The group name command creates a policy group or modifies an existing policy group.
The undo group name command deletes a policy group or the description of a policy group.
group name group-name [ from rule-name1 [ to rule-name2 ] ] [ enable | disable ] [ description description-text ]
undo group name group-name [ include-member | description ]
| Parameter | Description | Value |
|---|---|---|
| group-name | Specifies the name of a policy group. If group-name does not exist, a new policy group is created. If group-name exists, the policy group with this name is modified. | The value is a case-sensitive character string. The length of a name without spaces ranges from 1 to 32 characters. The length of a name with spaces ranges from 3 to 34 characters. If a name contains spaces, the name must be enclosed with quotation marks (for example, "user for test"). The name cannot contain any question marks (?) or quotation marks ("). |
| from rule-name1 | Specifies the start rule of the policy group. If this parameter is not specified, an empty policy group is created. | The specified policy rule must already exist. |
| to rule-name2 | Specifies the end rule of the policy group. If this parameter is not specified, all rules behind the start rule belong to this policy group. | The specified policy rule must already exist. |
| enable | disable | Enables or disables the policy group. | The default value is enable. |
| description description-text | Specifies the description. | The value is a string of 1 to 128 characters without question marks (?). |
| include-member | Deletes all policy rules from a policy group. If this parameter is not specified, the policy group is deleted, but the policy rules in the policy group are not deleted. | - |
When you create a policy group, the start rule must be in front of the end rule, and the rules between the start and end rules cannot be added to any other policy group.