Cisco Systems SMC-127 manual SMC-134

Page 8

Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

Designated System Controller (DSC) in a Cisco XR 12000 Series Router

The first RP to be booted with the Cisco IOS XR software in a Cisco XR 12000 Series Router will become the Designated System Controller (DSC) for the router. This DSC is also the DSDRSC for the owner SDR. The DSC (owner DSDRSC) cannot be removed from the router configuration or reassigned to another SDR. For more information on bringing up a router for the first time, refer to Cisco IOS XR Getting Started Guide.

A second RP can be used as the standby DSC. The standby DSC is also the standby DSDRSC for the owner SDR. The RP becomes the standby DSC if the following conditional are met:

The RP is installed in an adjacent redundancy slot to the DSC.

The RP is booted with the Cisco IOS XR software.

Additional RPs can be installed in the router, but they will be non-operational until the following conditions are met:

The additional RPs are booted with the Cisco IOS XR software.

The RPs are added to a non-owner SDR configuration.

Designated Secure Domain Router System Controller (DSDRSC) in a Cisco XR 12000 Series Router

Up to two RPs can be added to a non-owner SDR configuration.

The first RP running the Cisco IOS XR software that is added to the SDR configuration will become the DSDRSC.

If a second RP running the Cisco IOS XR software is installed in an adjacent redundancy slot, it will become the standby DSDRSC when added to the SDR configuration.

If two RPs running the Cisco IOS XR software are installed in adjacent redundancy slots and are added to a new SDR at the same time, they will automatically elect a DSDRSC and standby DSDRSC between them.

Any RPs added to the SDR that are not in the adjacent redundancy slot to the DSDRSC will be non-operational.

Note Additional RPs that are not the DSDRSC or standby DSDRSC can be added to an SDR configuration, but they will not be operational. These additional RPs will repetitively reset to prevent them from booting and interfering with other cards in the SDR. In addition, the DSC console will display repetitive error messages. We recommend that you either remove RP cards or assign them to a different SDR.

Once a DSDRSC is configured for an SDR, an RP installed in the adjacent redundancy slot can only be assigned to that SDR. This is because adjacent redundancy slots form a redundancy pair that cannot be separated by SDR boundaries. For example, if the DSDRSC is installed in slot 2, an RP installed in slot 3 can only be assigned to the same SDR (as the standby DSDRSC).

RPs that are installed on slots that are not adjacent redundancy slots can be assigned to different SDRs. For example, two RPs installed in slot 0 and slot 1 can only be configured as the DSDRSC and standby DSDRSC because they are installed in adjacent redundancy slots. However, two RPs installed in slot 1 and slot 2 can be used for different SDRs because these are not adjacent redundancy slots.

Cisco IOS XR System Management Configuration Guide

SMC-134

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Configuring Secure Domain Routers on Cisco IOS XR Software ContentsPrerequisites for Configuring Secure Domain Routers SMC-128Information About Configuring Secure Domain Routers What Is a Secure Domain Router?Owner SDR and Administration Configuration Mode SMC-129SDR Access Privileges Non-Owner SDRsRoot-System Users SMC-130SMC-131 Root-lr UsersOther SDR Users SMC-132 Designated Secure Domain Router System Controller DsdrscDSCs and DSDRSCs in a Cisco CRS-1 Router DSC and DSDRSCs in a Cisco XR 12000 Series Router SMC-133SMC-134 Default Configuration for New Non-Owner SDRs Removing a Dsdrsc ConfigurationDefault Software Profile for SDRs SMC-135Fault Isolation Rebooting an SDRHigh Availability Implications Dsdrsc RedundancyCisco IOS XR Software Package Management SMC-137DSC Migration on Cisco CRS-1 Multishelf Systems SMC-138Caveats SMC-139Creating SDRs How to Configure Secure Domain RoutersContents Summary Steps SMC-141SMC-142 Command or Action PurposeExample To assign a DRP pair as the Dsdrsc To assign a single DRP node as the DsdrscTo assign an RP pair as the Dsdrsc SMC-143To add a single node To add a DRP pairTo add an RP pair SMC-144Creating SDRs in a 12000 Series Router SMC-145DSDRSCs in a Cisco XR 12000 Series Router section on See the DSC and DSDRSCs in aCisco XR 12000 Series Router section on page SMC-133 SMC-146Refer to the Adding Nodes to a Non-Owner SDR section SMC-147SMC-148 Adding Nodes to a Non-Owner SDRAdding Nodes to an SDR in a Cisco CRS-1 Router Creating SDRs in a Cisco CRS-1 Router SMC-149Adding Nodes to an SDR in a Cisco XR 12000 Series Router SMC-150SMC-151 Removing Nodes and SDRsA Cisco XR 12000 Series Router section on SMC-152 To remove a Dsdrsc To remove a single nodeTo remove a DRP pair To remove an RP pairSMC-154 SMC-155 Nodes to an SDR in a Cisco XR 12000 Series RouterSection on page SMC-150 Removing a Secure Domain Router SMC-156Configuring a Username and Password for a Non-Owner SDR SMC-157Group root-lr End or commit Exit SMC-158System Security Configuration Guide for more SMC-159SMC-160 SMC-161 Disabling Remote Login for SDRsSee Disabling Remote Login for SDRs, page SMC-161for Configuration Examples for Secure Domain Routers Creating a New SDR on a Cisco CRS-1 RouterCreating an SDR on a Cisco XR 12000 Series Router SMC-162SMC-163 Additional References Related DocumentsStandards MIBsRFCs Technical AssistanceRFCs Title Description LinkSMC-166
Top Page Image Contents