The Remove View-based Access Control Model (VACM) for SNMP (RMVVACSNMP) command removes a VACM rule for the local Simple Network Management Protocol (SNMP) agent. VACM rules provide the ability to restrict or allow access to all or parts of the SNMP Management Information Base (MIB) provided by the local SNMP agent. When configuring VACM rules, it's important to consider the following:
- A rule that specifies ACCTYPE(*INCLUDE) takes precedence over a rule that specifies ACCTYPE(*EXCLUDE). For example, if there is a VACM rule that excludes all users from all object identifiers (OIDs) and there is a VACM rule that specifies ACCTYPE(*INCLUDE) , OBJID(*SYSTEM), and USERNAME(systemOnly), the user systemOnly has access the *SYSTEM OIDs but no other OIDs.
- The system does not support configuring local VACM rules via SNMP set requests sent to the local SNMP agent. All VACM configuration must be done using CL commands.
- The local SNMP agent does not need to be ended and restarted in order to configure VACM rules, however, configuring VACM while the SNMP agent is active will affect its performance.
- VACM rules do not apply to SNMP version 1 (SNMPv1) messages. It is recommended that SNMPv1 be disabled by setting the Allow SNMPv3 (ALWSNMPV3) parameter of the Change SNMP Attributes (CHGSNMPA) command to either *V3ONLY or *V3AGENT.
- VACM rules do not apply to SNMPv3 engine ID discovery or time synchronization operations.
Restrictions:
- You must have input/output system configuration (*IOSYSCFG) special authority to use this command.
