Cisco Systems SMC-127 manual Root-lr Users, Other SDR Users, SMC-131

Page 5

Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

Ability to assign nodes (RPs, DRPs, and LCs) to SDRs.

Ability to create other users with similar or lower privileges.

Complete authority over the chassis.

Ability to log in to non-owner SDRs using admin plane authentication. Admin plane authentication allows the root-system user to log in to a non-owner SDR regardless of the configuration set by the root-lr user. See the “Configuring a Username and Password for a Non-Owner SDR” section on page SMC-157

Ability to install and activate software packages for all SDRs or for a specific SDR.

Ability to view the following admin plane events (owner SDR logging system only):

Software installation operations and events.

System card boot operations, such as card booting notifications and errors, heartbeat-missed notifications, and card reloads.

Card alphanumeric display changes.

Environment monitoring events and alarms.

Fabric control events.

Upgrade progress information.

root-lr Users

Note SDRs were previously known as Logical Routers (LRs). The name was changed for Release 3.3.0.

Users with root-lr privileges can log in to the non-owner SDR only and perform configuration tasks that are specific to that SDR. The root-lr group has the following privileges:

Ability to configure interfaces and protocols.

Ability to create other users with similar or lower privileges on the non-owner SDR.

Ability to view the resources assigned to their particular SDR.

The following restrictions apply to root-lr users:

root-lr users cannot enter Administration EXEC or configuration modes.

root-lr users cannot create or remove SDRs.

root-lr users cannot add or remove nodes from an SDR.

root-lr users cannot create root-system users.

The highest privilege a non-owner SDR user can have is root-lr.

Other SDR Users

Additional usernames and passwords can be created by the root-system or root-lr users to provide more restricted access to the configuration and management capabilities of the owner SDR or non-owner SDRs.

Cisco IOS XR System Management Configuration Guide

SMC-131

Page 4 Page 6
Image 5
Page 4 Page 6
Contents Contents Configuring Secure Domain Routers on Cisco IOS XR SoftwareSMC-128 Prerequisites for Configuring Secure Domain RoutersWhat Is a Secure Domain Router? Information About Configuring Secure Domain RoutersOwner SDR and Administration Configuration Mode SMC-129Non-Owner SDRs SDR Access PrivilegesRoot-System Users SMC-130SMC-131 Root-lr UsersOther SDR Users SMC-132 Designated Secure Domain Router System Controller DsdrscDSCs and DSDRSCs in a Cisco CRS-1 Router SMC-133 DSC and DSDRSCs in a Cisco XR 12000 Series RouterSMC-134 Removing a Dsdrsc Configuration Default Configuration for New Non-Owner SDRsDefault Software Profile for SDRs SMC-135Rebooting an SDR Fault IsolationHigh Availability Implications Dsdrsc RedundancySMC-137 Cisco IOS XR Software Package ManagementSMC-138 DSC Migration on Cisco CRS-1 Multishelf SystemsSMC-139 CaveatsCreating SDRs How to Configure Secure Domain RoutersContents SMC-141 Summary StepsSMC-142 Command or Action PurposeExample To assign a single DRP node as the Dsdrsc To assign a DRP pair as the DsdrscTo assign an RP pair as the Dsdrsc SMC-143To add a DRP pair To add a single nodeTo add an RP pair SMC-144SMC-145 Creating SDRs in a 12000 Series RouterSee the DSC and DSDRSCs in a DSDRSCs in a Cisco XR 12000 Series Router section onCisco XR 12000 Series Router section on page SMC-133 SMC-146SMC-147 Refer to the Adding Nodes to a Non-Owner SDR sectionSMC-148 Adding Nodes to a Non-Owner SDRAdding Nodes to an SDR in a Cisco CRS-1 Router SMC-149 Creating SDRs in a Cisco CRS-1 RouterSMC-150 Adding Nodes to an SDR in a Cisco XR 12000 Series RouterSMC-151 Removing Nodes and SDRsA Cisco XR 12000 Series Router section on SMC-152 To remove a single node To remove a DsdrscTo remove a DRP pair To remove an RP pairSMC-154 SMC-155 Nodes to an SDR in a Cisco XR 12000 Series RouterSection on page SMC-150 SMC-156 Removing a Secure Domain RouterSMC-157 Configuring a Username and Password for a Non-Owner SDRSMC-158 Group root-lr End or commit ExitSMC-159 System Security Configuration Guide for moreSMC-160 SMC-161 Disabling Remote Login for SDRsSee Disabling Remote Login for SDRs, page SMC-161for Creating a New SDR on a Cisco CRS-1 Router Configuration Examples for Secure Domain RoutersCreating an SDR on a Cisco XR 12000 Series Router SMC-162SMC-163 Related Documents Additional ReferencesStandards MIBsTechnical Assistance RFCsRFCs Title Description LinkSMC-166
Top Page Image Contents