

View and manage system-wide resources and logs.

Cisco IOS XR System Management Configuration Guide

SMC-129

Page 2 Page 4
Image 3
Page 2 Page 4
Contents Contents Configuring Secure Domain Routers on Cisco IOS XR SoftwareSMC-128 Prerequisites for Configuring Secure Domain RoutersSMC-129 Information About Configuring Secure Domain RoutersWhat Is a Secure Domain Router? Owner SDR and Administration Configuration ModeSMC-130 SDR Access PrivilegesNon-Owner SDRs Root-System UsersRoot-lr Users Other SDR UsersSMC-131 Designated Secure Domain Router System Controller Dsdrsc DSCs and DSDRSCs in a Cisco CRS-1 RouterSMC-132 SMC-133 DSC and DSDRSCs in a Cisco XR 12000 Series RouterSMC-134 SMC-135 Default Configuration for New Non-Owner SDRsRemoving a Dsdrsc Configuration Default Software Profile for SDRsDsdrsc Redundancy Fault IsolationRebooting an SDR High Availability ImplicationsSMC-137 Cisco IOS XR Software Package ManagementSMC-138 DSC Migration on Cisco CRS-1 Multishelf SystemsSMC-139 CaveatsHow to Configure Secure Domain Routers ContentsCreating SDRs SMC-141 Summary StepsCommand or Action Purpose ExampleSMC-142 SMC-143 To assign a DRP pair as the DsdrscTo assign a single DRP node as the Dsdrsc To assign an RP pair as the DsdrscSMC-144 To add a single nodeTo add a DRP pair To add an RP pairSMC-145 Creating SDRs in a 12000 Series RouterSMC-146 DSDRSCs in a Cisco XR 12000 Series Router section onSee the DSC and DSDRSCs in a Cisco XR 12000 Series Router section on page SMC-133SMC-147 Refer to the Adding Nodes to a Non-Owner SDR sectionAdding Nodes to a Non-Owner SDR Adding Nodes to an SDR in a Cisco CRS-1 RouterSMC-148 SMC-149 Creating SDRs in a Cisco CRS-1 RouterSMC-150 Adding Nodes to an SDR in a Cisco XR 12000 Series RouterRemoving Nodes and SDRs A Cisco XR 12000 Series Router section onSMC-151 SMC-152 To remove an RP pair To remove a DsdrscTo remove a single node To remove a DRP pairSMC-154 Nodes to an SDR in a Cisco XR 12000 Series Router Section on page SMC-150SMC-155 SMC-156 Removing a Secure Domain RouterSMC-157 Configuring a Username and Password for a Non-Owner SDRSMC-158 Group root-lr End or commit ExitSMC-159 System Security Configuration Guide for moreSMC-160 Disabling Remote Login for SDRs See Disabling Remote Login for SDRs, page SMC-161forSMC-161 SMC-162 Configuration Examples for Secure Domain RoutersCreating a New SDR on a Cisco CRS-1 Router Creating an SDR on a Cisco XR 12000 Series RouterSMC-163 MIBs Additional ReferencesRelated Documents StandardsDescription Link RFCsTechnical Assistance RFCs TitleSMC-166
Top Page Image Contents