Filter
Top Products
General Security Commands
XSR CLI Reference Guide 16-85
Additional Syntax
The access-listcommandalsoprovidesthemoveoption,expressedinthefollowingsyntax:
access-list list-number move destination src1 [src2]
Syntax of the “no” Form
Thenoformofthiscommandremovesthedefinedaccesslist:
no access-list list-number [ent1][ent2]]
srcWild
CardBits
Specifiesbitstoignoreinthesourceaddress.
Note: The srcWildCardBits/dstWildCardBits mask specifies bits to ignore (which allow
any value where the bits are set), as opposed to the traditional method of specifying
bits to keep.
host
Onlytheexactsourceaddressmatchesthecondition.Sameas
srcWildCardBits=0.0.0.0.
any
Anysourceaddressmatchesthecondition.SameassrcWildCardBits=
255.255.255.255.
qualifier
Valueappliedtothesourceport:eq‐equalthan,neq‐notequalto,lt‐less
than,
gt‐greaterthan.
source-port
Optionalsourceportnumber(0‐65535).
range
Valuemustbewithintheminimumandmaximumsourceanddestination
portrange.
min-sport
Lowestportnumberfrom0to65535.Combinewithmax‐sport.
max-sport
Highestportnumberfrom0to65535.Normallygreaterthanmin‐sportbutif
lessthanmin,valuesareswapped.
dstIPAddr
ThedestinationexpressedbyIPaddress.
dstWild
CardBits
Specifiesbitstoignoreinthedestinationaddress.
destn-port
Destinationportnumber.Range:0to65535.
type,code
ICMPmessagetypeonly(0‐255)andcode(0‐255).
established
MatchesifaTCPconnectionisalreadyestablished,thatis,ifeitherACKor
RSTbitsaresetintheTCPheader.
Note: Source and destination ports are defined only for TCP or UDP. A message type and code can
be defined for ICMP.
list#
ACLnumber,rangingfrom100‐199.
move
MovesasequenceofACLentriesinfrontofanotherentry.Range:1‐999.
destination
NumberoftheexistingACLentrybeforewhichsubsequententryorrangeof
entriesistobemoved.Range:1to999.Ifbeingmovedtotheend,useanon‐
existentnumber(e.g.,999).
src1
Singleentrynumber,orthefirstentrynumberintherangetobemovedbefore
thedestination.Range:1to999.
src2
Optionallastentrynumberintherangetobemoved.Range:1to999.Ifnot
specified,onlyoneentryismoved.