Cisco Systems SMC-127 manual Designated Secure Domain Router System Controller Dsdrsc, SMC-132

Page 6

Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

Designated Secure Domain Router System Controller (DSDRSC)

In a router running the Cisco IOS XR software, one Route Processor is assigned the role of Designated System Controller (DSC). The DSC provides system-wide administration and control capability, including access to the Administration EXEC and Administration configuration modes. For more information on DSCs, refer to Cisco IOS XR Getting Started Guide.

In each SDR, similar administration and control capabilities are provided by the Designated Secure Domain Router System Controller (DSDRSC). Each SDR must include a DSDRSC to operate, and you must assign an RP or DRP to act as the dSDRSC.

Note In the owner SDR, the DSC also provides DSDRSC functionality.

The following sections describe DSDRSC support:

DSCs and DSDRSCs in a Cisco CRS-1 Router, page SMC-132

DSC and DSDRSCs in a Cisco XR 12000 Series Router, page SMC-133

Removing a DSDRSC Configuration, page SMC-135

DSCs and DSDRSCs in a Cisco CRS-1 Router

Designated System Controller (DSC) in a Cisco CRS-1

In the Cisco CRS-1, the primary and standby DSC is always an RP pair. By default, the DSC is also the DSDRSC for the owner SDR. The owner DSDRSCs cannot be removed from the SDR configuration, or assigned to a non-owner SDR.

For information on DSC assignment and initial router configuration, refer to Cisco IOS XR Getting Started Guide.

Using a DRP or DRP Pair as the DSDRSC in a Cisco CRS-1 Router

Cisco Systems recommends the use of DRPs as the DSDRSC in non-owner SDRs to ensure DSC migration capability, as described in the “DSC Migration on Cisco CRS-1 Multishelf Systems” section on page SMC-136.

To create a DRP DSDRSC in a non-owner SDR, you must configure a DRP or DRP pair as the primary node for that SDR. The following guidelines apply:

Although a single DRP can be used as the DSDRSC, we recommend the use of a redundant DRP pair.

To create a DRP pair and configure it as the DSDRSC, complete the instructions in the “Creating SDRs in a Cisco CRS-1 Router” section on page SMC-140.

DRPs cannot be used as the DSC in the owner SDR. Only RPs can be used as the DSC in the owner SDR.

DRPs cannot be assigned as the DSDRSC if an RP is present in the SDR. To assign a DRP as the DSDRSC, you must first remove any RPs from the SDR configuration, and then add the DRP or DRP pair as the primary node. After the DRP is assigned as the DSDRSC, the RPs can be added to the SDR. See the “How to Configure Secure Domain Routers” section on page SMC-140for more information.

Cisco IOS XR System Management Configuration Guide

SMC-132

Page 5 Page 7
Image 6
Page 5 Page 7
Contents Configuring Secure Domain Routers on Cisco IOS XR Software ContentsPrerequisites for Configuring Secure Domain Routers SMC-128Owner SDR and Administration Configuration Mode Information About Configuring Secure Domain RoutersWhat Is a Secure Domain Router? SMC-129Root-System Users SDR Access PrivilegesNon-Owner SDRs SMC-130Root-lr Users Other SDR UsersSMC-131 Designated Secure Domain Router System Controller Dsdrsc DSCs and DSDRSCs in a Cisco CRS-1 RouterSMC-132 DSC and DSDRSCs in a Cisco XR 12000 Series Router SMC-133SMC-134 Default Software Profile for SDRs Default Configuration for New Non-Owner SDRsRemoving a Dsdrsc Configuration SMC-135High Availability Implications Fault IsolationRebooting an SDR Dsdrsc RedundancyCisco IOS XR Software Package Management SMC-137DSC Migration on Cisco CRS-1 Multishelf Systems SMC-138Caveats SMC-139How to Configure Secure Domain Routers ContentsCreating SDRs Summary Steps SMC-141Command or Action Purpose ExampleSMC-142 To assign an RP pair as the Dsdrsc To assign a DRP pair as the DsdrscTo assign a single DRP node as the Dsdrsc SMC-143To add an RP pair To add a single nodeTo add a DRP pair SMC-144Creating SDRs in a 12000 Series Router SMC-145Cisco XR 12000 Series Router section on page SMC-133 DSDRSCs in a Cisco XR 12000 Series Router section onSee the DSC and DSDRSCs in a SMC-146Refer to the Adding Nodes to a Non-Owner SDR section SMC-147Adding Nodes to a Non-Owner SDR Adding Nodes to an SDR in a Cisco CRS-1 RouterSMC-148 Creating SDRs in a Cisco CRS-1 Router SMC-149Adding Nodes to an SDR in a Cisco XR 12000 Series Router SMC-150Removing Nodes and SDRs A Cisco XR 12000 Series Router section onSMC-151 SMC-152 To remove a DRP pair To remove a DsdrscTo remove a single node To remove an RP pairSMC-154 Nodes to an SDR in a Cisco XR 12000 Series Router Section on page SMC-150SMC-155 Removing a Secure Domain Router SMC-156Configuring a Username and Password for a Non-Owner SDR SMC-157Group root-lr End or commit Exit SMC-158System Security Configuration Guide for more SMC-159SMC-160 Disabling Remote Login for SDRs See Disabling Remote Login for SDRs, page SMC-161forSMC-161 Creating an SDR on a Cisco XR 12000 Series Router Configuration Examples for Secure Domain RoutersCreating a New SDR on a Cisco CRS-1 Router SMC-162SMC-163 Standards Additional ReferencesRelated Documents MIBsRFCs Title RFCsTechnical Assistance Description LinkSMC-166
Top Page Image Contents