VOOZH about

URL: https://www.ibm.com/docs/api/v1/content/ssw_ibm_i_75/cl/chgvacsnmp.htm

⇱ Change VACM for SNMP (CHGVACSNMP)

Change VACM for SNMP (CHGVACSNMP)

Where allowed to run: All environments (*ALL)
Threadsafe: No 		Parameters
Examples
Error messages

The Change View-based Access Control Model (VACM) for SNMP (CHGVACSNMP) command changes a VACM rule for the local Simple Network Management Protocol (SNMP) agent. VACM rules provide the ability to restrict or allow access to all or parts of the SNMP Management Information Base (MIB) provided by the local SNMP agent. When configuring VACM rules, it's important to consider the following:

  • An OBJID for a rule matches an OID in an SNMP message if every integer in the OBJID matches consecutively the same integers in the OID. For example, OBJID('1.3.6.25') matches OID 1.3.6.25.1.2 but it does not match OID 1.3.6.20.1.
  • A rule that is a more precise match of the OID being validated takes precedence over a less precise matching rule. For example, if the OID 1.3.6.25.1 is being processed, a rule that specifies OBJID('1.3.6.25') takes precedence over a rule that specifies OBJID('1.3.6').
  • A rule that specifies ACCTYPE(*INCLUDE) takes precedence over a rule that specifies ACCTYPE(*EXCLUDE) if both rules match the same number of integers in the OID. For example, if OID 1.3.6.25.1 is being processed, a rule that specifies ACCTYPE(*INCLUDE) and OBJID('1.3.6') takes precedence over a rule that specifies ACCTYPE(*EXCLUDE) and OBJID('1.3.6').
  • The system does not support configuring local VACM rules via SNMP set requests sent to the local SNMP agent. All VACM configuration must be done using CL commands.
  • The local SNMP agent does not need to be ended and restarted in order to configure VACM rules, however, configuring VACM while the SNMP agent is active will affect its performance.
  • VACM rules do not apply to SNMP version 1 (SNMPv1) messages. It is recommended that SNMPv1 be disabled by setting the Allow SNMPv3 (ALWSNMPV3) parameter of the Change SNMP Attributes (CHGSNMPA) command to either *V3ONLY or *V3AGENT.
  • VACM rules do not apply to SNMPv3 engine ID discovery or time synchronization operations.

Restrictions:

  • You must have input/output system configuration (*IOSYSCFG) special authority to use this command.
Top
Keyword Description Choices Notes
RULNAME Rule name Name Required, Key, Positional 1
ACCTYPE Access type *SAME, *INCLUDE, *EXCLUDE Optional
VIEWTYPE View type Single values: *SAME, *ALL
Other values (up to 2 repetitions): *READ, *WRITE, *NOTIFY		 Optional
OBJID Object identifiers Single values: *SAME, *ALL
Other values (up to 10 repetitions): Character value, *HOSTHDW, *HOSTRSC, *HOSTSFW, *HOSTSYS, *ICMP, *IFCTBL, *IP, *SYSTEM, *TCP, *UDP		 Optional
USRNAME User names Single values: *SAME, *ALL
Other values (up to 32 repetitions): Character value		 Optional
Top

Rule name (RULNAME)

Specifies the name of the VACM rule being changed.

This is a required parameter.

character-value
Specify the name of the VACM rule being changed. A rule name must be a minimum of 1 character and no more than 10 characters in length.
Top

Access type (ACCTYPE)

Specifies the access type for this rule in the VACM configuration.

*SAME
The access type for this rule does not change.
*INCLUDE
Specifies a rule for including access to OIDs.
*EXCLUDE
Specifies a rule for excluding access to OIDs.
Top

View type (VIEWTYPE)

Specifies the view type for this rule in the VACM configuration. The view type determines whether the rule applies to SNMP read, write, or notify operations. Up to 3 values may be specified.

Single values

*SAME
The view type for this rule does not change.
*ALL
Specifies that this rule applies to all types of SNMP operations.

Other values

*READ
Specifies that this rule applies to read operations (get, get-next, and get-bulk).
*WRITE
Specifies that this rule applies to write operations (set).
*NOTIFY
Specifies that this rule applies to notification operations (trap and inform).
Top

Object identifiers (OBJID)

Specifies the object identifiers (OIDs) for this rule in the VACM configuration. The OIDs can specify either a sub-tree or a specific object in the SNMP agent's Management Information Base (MIB). This also includes OIDs managed by sub-agents. Up to 10 values may be specified.

Single values

*SAME
The OIDs for this rule are not changed.
*ALL
Specifies that this rule applies to all OIDs. The sub-tree OID corresponding to this rule is 1..

Other values

*HOSTHDW
Specifies that this rule applies to OIDs in the host resources MIB for hardware resources. The sub-tree OIDs corresponding to this rule are 1.3.6.1.2.1.25.2 (hrStorage) and 1.3.6.1.2.1.25.3 (hrDevice).
*HOSTRSC
Specifies that this rule applies to all OIDs in the host resources MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.25 (host).
*HOSTSFW
Specifies that this rule applies to OIDs in the host resources MIB for software resources. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.25.6 (hrSWInstalled).
*HOSTSYS
Specifies that this rule applies to OIDs in the host resources MIB for system information. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.25.1 (hrSystem).
*ICMP
Specifies that this rule applies to OIDs in the Internet Control Message Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.5 (icmp).
*IFCTBL
Specifies that this rule applies to OIDs for the interface table. The sub-tree OIDs corresponding to this rule are 1.3.6.1.2.1.2.1 (ifNumber) and 1.3.6.1.2.1.2.2 (ifTable).
*IP
Specifies that this rule applies to OIDs in the Internet Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.4 (ip).
*SYSTEM
Specifies that this rule applies to OIDs in the system group. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.1 (system).
*TCP
Specifies that this rule applies to OIDs in the Transmission Control Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.6 (tcp).
*UDP
Specifies that this rule applies to OIDs in the User Datagram Protocol MIB. The sub-tree OID corresponding to this rule is 1.3.6.1.2.1.7 (udp).
character-value
Specify an OID for a sub-tree in the SNMP agent or sub-agent's MIB. An OID is a series of integers separated by periods. The entire OID value must be enclosed in apostrophes.
Top

User names (USRNAME)

Specifies the list of SNMPv3 users for this rule in the VACM configuration. The specified users must exist in the SNMPv3 configuration at the time this command is run. Up to 32 users may be specified.

*SAME
The list of SNMPv3 users does not change.
*ALL
Specifies that this rule applies to all configured SNMPv3 users.

Other values

character-value
Specify the name of an existing SNMPv3 user.
Top
None
Top

*ESCAPE Messages

TCP4001
Error occurred accessing SNMP configuration information.
TCP404E
VACM rule &1 not changed.
TCP8050
*IOSYSCFG authority required to use &1.
Top