General Security Commands
XSR CLI Reference Guide 16-85

Additional Syntax

The access-listcommandalsoprovidesthemoveoption,expressedinthefollowingsyntax:
access-list list-number move destination src1 [src2]
Syntax of the “no” Form
Thenoformofthiscommandremovesthedefinedaccesslist:
no access-list list-number [ent1][ent2]]
srcWild
CardBits
Specifiesbitstoignoreinthesourceaddress.
Note: The srcWildCardBits/dstWildCardBits mask specifies bits to ignore (which allow
any value where the bits are set), as opposed to the traditional method of specifying
bits to keep.
host Onlytheexactsourceaddressmatchesthecondition.Sameas
srcWildCardBits=0.0.0.0.
any Anysourceaddressmatchesthecondition.SameassrcWildCardBits=
255.255.255.255.
qualifier Valueappliedtothesourceport:eq‐equalthan,neq‐notequalto,lt‐less
than,gt‐greaterthan.
source-port Optionalsourceportnumber(0‐65535).
range Valuemustbewithintheminimumandmaximumsourceanddestination
portrange.
min-sport Lowestportnumberfrom0to65535.Combinewithmaxsport.
max-sport Highestportnumberfrom0to65535.Normallygreaterthanminsportbutif
lessthanmin,valuesareswapped.
dstIPAddr ThedestinationexpressedbyIPaddress.
dstWild
CardBits
Specifiesbitstoignoreinthedestinationaddress.
destn-port Destinationportnumber.Range:0to65535.
type,code ICMPmessagetypeonly(0255)andcode(0255).
established MatchesifaTCPconnectionisalreadyestablished,thatis,ifeitherACKor
RSTbitsaresetintheTCPheader.
Note: Source and destination ports are defined only for TCP or UDP. A message type and code can
be defined for ICMP.
list# ACLnumber,rangingfrom100‐199.
move MovesasequenceofACLentriesinfrontofanotherentry.Range:1999.
destination NumberoftheexistingACLentrybeforewhichsubsequententryorrangeof
entriesistobemoved.Range:1to999.Ifbeingmovedtotheend,useanon
existentnumber(e.g.,999).
src1 Singleentrynumber,orthefirstentrynumberintherangetobemovedbefore
thedestination.Range:1to999.
src2 Optionallastentrynumberintherangetobemoved.Range:1to999.Ifnot
specified,onlyoneentryismoved.