Cisco Systems SMC-127 manual Non-Owner SDRs, SDR Access Privileges, Root-System Users, SMC-130

Page 4

Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

See the “SDR Access Privileges” section on page SMC-130for more information.

Note The Administration modes cannot be used to configure the features within a non-owner SDR, or view the router configuration for a non-owner SDR. After the SDR is created, users must log into the non-owner SDR directly to change the local configuration and manage the SDR. See the “Non-Owner SDRs” section on page SMC-130for more information.

Non-Owner SDRs

To create a new non-owner SDR, the root-system user enters Administration configuration mode, defines a new SDR name, and assigns a set of cards to that SDR. Only a user with root-system privileges can access the commands in Administration configuration mode. Therefore, users without root-system privileges cannot create SDRs or assign cards to the SDRs.

After a non-owner SDR is created, the users configured on the non-owner SDR can log in and manage the router. The configuration for each non-owner SDR is separate from the owner SDR and can be accessed only by logging in to the non-owner SDR.

See the “SDR Access Privileges” section on page SMC-130for more information.

Note For information regarding support for non-owner SDRs in the Cisco IOS XR software releases 2.0, 3.0,

3.2and 3.3.0, see Software Version Requirements for the Cisco XR 12000 Series Router, page SMC-128.

SDR Access Privileges

Each SDR in a router has a separate AAA configuration that defines usernames, passwords, and associated privileges.

Only users with root-system privileges can access the Administration EXEC and Administration configuration modes. See the “Root-System Users” section on page SMC-130for more information.

Users with root-lr privileges can access only the non-owner SDR in which that username was created. See the “root-lr Users” section on page SMC-131for more information.

Users with other access privileges can access features according to their assigned privileges for a specific SDR. See the “Other SDR Users” section on page SMC-131for more information.

For more information about AAA policies, refer to Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Root-System Users

Users with root-system privileges have access to system-wide features and resources, including the ability to create and remove secure domain routers. The root-system user is created during the initial boot and configuration of the router.

The root-system user has the following privileges:

Access to Administration EXEC and Administration configuration commands.

Ability to create and delete non-owner SDRs.

Cisco IOS XR System Management Configuration Guide

SMC-130

Page 3 Page 5
Image 4
Page 3 Page 5
Contents Configuring Secure Domain Routers on Cisco IOS XR Software ContentsPrerequisites for Configuring Secure Domain Routers SMC-128Information About Configuring Secure Domain Routers What Is a Secure Domain Router?Owner SDR and Administration Configuration Mode SMC-129SDR Access Privileges Non-Owner SDRsRoot-System Users SMC-130Other SDR Users Root-lr UsersSMC-131 DSCs and DSDRSCs in a Cisco CRS-1 Router Designated Secure Domain Router System Controller DsdrscSMC-132 DSC and DSDRSCs in a Cisco XR 12000 Series Router SMC-133SMC-134 Default Configuration for New Non-Owner SDRs Removing a Dsdrsc ConfigurationDefault Software Profile for SDRs SMC-135Fault Isolation Rebooting an SDRHigh Availability Implications Dsdrsc RedundancyCisco IOS XR Software Package Management SMC-137DSC Migration on Cisco CRS-1 Multishelf Systems SMC-138Caveats SMC-139Contents How to Configure Secure Domain RoutersCreating SDRs Summary Steps SMC-141Example Command or Action PurposeSMC-142 To assign a DRP pair as the Dsdrsc To assign a single DRP node as the DsdrscTo assign an RP pair as the Dsdrsc SMC-143To add a single node To add a DRP pairTo add an RP pair SMC-144Creating SDRs in a 12000 Series Router SMC-145DSDRSCs in a Cisco XR 12000 Series Router section on See the DSC and DSDRSCs in aCisco XR 12000 Series Router section on page SMC-133 SMC-146Refer to the Adding Nodes to a Non-Owner SDR section SMC-147Adding Nodes to an SDR in a Cisco CRS-1 Router Adding Nodes to a Non-Owner SDRSMC-148 Creating SDRs in a Cisco CRS-1 Router SMC-149Adding Nodes to an SDR in a Cisco XR 12000 Series Router SMC-150A Cisco XR 12000 Series Router section on Removing Nodes and SDRsSMC-151 SMC-152 To remove a Dsdrsc To remove a single nodeTo remove a DRP pair To remove an RP pairSMC-154 Section on page SMC-150 Nodes to an SDR in a Cisco XR 12000 Series RouterSMC-155 Removing a Secure Domain Router SMC-156Configuring a Username and Password for a Non-Owner SDR SMC-157Group root-lr End or commit Exit SMC-158System Security Configuration Guide for more SMC-159SMC-160 See Disabling Remote Login for SDRs, page SMC-161for Disabling Remote Login for SDRsSMC-161 Configuration Examples for Secure Domain Routers Creating a New SDR on a Cisco CRS-1 RouterCreating an SDR on a Cisco XR 12000 Series Router SMC-162SMC-163 Additional References Related DocumentsStandards MIBsRFCs Technical AssistanceRFCs Title Description LinkSMC-166
Top Page Image Contents