I’m trying to use a SEMP v1 command to change the access level exception for a user in a specific message VPN, but I’m encountering a schema validation error.
I tried cli-to-semp command but it’s giving me the following error :
Unexpected parameter(s): access-level-exception at /usr/sw/loads/currentload/scripts/cli-to-semp line 82.
Could someone help me understand why this command is not valid or how I could correct it to comply with the SEMP v1 schema? Any guidance or examples would be greatly appreciated.
Thank you in advance!
There isn’t an exact 1-to-1 mapping between CLI and SEMPv1… for example, there’s no XML tag called “configure” in the SEMPv1 RPC schema. You can find the schema inside the broker directory /usr/sw/loads/currentload/schema/ But it’s kind of hard to read at first.
cli-to-semp utility is great for “show” commands, and easy one-liners. It’s harder for configuration commands because sometimes you need to use multiple RPC POSTs to configure an object. For what you’re trying to do, you actually need two SEMPv1 commands: one to create the VPN exception, and then one to define/specify it. Here, I have an existing CLI user called aaron-ro that’s a global read-only user, and I’m going to add a exception for VPN gw with “read-write” permissions:
