Configuring Secure Domain Routers on Cisco IOS XR Software

Information About Configuring Secure Domain Routers

See the “SDR Access Privileges” section on page SMC-130for more information.

Note The Administration modes cannot be used to configure the features within a non-owner SDR, or view the router configuration for a non-owner SDR. After the SDR is created, users must log into the non-owner SDR directly to change the local configuration and manage the SDR. See the “Non-Owner SDRs” section on page SMC-130for more information.

Non-Owner SDRs

To create a new non-owner SDR, the root-system user enters Administration configuration mode, defines a new SDR name, and assigns a set of cards to that SDR. Only a user with root-system privileges can access the commands in Administration configuration mode. Therefore, users without root-system privileges cannot create SDRs or assign cards to the SDRs.

After a non-owner SDR is created, the users configured on the non-owner SDR can log in and manage the router. The configuration for each non-owner SDR is separate from the owner SDR and can be accessed only by logging in to the non-owner SDR.

See the “SDR Access Privileges” section on page SMC-130for more information.

Note For information regarding support for non-owner SDRs in the Cisco IOS XR software releases 2.0, 3.0,

3.2and 3.3.0, see Software Version Requirements for the Cisco XR 12000 Series Router, page SMC-128.

SDR Access Privileges

Each SDR in a router has a separate AAA configuration that defines usernames, passwords, and associated privileges.

Only users with root-system privileges can access the Administration EXEC and Administration configuration modes. See the “Root-System Users” section on page SMC-130for more information.

Users with root-lr privileges can access only the non-owner SDR in which that username was created. See the “root-lr Users” section on page SMC-131for more information.

Users with other access privileges can access features according to their assigned privileges for a specific SDR. See the “Other SDR Users” section on page SMC-131for more information.

For more information about AAA policies, refer to Configuring AAA Services on Cisco IOS XR Software module of the Cisco IOS XR System Security Configuration Guide.

Root-System Users

Users with root-system privileges have access to system-wide features and resources, including the ability to create and remove secure domain routers. The root-system user is created during the initial boot and configuration of the router.

The root-system user has the following privileges:

Access to Administration EXEC and Administration configuration commands.

Ability to create and delete non-owner SDRs.

Cisco IOS XR System Management Configuration Guide

SMC-130

Page 4
Image 4
Cisco Systems SMC-127 manual Non-Owner SDRs, SDR Access Privileges, Root-System Users, SMC-130