Change VACM for SNMP (CHGVACSNMP)

The Change View-based Access Control Model (VACM) for SNMP (CHGVACSNMP) command changes a VACM rule for the local Simple Network Management Protocol (SNMP) agent. VACM rules provide the ability to restrict or allow access to all or parts of the SNMP Management Information Base (MIB) provided by the local SNMP agent. When configuring VACM rules, it's important to consider the following:

Restrictions:

Parameters

Keyword Description Choices Notes
RULNAME Rule name Name Required, Key, Positional 1
ACCTYPE Access type *SAME, *INCLUDE, *EXCLUDE Optional
VIEWTYPE View type Single values: *SAME, *ALL
Other values (up to 2 repetitions): *READ, *WRITE, *NOTIFY
Optional
OBJID Object identifiers Single values: *SAME, *ALL
Other values (up to 10 repetitions): Character value, *HOSTHDW, *HOSTRSC, *HOSTSFW, *HOSTSYS, *ICMP, *IFCTBL, *IP, *SYSTEM, *TCP, *UDP
Optional
USRNAME User names Single values: *SAME, *ALL
Other values (up to 32 repetitions): Character value
Optional

Rule name (RULNAME)

Specifies the name of the VACM rule being changed.

This is a required parameter.

character-value
Specify the name of the VACM rule being changed. A rule name must be a minimum of 1 character and no more than 10 characters in length.

Access type (ACCTYPE)

Specifies the access type for this rule in the VACM configuration.

*SAME
The access type for this rule does not change.
*INCLUDE
Specifies a rule for including access to OIDs.
*EXCLUDE
Specifies a rule for excluding access to OIDs.

View type (VIEWTYPE)

Specifies the view type for this rule in the VACM configuration. The view type determines whether the rule applies to SNMP read, write, or notify operations. Up to 3 values may be specified.

Single values

*SAME
The view type for this rule does not change.
*ALL
Specifies that this rule applies to all types of SNMP operations.

Other values

*READ
Specifies that this rule applies to read operations (get, get-next, and get-bulk).
*WRITE
Specifies that this rule applies to write operations (set).
*NOTIFY
Specifies that this rule applies to notification operations (trap and inform).

Object identifiers (OBJID)

Specifies the object identifiers (OIDs) for this rule in the VACM configuration. The OIDs can specify either a sub-tree or a specific object in the SNMP agent's Management Information Base (MIB). This also includes OIDs managed by sub-agents. Up to 10 values may be specified.

Single values

*SAME
The OIDs for this rule are not changed.
*ALL
Specifies that this rule applies to all OIDs. The sub-tree OID corresponding to this rule is 1..

Other values

*HOSTHDW
Specifies that this rule applies to OIDs in the host resources MIB for hardware resources. The sub-tree OIDs corresponding to this rule are 1.3.6.1.2.1.25.2 (hrStorage) and 1.3.6.1.2.1.25.3 (hrDevice).
*HOSTRSC
Specifies that this rule applies to all OIDs in the host resources MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.25 (host).
*HOSTSFW
Specifies that this rule applies to OIDs in the host resources MIB for software resources. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.25.6 (hrSWInstalled).
*HOSTSYS
Specifies that this rule applies to OIDs in the host resources MIB for system information. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.25.1 (hrSystem).
*ICMP
Specifies that this rule applies to OIDs in the Internet Control Message Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.5 (icmp).
*IFCTBL
Specifies that this rule applies to OIDs for the interface table. The sub-tree OIDs corresponding to this rule are 1.3.6.1.2.1.2.1 (ifNumber) and 1.3.6.1.2.1.2.2 (ifTable).
*IP
Specifies that this rule applies to OIDs in the Internet Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.4 (ip).
*SYSTEM
Specifies that this rule applies to OIDs in the system group. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.1 (system).
*TCP
Specifies that this rule applies to OIDs in the Transmission Control Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.6 (tcp).
*UDP
Specifies that this rule applies to OIDs in the User Datagram Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.7 (udp).
character-value
Specify an OID for a sub-tree in the SNMP agent or sub-agent's MIB. An OID is a series of integers separated by periods. The entire OID value must be enclosed in apostrophes.

User names (USRNAME)

Specifies the list of SNMPv3 users for this rule in the VACM configuration. The specified users must exist in the SNMPv3 configuration at the time this command is run. Up to 32 users may be specified.

*SAME
The list of SNMPv3 users does not change.
*ALL
Specifies that this rule applies to all configured SNMPv3 users.

Other values

character-value
Specify the name of an existing SNMPv3 user.

Examples

None

Error messages

*ESCAPE Messages

TCP4001
Error occurred accessing SNMP configuration information.
TCP404E
VACM rule &1 not changed.
TCP8050
*IOSYSCFG authority required to use &1.