cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2371
Views
4
Helpful
3
Replies
benicetomeok
Beginner

error-type application error-tag access-denied on an interface update

Hey, I've searched through the questions for help and am not finding the answer to this one.

Please help me!!  I think there may be a permissions issue?  Or yang's permissions??? dunno??

I am unable to do a 'crud.update' on an interface.

I'm seeing   <rpc-error> <error-type>application</error-type> <error-tag>access-denied</error-tag>

What do I need to do in order to run my python script and do updates on my router???

For starters, on the routers, 'show user tasks' gives me:

  Task:            interface  : READ    WRITE    EXECUTE    DEBUG

So, I'm trying to update the 'mtu' within an interface as seen in code:

(I tried just updating description on another test, same exact error.)

-----------------------------------------------------

from ydk.services import CRUDService

from ydk.providers import NetconfServiceProvider

from ydk.models.cisco_ios_xr import Cisco_IOS_XR_ifmgr_cfg as xr_ifmgr_cfg

import logging

    provider = NetconfServiceProvider(address="xyz.abc", port=830, username="me",password="password",protocol="ssh")

    ## create CRUD service

    crud = CRUDService()

    interface_configuration = xr_ifmgr_cfg.InterfaceConfigurations.InterfaceConfiguration()

    interface_configuration.interface_name ="HundredGigE0/5/0/6"

    # read data from NETCONF device

    interface_configuration = crud.read(provider, interface_configuration)

    # Just print to see what I have currently before changing

    m1=''

    owner1=''

    print type(interface_configuration.mtus.mtu)

    for mtu in interface_configuration.mtus.mtu:

        print 'mtu=', mtu.mtu

        m1=mtu.mtu

        print 'owner=', mtu.owner

        owner1=mtu.owner

    interface_configuration.mtus.mtu[0].mtu = 9200 #    mtu = interface_configuration.mtus.Mtu()

    interface_configuration.mtus.mtu[0].owner = owner1

    interface_configurations = xr_ifmgr_cfg.InterfaceConfigurations()

    interface_configurations.interface_configuration.append(interface_configuration)

    print "Starting the update"

    crud.update(provider, interface_configurations)

    print "Finished the update"

-----------------------------------------------------

However, I am getting output like this:

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">

  <edit-config>

    <target>

      <candidate/>

    </target>

    <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">

      <interface-configurations xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">

        <interface-configuration>

          <active>act</active>

          <interface-name>HundredGigE0/5/0/6</interface-name>

          <description>Big Box to hu0/1/0/1-xyz.abc01</description>

          <ipv4-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg">

            <addresses>

              <primary>

                <address>61.150.26.62</address>

                <netmask>255.255.255.252</netmask>

              </primary>

            </addresses>

          </ipv4-network>

          <ipv6-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg">

            <addresses>

              <regular-addresses>

                <regular-address>

                  <address>1111:222:3333::667</address>

                  <prefix-length>126</prefix-length>

                  <zone>0</zone>

                </regular-address>

              </regular-addresses>

            </addresses>

          </ipv6-network>

          <mtus>

            <mtu>

              <owner>HundredGigE</owner>

              <mtu>9200</mtu>

            </mtu>

          </mtus>

        </interface-configuration>

      </interface-configurations>

    </config>

  </edit-config>

</rpc>

2017-06-28 10:00:11,721 - ydk.providers._provider_plugin - DEBUG -

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network</error-path>

  </rpc-error>

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv6-network</error-path>

  </rpc-error>

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network-forwarding</error-path>

  </rpc-error>

</rpc-reply>

2017-06-28 10:00:11,722 - ydk.services.crud_service - INFO - UPDATE operation completed

-----------------------------------------------------------------

1 ACCEPTED SOLUTION

Accepted Solutions
saalvare
Cisco Employee

Clearly a permission issue on the router side. You may want to share the config on that.  A bit outside the scope of YDK, but someone may be able to help.  If possible, I'd remove permissions and incrementally add them back until the breaking point is found.

View solution in original post

3 REPLIES 3
saalvare
Cisco Employee

Clearly a permission issue on the router side. You may want to share the config on that.  A bit outside the scope of YDK, but someone may be able to help.  If possible, I'd remove permissions and incrementally add them back until the breaking point is found.

View solution in original post

benicetomeok
Beginner

To add to this scenario...

I am able to do interface changes manually.  However, programmatically, I am blocked.  I do run my python script as myself, and have my provider username/password as myself.

Will see if I can post configuration in a bit...

Yes, this has turned out to be just a permissions level thing with the account (my username/password) I was set up with.  The root users, who ran my script for me, with their username/password worked like a champ.

Thanks for your prompt response saalvare

Create
Recognize Your Peers
Content for Community-Ad