Cisco Catalyst SD-WAN User Management Guide, Releases 26.x and Later

PDF

Manage user group permissions

Updated: April 24, 2026

Want to summarize with AI?

Log in

Describes methods for managing user group permissions across device types, detailing permission structures for both Cisco IOS XE Catalyst SD-WAN devices and Cisco Catalyst Wireless Gateway devices.

User group permissions for Cisco IOS XE Catalyst SD-WAN devices

Table 1. User Group Permissions: Cisco IOS XE Catalyst SD-WAN devices

Feature

Read Permission

Write Permission

Alarms

Set alarm filters and view the alarms generated on the devices on the Monitor > Logs > Alarms page.

Cisco vManage Release 20.6.x and earlier: Set alarm filters and view the alarms generated on the devices on the Monitor > Alarms page.

No additional permissions.

Audit Log

Set audit log filters and view a log of all the activities on the devices on the Monitor > Logs > Alarms page and the Monitor > Logs > Audit Log page.

Cisco vManage Release 20.6.x and earlier: Set audit log filters and view a log of all the activities on the devices on the Monitor > Alarms page and the Monitor > Audit Log page.

No additional permissions.

Certificates

View a list of the devices in the overlay network under Configuration > Certificates > WAN Edge List.

View a certificate signing request (CSR) and certificate on the Configuration > Certificates > Controllers window.

Note

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.13.1a, the Controllers tab is renamed as the Control Components tab to stay consistent with Cisco Catalyst SD-WAN rebranding.

Validate and invalidate a device, stage a device, and send the serial number of valid controller devices to the Cisco Catalyst SD-WAN Validator on the Configuration > Certificates > WAN Edge List window.

Generate a CSR, install a signed certificate, reset the RSA key pair, and invalidate a controller device on the Configuration > Certificates > Controllers window.

Note

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.13.1a, the Controllers tab is renamed as the Control Components tab to stay consistent with Cisco Catalyst SD-WAN rebranding.

CLI Add-On Template

(Minimum supported release: Cisco vManage Release 20.7.1)

View the CLI add-on feature template on the Configuration > Templates window.

Note

This operation requires read permission for Template Configuration.

Create, edit, delete, and copy a CLI add-on feature template on the Configuration > Templates window.

Note

These operations require write permission for Template Configuration.

Note

For information about this option, see Information About Granular RBAC for Feature Templates

Cloud OnRamp

View the cloud applications on theConfiguration > Cloud OnRamp for SaaS and Configuration > Cloud OnRamp for IaaS window.

No additional permissions.

Cluster

View information about the services running on SD-WAN Manager, a list of devices connected to a SD-WAN Manager server, and the services that are available and running on all the SD-WAN Manager servers in the cluster on the Administration > Cluster Management window.

Change the IP address of the current SD-WAN Manager, add a SD-WAN Manager server to the cluster, configure the statistics database, edit, and remove a SD-WAN Manager server from the cluster on the Administration > Cluster Management window.

Colocation

View the cloud applications on the Configuration > Cloud OnRamp for Colocation window.

No additional permissions.

Config Group > Device > Deploy

(Minimum supported release: Cisco vManage Release 20.9.1)

This permission does not provide any functionality.

Deploy a configuration onto Cisco IOS XE Catalyst SD-WAN devices.

Note

To edit an existing feature configuration requires write permission for Template Configuration.

For more details on deploying devices, see Deploy Devices.

Device CLI Template

(Minimum supported release: Cisco vManage Release 20.7.1)

View the device CLI template on the Configuration > Templates window.

Note

This operation requires read permission for Template Configuration.

Create, edit, delete, and copy a device CLI template on the Configuration > Templates window.

Note

These operations require write permission for Template Configuration.

Note

For information about this option, see Information About Granular RBAC for Feature Templates

Device Inventory

View the running and local configuration of devices, a log of template activities, and the status of attaching configuration templates to devices on the Configuration > Devices > WAN Edge List window.

View the running and local configuration of the devices and the status of attaching configuration templates to controller devices on the Configuration > Devices > Controllers window.

Note

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.13.1a, the Controllers tab is renamed as the Control Components tab to stay consistent with Cisco Catalyst SD-WAN rebranding.

Upload a device's authorized serial number file to SD-WAN Manager, toggle a device from SD-WAN Manager configuration mode to CLI mode, copy a device configuration, and delete the device from the network on the Configuration > Devices > WAN Edge List window.

Add and delete controller devices from the overlay network, and edit the IP address and login credentials of a controller device on the Configuration > Devices > Controllers window.

Note

Starting from Cisco IOS XE Catalyst SD-WAN Release 17.13.1a, the Controllers tab is renamed as the Control Components tab to stay consistent with Cisco Catalyst SD-WAN rebranding.

Device Monitoring

View the geographic location of the devices on the Monitor > Geography window.

View events that have occurred on the devices on the Monitor > Logs > Events page.

Cisco vManage Release 20.6.x and earlier: View events that have occurred on the devices on the Monitor > Events page.

View a list of devices in the network, along with device status summary, SD-WAN Application Intelligence Engine (SAIE) and Cflowd flow information, transport location (TLOC) loss, latency, and jitter information, control and tunnel connections, system status, and events on the Monitor > Devices page (only when a device is selected).

Note

In Cisco vManage Release 20.7.x and earlier releases, the SAIE flow is called the deep packet inspection (DPI) flow.

Cisco vManage Release 20.6.x and earlier: Device information is available in the Monitor > Network page.

Ping a device, run a traceroute, and analyze the traffic path for an IP packet on the Monitor > Devices page (only when a device is selected).

Note

These operations require read and write permissions for Device Monitoring.

Device Reboot

View the list of devices on which the reboot operation can be performed on the Maintenance > Device Reboot window.

Reboot one or more devices on the Maintenance > Device Reboot window.

Disaster Recovery

View information about active and standby clusters running on SD-WAN Manager on the Administration > Disaster Recovery window.

No additional permissions.

Events

View the geographic location of the devices on the Monitor > Logs > Events page.

View the geographic location of the devices on the Monitor > Events page.

Ping a device, run a traceroute, and analyze the traffic path for an IP packet on the Monitor > Logs > Events page (only when a device is selected).

Feature Profile > Other > Thousandeyes

(Minimum supported release: Cisco vManage Release 20.9.1)

View the ThousandEyes settings on the Configuration > Templates > (View configuration group) page, in the Other Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the ThousandEyes settings on the Configuration > Templates > (Add or edit configuration group) page, in the Other Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Dhcp

(Minimum supported release: Cisco vManage Release 20.9.1)

View the DHCP settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the DHCP settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Lan/Vpn

(Minimum supported release: Cisco vManage Release 20.9.1)

View the LAN/VPN settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the LAN/VPN settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Lan/Vpn/Interface/Ethernet

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Ethernet Interface settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Ethernet Interface settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Lan/Vpn/Interface/Svi

(Minimum supported release: Cisco vManage Release 20.9.1)

View the SVI Interface settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the SVI Interface settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Routing/Bgp

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Routing/BGP settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Routing/BGP settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Routing/Ospf

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Routing/OSPF settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Routing/OSPF settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Switchport

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Switchport settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Switchport settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Service > Wirelesslan

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Wireless LAN settings on the Configuration > Templates > (View configuration group) page, in the Service Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Wireless LAN settings on the Configuration > Templates > (Add or edit configuration group) page, in the Service Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Interface/Ethernet > Aaa

(Minimum supported release: Cisco vManage Release 20.9.1)

View the AAA settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the AAA settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Interface/Ethernet > Banner

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Banner settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Banner settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Basic

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Basic settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Basic settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Bfd

(Minimum supported release: Cisco vManage Release 20.9.1)

View the BFD settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the BFD settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Global

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Global settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Global settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Logging

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Logging settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Logging settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Ntp

(Minimum supported release: Cisco vManage Release 20.9.1)

View the NTP settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the NTP settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Omp

(Minimum supported release: Cisco vManage Release 20.9.1)

View the OMP settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the OMP settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > System > Snmp

(Minimum supported release: Cisco vManage Release 20.9.1)

View the SNMP settings on the Configuration > Templates > (View configuration group) page, in the System Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the SNMP settings on the Configuration > Templates > (Add or edit configuration group) page, in the System Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Cellular Controller

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Cellular Controller settings on the Configuration > Templates > (View a configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Cellular Controller settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Cellular Profile

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Cellular Profile settings on the Configuration > Templates > (View a configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Cellular Profile settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Management/Vpn

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Management VPN settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Management VPN settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Management/Vpn/Interface/Ethernet

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Management Ethernet Interface settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Management VPN and Management Internet Interface settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Routing/Bgp

(Minimum supported release: Cisco vManage Release 20.9.1)

View the BGP Routing settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the BGP Routing settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Tracker

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Tracker settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Tracker settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Wan/Vpn

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Wan/Vpn settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Wan/Vpn settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Wan/Vpn/Interface/Cellular

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Wan/Vpn/Interface/Cellular settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Wan/Vpn/Interface/Cellular settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Wan/Vpn/Interface/Ethernet

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Wan/Vpn/Interface/Ethernet settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Wan/Vpn/Interface/Ethernet settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Integration Management

View information about controllers running on SD-WAN Manager, on the Administration > Integration Management window.

No additional permissions.

License Management

View license information of devices running on SD-WAN Manager, on the Administration > License Management window.

On the Administration > License Management page, configure use of a Cisco Smart Account, choose licenses to manage, and synchronize license information between SD-WAN Manager and the license server.

Interface

View information about the interfaces on a device on the Monitor > Devices > Interface page.

Cisco vManage Release 20.6.x and earlier: View information about the interfaces on a device on the Monitor > Network > Interface page

Edit Chart Options to select the type of data to display, and edit the time period for which to display data on the Monitor > Devices > Interface page.

Application Monitoring

(Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.12.1)

View the application health of the devices on the Monitor > Applications window.

View the application health of the devices on the Monitor > Applications window.

Manage Users

View users and user groups on the Administration > Manage Users window.

Add, edit, and delete users and user groups from SD-WAN Manager, and edit user group privileges on the Administration > Manage Users window.

Other Feature Templates

(Minimum supported release: Cisco vManage Release 20.7.1)

View all feature templates except the SIG feature template, SIG credential template, and CLI add-on feature template on the Configuration > Templates window.

Note

This operation requires read permission for Template Configuration.

Note

To check the mutual authentication option, you need read permission for certificates. (Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.12.1)

Create, edit, delete, and copy all feature templates except the SIG feature template, SIG credential template, and CLI add-on feature template on the Configuration > Templates window.

Note

These operations require write permission for Template Configuration.

Note

For information about this option, see Information About Granular RBAC for Feature Templates

Note

To check the mutual authentication option, you need write permission for certificates. (Minimum supported release: Cisco Catalyst SD-WAN Manager Release 20.12.1)

Policy

View the common policies for all Cisco Catalyst SD-WAN Controllers or devices in the network on the Configuration > Policies window.

Create, edit, and delete the common policies for all Cisco Catalyst SD-WAN Controllers or devices in the network on the Configuration > Policies window.

Policy Configuration

View the list of policies created and details about them on the Configuration > Policies window.

Create, edit, and delete the common policies for all the Cisco Catalyst SD-WAN Controllers and devices in the network on the Configuration > Policies window.

Policy Deploy

View the current status of the Cisco Catalyst SD-WAN Controllers to which a policy is being applied on the Configuration > Policies window.

Activate and deactivate the common policies for all SD-WAN Manager servers in the network on the Configuration > Policies window.

RBAC VPN

View the VPN groups and segments based on roles on the Monitor > VPN page.

Cisco vManage Release 20.6.x and earlier: View the VPN groups and segments based on roles on the Dashboard > VPN Dashboard page.

Add, edit, and delete VPNs and VPN groups from SD-WAN Manager, and edit VPN group privileges on the Administration > VPN Groups window.

Routing

View real-time routing information for a device on the Monitor > Devices > Real-Time page.

Cisco vManage Release 20.6.x and earlier: View real-time routing information for a device on the Monitor > Network > Real-Time page.

Add command filters to speed up the display of information on the Monitor > Devices > Real-Time page.

Security

View the current status of the Cisco Catalyst SD-WAN Controllers to which a security policy is being applied on the Configuration > Security window.

Activate and deactivate the security policies for all SD-WAN Manager servers in the network on the Configuration > Security window.

Security Policy Configuration

Activate and deactivate the common policies for all SD-WAN Manager servers in the network on the Configuration > Security > Add Security Policy window.

Activate and deactivate the security policies for all SD-WAN Manager servers in the network on the Configuration > Security > Add Security Policy window.

Session Management

View user sessions on the Administration > Manage Users > User Sessions window.

Add, edit, and delete users and user groups from SD-WAN Manager, and edit user sessions on the Administration > Manage Users > User Sessions window.

Settings

View the organization name, Cisco Catalyst SD-WAN Validator DNS or IP address, certificate authorization settings, software version enforced on a device, custom banner on the SD-WAN Manager login page, and the current settings for collecting statistics on the Administration > Settings window.

Edit the organization name, Cisco Catalyst SD-WAN Validator DNS or IP address, certificate authorization settings, software version enforced on a device, custom banner on the SD-WAN Manager login page, current settings for collecting statistics, generate a certificate signing request (CSR) for a web server certificate, and install a certificate on the Administration > Settings window.

SIG Template

(Minimum supported release: Cisco vManage Release 20.7.1)

View the SIG feature template and SIG credential template on the Configuration > Templates window.

Note

This operation requires read permission for Template Configuration.

Create, edit, delete, and copy a SIG feature template and SIG credential template on the Configuration > Templates window.

Note

These operations require write permission for Template Configuration.

Note

For information about this option, see Information About Granular RBAC for Feature Templates

SIG Tunnels

(Minimum supported release: Cisco IOS XE Catalyst SD-WAN Release 17.12.x

View information about the SIG tunnels on the Monitor > Tunnels > SIG Tunnels page.

View information about the SIG tunnels on the Monitor > Tunnels > SIG Tunnels page.

Software Upgrade

View a list of devices, the custom banner on SD-WAN Manager on which a software upgrade can be performed, and the current software version running on a device on the Maintenance > Software Upgrade window.

Upload new software images on devices, upgrade, activate, and delete a software image on a device, and set a software image to be the default image on devices on the Maintenance > Software Upgrade window.

System

View system-wide parameters configured using SD-WAN Manager templates on the Configuration > Templates > Device Templates window.

Note

In Cisco vManage Release 20.7.x and earlier releases, Device Templates is called Device.

Configure system-wide parameters using SD-WAN Manager templates on the Configuration > Templates > Device Templates window.

Note

In Cisco vManage Release 20.7.x and earlier releases, Device Templates is called Device.

Template Configuration

View feature and device templates on the Configuration > Templates window.

Create, edit, delete, and copy a feature or device template on the Configuration > Templates window.

Note

From Cisco vManage Release 20.7.1, to create, edit, or delete a template that is already attached to a device, the user requires write permission for the Template Deploy option.

Template Deploy

View the devices attached to a device template on the Configuration > Templates window.

Attach a device to a device template on the Configuration > Templates window.

Tools

Use the admin tech command to collect the system status information for a device on the Tools > Operational Commands window.

Use the admin tech command to collect the system status information for a device, and use the interface reset command to shut down and then restart an interface on a device in a single operation on the Tools > Operational Commands window.

Rediscover the network to locate new devices and synchronize them with SD-WAN Manager on the Tools > Operational Commands window.

Establish an SSH session to the devices and issue CLI commands on the Tools > Operational Commands window.

vAnalytics

Launch Cisco SD-WAN Analytics from > vAnalytics window.

No additional permissions.

Workflows

Launch workflow library from > Workflows window.

No additional permissions.

Config Group > Device > Deploy

(Minimum supported release: Cisco vManage Release 20.11.1)

View the devices associated to a configuration group on the Configuration > Templates > Edit Configuration Group > Associated Devices window.

Deploy a configuration onto Cisco IOS XE Catalyst SD-WAN devices.

Note

To edit an existing feature configuration requires write permission for Template Configuration.

For more details on deploying devices, see Deploy Devices.

Feature Profile > Transport > IPv4 Tracker and Tracker Group

(Minimum supported release: Cisco vManage Release 20.11.1)

View the IPv4 Tracker and Tracker Group settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the IPv4 Tracker and Tracker Group settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > IPv6 Tracker and Tracker Group

(Minimum supported release: Cisco vManage Release 20.11.1)

View the IPv6 Tracker and Tracker Group settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the IPv6 Tracker and Tracker Group settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Transport > Gps

(Minimum supported release: Cisco vManage Release 20.11.1)

View the GPS settings on the Configuration > Templates > (View configuration group) page, in the Transport & Management Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Gps settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Transport & Management Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Other > APPQoE

(Minimum supported release: Cisco vManage Release 20.11.1)

View the APPQoE settings on the Configuration > Templates > (View configuration group) page, in the Other section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the APPQoE settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Other section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Other > UCSE

(Minimum supported release: Cisco vManage Release 20.11.1)

View the UCSE settings on the Configuration > Templates > (View configuration group) page, in the Other section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the UCSE settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Other section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Wan Profile > Cisco VPN Interface IPSec

(Minimum supported release: Cisco vManage Release 20.11.1)

View the Cisco VPN Interface IPSec settings on the Configuration > Templates > (View configuration group) page, in the Wan Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Cisco VPN Interface IPSec settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Wan Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Wan/Lan Profile > Cisco VPN Interface GRE

(Minimum supported release: Cisco vManage Release 20.11.1)

View the Cisco VPN Interface GRE settings on the Configuration > Templates > (View configuration group) page, in the Wan/Lan Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Cisco VPN Interface GRE settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Wan/Lan Profile section.

Note

These operations require write permission for Template Configuration.

Feature Profile > Lan Profile > Cisco Multicast

(Minimum supported release: Cisco vManage Release 20.11.1)

View the Cisco Multicast settings on the Configuration > Templates > (View configuration group) page, in the Lan Profile section.

Note

This operation requires read permission for Template Configuration.

Create, edit, and delete the Cisco Multicast settings on the Configuration > Templates > (Add or edit a configuration group) page, in the Lan Profile section.

Note

These operations require write permission for Template Configuration.

To create Service, System, and Transport feature profiles using configuration groups, provide read and write permissions for each of these features to access each configuration group.

Permission type

Features

Read and write permissions

Feature Profile > System
Feature Profile > System > AAA

Feature Profile > System > BFD

Feature Profile > System > Banner

Feature Profile > System > Basic

Feature Profile > System > Logging

Feature Profile > System > NTP

Feature Profile > System > OMP

Feature Profile > System > SNMP

Feature Profile > Service

Feature Profile > Service > BFD

Feature Profile > Service > LAN/VPN

Feature Profile > Service > LAN/VPN/Interface/Ethernet

Feature Profile > Service > Routing/BGP

Feature Profile > Service > Routing/OSPF

Feature Profile > Service > Routing/DHCP

Feature Profile > Service > Routing/Multicast

Feature Profile > Transport

Feature Profile > Transport > Routing/BGP

Feature Profile > Transport > WAN/VPN

Feature Profile > Transport > WAN/VPN/Interface/Ethernet
Note

For more details on configuring features using Configuration Groups, see Feature Management.

User group permissions for Cisco Catalyst Wireless Gateway devices

This table lists the user group read or write permissions for Cisco Catalyst Wireless Gateway devices.
Table 2. User group permissions: Cisco Catalyst Wireless Gateway devices

Feature

Read Permission

Write Permission

Feature Profile > Teleworker > Basic

(Minimum supported release: Cisco vManage Release 20.9.1 )

View the basic settings on the Configuration > Templates > (View mobility configuration group) page, in the Global Profile section.

Note

This operation requires read permission for Template Configuration.

Configure tthe basic settings on the Configuration > Templates > (Add or edit mobility configuration group) page, in the Global Profile section.

Note

This operation requires write permission for Template Configuration.

Feature Profile > Teleworker > Cellular

(Minimum supported release: Cisco vManage Release 20.9.1)

View the cellular network settings on the Configuration > Templates > (View mobility configuration group) page, in the Global Profile section.

Note

This operation requires read permission for Template Configuration.

Configure the cellular network settings on the Configuration > Templates > (Add or edit mobility configuration group) page, in the Global Profile section.

Note

This operation requires write permission for Template Configuration.

Feature Profile > Teleworker > Ethernet

(Minimum supported release: Cisco vManage Release 20.9.1)

View the ethernet settings on the Configuration > Templates > (View mobility configuration group) page, in the Global Profile section.

Note

This operation requires read permission for Template Configuration.

Configure the ethernet settings on the Configuration > Templates > (Add or edit mobility configuration group) page, in the Global Profile section.

Note

This operation requires write permission for Template Configuration.

Feature Profile > Teleworker > NetworkProtocol

(Minimum supported release: Cisco vManage Release 20.9.1)

View the network protocol settings on the Configuration > Templates > (View mobility configuration group) page, in the Global Profile section.

Note

This operation requires read permission for Template Configuration.

Configure the network protocol settings on the Configuration > Templates > (Add or edit mobility configuration group) page, in the Global Profile section.

Note

This operation requires write permission for Template Configuration.

Feature Profile > Teleworker > SecurityPolicy

(Minimum supported release: Cisco vManage Release 20.9.1)

View the security policy settings on the Configuration > Templates > (View mobility configuration group) page, in the Global Profile section.

Note

This operation requires read permission for Template Configuration.

Configure the security policy settings on the Configuration > Templates > (Add or edit mobility configuration group) page, in the Global Profile section.

Note

This operation requires write permission for Template Configuration.

Feature Profile > Teleworker > Vpn

(Minimum supported release: Cisco vManage Release 20.9.1)

View the VPN settings on the Configuration > Templates > (View mobility configuration group) page, in the Global Profile section.

Note

This operation requires read permission for Template Configuration.

Configure the VPN settings on the Configuration > Templates > (Add or edit mobility configuration group) page, in the Global Profile section.

Note

This operation requires write permission for Template Configuration.

Feature Profile > Teleworker > Wifi

(Minimum supported release: Cisco vManage Release 20.9.1)

View the Wi-Fi settings on the Configuration > Templates > (View mobility configuration group) page, in the Global Profile section.

Note

This operation requires read permission for Template Configuration.

Configure the Wi-Fi settings on the Configuration > Templates > (Add or edit mobility configuration group) page, in the Global Profile section.

Note

This operation requires write permission for Template Configuration.