Cisco Systems SMC-127 manual System Security Configuration Guide for more, SMC-159

Page 33

Configuring Secure Domain Routers on Cisco IOS XR Software

How to Configure Secure Domain Routers

 

Command or Action

Purpose

Step 4

 

 

aaa authentication login remote local

Enables admin plane authentication.

 

 

The remote keyword specifies a method list that uses

 

Example:

remote non-owner SDR for authentication.

 

RP/0/RP0/CPU0:router(admin-config)# aaa

The local keyword specifies a method list that uses the

 

authentication login remote local

 

local username database method for authentication.

 

 

 

 

The local authentication cannot fail because the system

 

 

always ensures that at least one user is present in the

 

 

local database, and a rollover cannot happen beyond the

 

 

local method.

 

 

Note You can also use other methods to enable AAA

 

 

system accounting, such as TACACS+ or RADIUS

 

 

servers. See “Configuring AAA Services on Cisco

 

 

IOS XR Software” module of the Cisco IOS XR

 

 

System Security Configuration Guide for more

 

 

information.

 

 

Note When logged in to a non-owner SDR using admin

 

 

plane authentication, the admin configuration will

 

 

be displayed. However, admin plane authentication

 

 

should only be used to configure a username and

 

 

password for the non-owner SDR. To perform

 

 

additional configuration tasks, log in with the

 

 

username for the non-owner SDR, as described in

 

 

the following steps.

Step 5

 

 

end

Saves configuration changes.

 

or

When you issue the end command, the system prompts

 

 

 

commit

you to commit changes:

 

 

Uncommitted changes found. Commit them?

 

Example:

Entering yes saves configuration changes to the

 

RP/0/RP0/CPU0:router (admin-config)# end

running configuration file, exits the configuration

 

or

session, and returns the router to EXEC mode.

 

 

 

RP/0/RP0/CPU0:router(admin-config)# commit

Entering no exits the configuration session and

 

 

 

 

returns the router to EXEC mode without

 

 

committing the configuration changes.

 

 

Entering cancel leaves the user in the same

 

 

command mode without committing the

 

 

configuration changes.

 

 

Use the commit command to save the configuration

 

 

changes to the running configuration file and remain

 

 

within the configuration session.

 

 

 

Step 6 Connect a terminal to the console port of the

Note A terminal server connection is required for Telnet

 

non-owner SDR DSDRSC.

connections to the console port because an IP

 

 

address has not yet been assigned to the

 

 

management Ethernet port.

 

 

 

Cisco IOS XR System Management Configuration Guide

SMC-159

Page 32 Page 34
Image 33
Page 32 Page 34
Contents Contents Configuring Secure Domain Routers on Cisco IOS XR SoftwareSMC-128 Prerequisites for Configuring Secure Domain RoutersWhat Is a Secure Domain Router? Information About Configuring Secure Domain RoutersOwner SDR and Administration Configuration Mode SMC-129Non-Owner SDRs SDR Access PrivilegesRoot-System Users SMC-130Root-lr Users Other SDR UsersSMC-131 Designated Secure Domain Router System Controller Dsdrsc DSCs and DSDRSCs in a Cisco CRS-1 RouterSMC-132 SMC-133 DSC and DSDRSCs in a Cisco XR 12000 Series RouterSMC-134 Removing a Dsdrsc Configuration Default Configuration for New Non-Owner SDRsDefault Software Profile for SDRs SMC-135Rebooting an SDR Fault IsolationHigh Availability Implications Dsdrsc RedundancySMC-137 Cisco IOS XR Software Package ManagementSMC-138 DSC Migration on Cisco CRS-1 Multishelf SystemsSMC-139 CaveatsHow to Configure Secure Domain Routers ContentsCreating SDRs SMC-141 Summary StepsCommand or Action Purpose ExampleSMC-142 To assign a single DRP node as the Dsdrsc To assign a DRP pair as the DsdrscTo assign an RP pair as the Dsdrsc SMC-143To add a DRP pair To add a single nodeTo add an RP pair SMC-144SMC-145 Creating SDRs in a 12000 Series RouterSee the DSC and DSDRSCs in a DSDRSCs in a Cisco XR 12000 Series Router section onCisco XR 12000 Series Router section on page SMC-133 SMC-146SMC-147 Refer to the Adding Nodes to a Non-Owner SDR sectionAdding Nodes to a Non-Owner SDR Adding Nodes to an SDR in a Cisco CRS-1 RouterSMC-148 SMC-149 Creating SDRs in a Cisco CRS-1 RouterSMC-150 Adding Nodes to an SDR in a Cisco XR 12000 Series RouterRemoving Nodes and SDRs A Cisco XR 12000 Series Router section onSMC-151 SMC-152 To remove a single node To remove a DsdrscTo remove a DRP pair To remove an RP pairSMC-154 Nodes to an SDR in a Cisco XR 12000 Series Router Section on page SMC-150SMC-155 SMC-156 Removing a Secure Domain RouterSMC-157 Configuring a Username and Password for a Non-Owner SDRSMC-158 Group root-lr End or commit ExitSMC-159 System Security Configuration Guide for moreSMC-160 Disabling Remote Login for SDRs See Disabling Remote Login for SDRs, page SMC-161forSMC-161 Creating a New SDR on a Cisco CRS-1 Router Configuration Examples for Secure Domain RoutersCreating an SDR on a Cisco XR 12000 Series Router SMC-162SMC-163 Related Documents Additional ReferencesStandards MIBsTechnical Assistance RFCsRFCs Title Description LinkSMC-166
Top Page Image Contents