Cisco SD-WAN vSmart CLI Template

ReneMolenaar · August 2, 2021, 6:42pm

This topic is to discuss the following lesson:

jeromypolachak · February 22, 2022, 6:25pm

When trying to do this in a lab I am getting the error:

Device failed to process request. Error type : application Error tag : access-denied

I have googled the error but the fix about removing the ciscotacro and ciscotacrw couldn’t be done as well

vSmart(config-aaa)# no user ciscotacro group operator
Error: access denied

lagapidis · February 24, 2022, 7:01am

Hello Jeromy

After doing some research, I have found that this seems to be a bug that appears occasionally. Some bug reports do indeed suggest the fix you mentioned, while others state that it has to do with a manually configured ip routing command on the vEdge. These involve releases 17.3.1 20.3 20.3.1 20.4 20.4.1, and cEdge-16.10.1 respectively. Rene used version 19.3.0 in his lessons.

The only thing I can suggest is to see if you can obtain the same version as Rene to duplicate his implementation. Otherwise, you can troubleshoot using Cisco TAC (if this is a production network) or other workarounds posted online.

Let us know how your troubleshooting comes along!

I hope this has been helpful!

Laz

gogosb · August 8, 2022, 3:03pm

Hi Jeromy,

The same at my side. You can solve it if you delete the ciscotacro and ciscotacrw from the template. It is not supported now:
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvu69248

cylemmulo · December 30, 2022, 8:37pm

I concur I had this same problem with version 20.3.2. Just went to the copied config and deleted the ciscotacro and ciscotacrw accounts from it.

roger.correadantas · June 13, 2023, 11:53pm

It worked here too, by removing the lines below from the created template:

user ciscotacro
description CiscoTACReadOnly
group operator
status enabled
!
user ciscotacrw
description CiscoTACReadWrite
group netadmin
status enabled
!

sathish84be · November 21, 2024, 8:35pm

Hello @cylemmulo
i did the same but still getting same error.

lagapidis · November 25, 2024, 5:16am

Hello Sathish

It sounds like a frustrating issue, as you can see from previous posts, you’re not alone in encountering it! Based on what’s been shared in this thread, many users have resolved this problem by removing the ciscotacro and ciscotacrw accounts from their templates, as these are no longer supported.

If you’ve already done this and still face the error, here are a few additional troubleshooting suggestions:

Check the Bug CSCvu69248: Ensure that your software version is compatible and doesn’t have known issues mentioned in this post, beyond what’s already mentioned.
Validate the template syntax: If you’re editing via a template, ensure there are no syntax errors or missing mandatory commands.
Use direct device CLI: Try applying the change directly on the device CLI to verify whether the issue is related to the template or vManage.
Check for lingering configurations: On the device, ensure there are no residual references to ciscotacro or ciscotacrw.

Let us know how it goes, or if you’ve tried these steps already, we can explore further!

I hope this has been helpful!

Laz