acl-id (user group view)
Function
The acl-id command binds an ACL to a user group.
The undo acl-id command unbinds an ACL from a user group.
By default, no ACL is bound to a user group.
Parameters
| Parameter | Description | Value |
|---|---|---|
acl-number |
Specifies the number of an ACL bound to a user group. |
The value is an integer that ranges from 3000 to 3999. |
all |
Deletes all ACL rules bound to a user group. |
- |
Usage Guidelines
Usage Scenario
Before an ACL is bound to the user group, do not run the user-group enable command to enable the user group; otherwise, the ACL cannot be bound to the user group.
When the user group function is enabled on models except the S5720-EI, S5720-HI, S5730-HI, S5731-H,?S5731S-H, S5731-S, S5731S-S, S6720-HI, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-EI, and S6720S-EI, ACL rules are delivered to each user and the user group function cannot be used to save ACL resources.
Prerequisites
The ACL has been created using the acl or acl name command and ACL rules have been configured using the rule command.
The ACL bound to a user group cannot be modified or deleted in the system view.
If no ACL rule is configured for a user group, the device does not restrict the network access rights of users in the user group.
When configuring ACL rules in a user group, create a rule that rejects all network access requests and ensure that the rule can take effect.
If all users in a group are required to have the same access rights, do not specify the source IP address in the ACL bound to the user group. If an ACL bound to a user group has defined the source IP address, only users with the same IP address as the source IP address in the ACL can match the ACL in the user group.