Filter
Top Products
Configuring Secure Domain Routers on Cisco IOS XR Software
Information About Configuring Secure Domain Routers
SMC-130
Cisco IOS XR System Management Configuration Guide
See the “SDR Access Privileges” section on page SMC-130 for more information.
Note The Administration modes cannot be used to configure the features within a non-owner SDR, or view
the router configuration for a non-owner SDR. After the SDR is created, users must log into the
non-owner SDR directly to change the local configuration and manage the SDR. See the “Non-Owner
SDRs” section on page SMC-130 for more information.
Non-Owner SDRs
To create a new non-owner SDR, the root-system user enters Administration configuration mode, defines
a new SDR name, and assigns a set of cards to that SDR. Only a user with root-system privileges can
access the commands in Administration configuration mode. Therefore, users without root-system
privileges cannot create SDRs or assign cards to the SDRs.
After a non-owner SDR is created, the users configured on the non-owner SDR can log in and manage
the router. The configuration for each non-owner SDR is separate from the owner SDR and can be
accessed only by logging in to the non-owner SDR.
See the “SDR Access Privileges” section on page SMC-130 for more information.
Note For information regarding support for non-owner SDRs in the Cisco IOS XR software releases 2.0, 3.0,
3.2 and 3.3.0, see Software Version Requirements for the Cisco XR 12000 Series Router,
page SMC-128.
SDR Access Privileges
Each SDR in a router has a separate AAA configuration that defines usernames, passwords, and
associated privileges.
• Only users with root-system privileges can access the Administration EXEC and Administration
configuration modes. See the “Root-System Users” section on page SMC-130 for more information.
• Users with root-lr privileges can access only the non-owner SDR in which that username was
created. See the “root-lr Users” section on page SMC-131 for more information.
• Users with other access privileges can access features according to their assigned privileges for a
specific SDR. See the “Other SDR Users” section on page SMC-131 for more information.
For more information about AAA policies, refer to Configuring AAA Services on Cisco IOS XR Software
module of the Cisco IOS XR System Security Configuration Guide.
Root-System Users
Users with root-system privileges have access to system-wide features and resources, including the
ability to create and remove secure domain routers. The root-system user is created during the initial boot
and configuration of the router.
The root-system user has the following privileges:
• Access to Administration EXEC and Administration configuration commands.
• Ability to create and delete non-owner SDRs.