No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
acl-id (user group view)

acl-id (user group view)


The acl-id command binds an ACL to a user group.

The undo acl-id command unbinds an ACL from a user group.

By default, no ACL is bound to a user group.


acl-id acl-number

undo acl-id { acl-number | all }


Parameter Description Value

Specifies the number of an ACL bound to a user group.

The value is an integer that ranges from 3000 to 3031.

Deletes all ACLs bound to a user group.



User group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After creating a user group using the user-group command, you can run the acl-id command to bind an ACL to the user group. The device will deliver ACL rules based on the user group and the ACL rules apply to all users in the user group.


The ACL to be bound to a user group must have been created using the acl (system view) command.

  • When configuring ACL rules in a user group, add an ACL rule that denies all network access and ensure that the ACL rule takes effect.

  • The bound ACL applies only to packets sent from an AP to an upstream device, but not to packets sent from the AP to downstream STAs.
  • If an ACL numbered from 3000 to 3031 is bound to a user group, you cannot bind the user ACL numbered from 6000 to 6031 to the user group. Similarly, if a user ACL numbered from 6000 to 6031 is already configured in a user group, you cannot bind an ACL numbered from 3000 to 3031 to the user group either; otherwise, the user ACL rule may conflict with the ACL rule bound to the user group, leading to an authorization error.

  • To grant the same network access rights to all users in a user group, do not configure the source IP address in an ACL rule bound to the user group. If an ACL rule defines the source IP address, only users whose IP address is the source IP address match the ACL rule.


# Bind ACL 3001 to the user group abc.

<Huawei> system-view
[Huawei] acl 3001
[Huawei-acl-adv-3001] rule 5 deny ip destination
[Huawei-acl-adv-3001] quit
[Huawei] user-group abc
[Huawei-user-group-abc] acl-id 3001
Related Topics
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 199285

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next