Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3804
Views
4
Helpful
3
Replies

error-type application error-tag access-denied on an interface update

Go to solution
benicetomeok
Level 1
Level 1

‎06-28-2017 07:43 AM

Hey, I've searched through the questions for help and am not finding the answer to this one.

Please help me!!  I think there may be a permissions issue?  Or yang's permissions??? dunno??

I am unable to do a 'crud.update' on an interface.

I'm seeing   <rpc-error> <error-type>application</error-type> <error-tag>access-denied</error-tag>

What do I need to do in order to run my python script and do updates on my router???

For starters, on the routers, 'show user tasks' gives me:

  Task:            interface  : READ    WRITE    EXECUTE    DEBUG

So, I'm trying to update the 'mtu' within an interface as seen in code:

(I tried just updating description on another test, same exact error.)

-----------------------------------------------------

from ydk.services import CRUDService

from ydk.providers import NetconfServiceProvider

from ydk.models.cisco_ios_xr import Cisco_IOS_XR_ifmgr_cfg as xr_ifmgr_cfg

import logging

    provider = NetconfServiceProvider(address="xyz.abc", port=830, username="me",password="password",protocol="ssh")

    ## create CRUD service

    crud = CRUDService()

    interface_configuration = xr_ifmgr_cfg.InterfaceConfigurations.InterfaceConfiguration()

    interface_configuration.interface_name ="HundredGigE0/5/0/6"

    # read data from NETCONF device

    interface_configuration = crud.read(provider, interface_configuration)

    # Just print to see what I have currently before changing

    m1=''

    owner1=''

    print type(interface_configuration.mtus.mtu)

    for mtu in interface_configuration.mtus.mtu:

        print 'mtu=', mtu.mtu

        m1=mtu.mtu

        print 'owner=', mtu.owner

        owner1=mtu.owner

    interface_configuration.mtus.mtu[0].mtu = 9200 #    mtu = interface_configuration.mtus.Mtu()

    interface_configuration.mtus.mtu[0].owner = owner1

    interface_configurations = xr_ifmgr_cfg.InterfaceConfigurations()

    interface_configurations.interface_configuration.append(interface_configuration)

    print "Starting the update"

    crud.update(provider, interface_configurations)

    print "Finished the update"

-----------------------------------------------------

However, I am getting output like this:

<rpc xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">

  <edit-config>

    <target>

      <candidate/>

    </target>

    <config xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0">

      <interface-configurations xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">

        <interface-configuration>

          <active>act</active>

          <interface-name>HundredGigE0/5/0/6</interface-name>

          <description>Big Box to hu0/1/0/1-xyz.abc01</description>

          <ipv4-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg">

            <addresses>

              <primary>

                <address>61.150.26.62</address>

                <netmask>255.255.255.252</netmask>

              </primary>

            </addresses>

          </ipv4-network>

          <ipv6-network xmlns="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg">

            <addresses>

              <regular-addresses>

                <regular-address>

                  <address>1111:222:3333::667</address>

                  <prefix-length>126</prefix-length>

                  <zone>0</zone>

                </regular-address>

              </regular-addresses>

            </addresses>

          </ipv6-network>

          <mtus>

            <mtu>

              <owner>HundredGigE</owner>

              <mtu>9200</mtu>

            </mtu>

          </mtus>

        </interface-configuration>

      </interface-configurations>

    </config>

  </edit-config>

</rpc>

2017-06-28 10:00:11,721 - ydk.providers._provider_plugin - DEBUG -

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:93ae4a75-6074-4d59-bd16-95d6fda0569b">

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network</error-path>

  </rpc-error>

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv6-ma-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv6-network</error-path>

  </rpc-error>

  <rpc-error>

    <error-type>application</error-type>

    <error-tag>access-denied</error-tag>

    <error-severity>error</error-severity>

    <error-path ns1="http://cisco.com/ns/yang/Cisco-IOS-XR-ipv4-io-cfg" ns2="http://cisco.com/ns/yang/Cisco-IOS-XR-ifmgr-cfg">ns2:interface-configurations/ns2:interface-configuration[active = 'act' and interface-name = 'HundredGigE0/5/0/6']/ns1:ipv4-network-forwarding</error-path>

  </rpc-error>

</rpc-reply>

2017-06-28 10:00:11,722 - ydk.services.crud_service - INFO - UPDATE operation completed

-----------------------------------------------------------------

1 person had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
saalvare
Cisco Employee
Cisco Employee

‎06-28-2017 08:43 AM

Clearly a permission issue on the router side. You may want to share the config on that.  A bit outside the scope of YDK, but someone may be able to help.  If possible, I'd remove permissions and incrementally add them back until the breaking point is found.

View solution in original post

3 Replies 3

Go to solution
saalvare
Cisco Employee
Cisco Employee

‎06-28-2017 08:43 AM

Clearly a permission issue on the router side. You may want to share the config on that.  A bit outside the scope of YDK, but someone may be able to help.  If possible, I'd remove permissions and incrementally add them back until the breaking point is found.

Go to solution
benicetomeok
Level 1
Level 1

‎06-28-2017 08:55 AM

To add to this scenario...

I am able to do interface changes manually.  However, programmatically, I am blocked.  I do run my python script as myself, and have my provider username/password as myself.

Will see if I can post configuration in a bit...

0 Helpful

Go to solution
benicetomeok
Level 1
Level 1
In response to benicetomeok

‎06-28-2017 10:33 AM

Yes, this has turned out to be just a permissions level thing with the account (my username/password) I was set up with.  The root users, who ran my script for me, with their username/password worked like a champ.

Thanks for your prompt response saalvare

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents