Cisco Systems SMC-127 Network Router User Manual


  Open as PDF
of 40
 
Configuring Secure Domain Routers on Cisco IOS XR Software
Information About Configuring Secure Domain Routers
SMC-131
Cisco IOS XR System Management Configuration Guide
Ability to assign nodes (RPs, DRPs, and LCs) to SDRs.
Ability to create other users with similar or lower privileges.
Complete authority over the chassis.
Ability to log in to non-owner SDRs using admin plane authentication. Admin plane authentication
allows the root-system user to log in to a non-owner SDR regardless of the configuration set by the
root-lr user. See the “Configuring a Username and Password for a Non-Owner SDR” section on
page SMC-157
Ability to install and activate software packages for all SDRs or for a specific SDR.
Ability to view the following admin plane events (owner SDR logging system only):
Software installation operations and events.
System card boot operations, such as card booting notifications and errors, heartbeat-missed
notifications, and card reloads.
Card alphanumeric display changes.
Environment monitoring events and alarms.
Fabric control events.
Upgrade progress information.
root-lr Users
Note SDRs were previously known as Logical Routers (LRs). The name was changed for Release 3.3.0.
Users with root-lr privileges can log in to the non-owner SDR only and perform configuration tasks that
are specific to that SDR. The root-lr group has the following privileges:
Ability to configure interfaces and protocols.
Ability to create other users with similar or lower privileges on the non-owner SDR.
Ability to view the resources assigned to their particular SDR.
The following restrictions apply to root-lr users:
root-lr users cannot enter Administration EXEC or configuration modes.
root-lr users cannot create or remove SDRs.
root-lr users cannot add or remove nodes from an SDR.
root-lr users cannot create root-system users.
The highest privilege a non-owner SDR user can have is root-lr.
Other SDR Users
Additional usernames and passwords can be created by the root-system or root-lr users to provide more
restricted access to the configuration and management capabilities of the owner SDR or non-owner
SDRs.
 previous next