Configuring Secure Domain Routers on Cisco IOS XR Software

How to Configure Secure Domain Routers

 

Command or Action

Purpose

Step 4

 

 

aaa authentication login remote local

Enables admin plane authentication.

 

 

The remote keyword specifies a method list that uses

 

Example:

remote non-owner SDR for authentication.

 

RP/0/RP0/CPU0:router(admin-config)# aaa

The local keyword specifies a method list that uses the

 

authentication login remote local

 

local username database method for authentication.

 

 

 

 

The local authentication cannot fail because the system

 

 

always ensures that at least one user is present in the

 

 

local database, and a rollover cannot happen beyond the

 

 

local method.

 

 

Note You can also use other methods to enable AAA

 

 

system accounting, such as TACACS+ or RADIUS

 

 

servers. See “Configuring AAA Services on Cisco

 

 

IOS XR Software” module of the Cisco IOS XR

 

 

System Security Configuration Guide for more

 

 

information.

 

 

Note When logged in to a non-owner SDR using admin

 

 

plane authentication, the admin configuration will

 

 

be displayed. However, admin plane authentication

 

 

should only be used to configure a username and

 

 

password for the non-owner SDR. To perform

 

 

additional configuration tasks, log in with the

 

 

username for the non-owner SDR, as described in

 

 

the following steps.

Step 5

 

 

end

Saves configuration changes.

 

or

When you issue the end command, the system prompts

 

 

 

commit

you to commit changes:

 

 

Uncommitted changes found. Commit them?

 

Example:

Entering yes saves configuration changes to the

 

RP/0/RP0/CPU0:router (admin-config)# end

running configuration file, exits the configuration

 

or

session, and returns the router to EXEC mode.

 

 

 

RP/0/RP0/CPU0:router(admin-config)# commit

Entering no exits the configuration session and

 

 

 

 

returns the router to EXEC mode without

 

 

committing the configuration changes.

 

 

Entering cancel leaves the user in the same

 

 

command mode without committing the

 

 

configuration changes.

 

 

Use the commit command to save the configuration

 

 

changes to the running configuration file and remain

 

 

within the configuration session.

 

 

 

Step 6 Connect a terminal to the console port of the

Note A terminal server connection is required for Telnet

 

non-owner SDR DSDRSC.

connections to the console port because an IP

 

 

address has not yet been assigned to the

 

 

management Ethernet port.

 

 

 

Cisco IOS XR System Management Configuration Guide

SMC-159

Page 33
Image 33
Cisco Systems SMC-127 manual System Security Configuration Guide for more, SMC-159