Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4002
Views
0
Helpful
2
Replies

BGP prefix-list

The_guroo_2
Level 2
Level 2

‎04-18-2008 04:10 AM - edited ‎03-03-2019 09:36 PM

guys can someone please tell me how to use prefix-list (i mean kindly see the attached file) i am not getting le or ge how we do that.... how we calculate that can someone please tell me the easiest way as i cant get my head around it.......

Labels:
Preview file
508 KB
0 Helpful
2 Replies 2

Rick Morris
Level 6
Level 6

‎04-18-2008 05:41 AM

Here is what I found on the command description:

http://www.cisco.com/en/US/docs/ios/12_3/iproute/command/reference/ip2_i1g.html#wp1039727

ge ge-length

(Optional) Specifies the lesser value of a range (the "from" portion of the range description) by applying the ge-length argument to the range specified. The ge-length argument represents the minimum prefix length to be matched.

Note The ge keyword represents the greater than or equal to operator.

le le-length

(Optional) Specifies the greater value of a range (the "to" portion of the range description) by applying the le-length argument to the range specified. The le-length argument represents the maximum prefix length to be matched.

Note The le keyword represents the less than or equal to operator.

Here is what it means:

Examples

The following examples show how a prefix list can be used.

To deny the default route 0.0.0.0/0:

ip prefix-list abc deny 0.0.0.0/0

To permit the prefix10.0.0.0/8:

ip prefix-list abc permit 10.0.0.0/8

The following examples show how to specify a group of prefixes.

To accept a mask length of up to 24 bits in routes with the prefix 192/16:

ip prefix-list abc permit 192.168.0.0/16 le 24

To deny mask lengths greater than 25 bits in routes with the prefix 192/16:

ip prefix-list abc deny 192.168.0.0/16 ge 25

To permit mask lengths from 8 to 24 bits in all address space:

ip prefix-list abc permit 0.0.0.0/0 ge 8 le 24

To deny mask lengths greater than 25 bits in all address space:

ip prefix-list abc deny 0.0.0.0/0 ge 25

To deny all routes with a prefix of 10/8:

ip prefix-list abc deny 10.0.0.0/8 le 32

To deny all masks with a length greater than 25 bits routes with a prefix of 192.168.1/24:

ip prefix-list abc deny 192.168.1.0/24 ge 25

To permit all routes with a prefix of 0/0:

ip prefix-list abc permit 0.0.0.0/0 le 32

0 Helpful

mohammedmahmoud
Level 11
Level 11

‎04-18-2008 10:11 AM

Hi,

Kindly find below the prefix-list rules in brief:

If "/" or the "len" is used alone then this matches the subnet mask, while the prefix must be an exact match (as if the "/" did both the bit match and the subnet mask).

Ex: "172.16.8.0/24" the number after the / is BOTH bits checked and subnet mask. So in this case it will check the 24 bits from left to right (won't care about the last 8 bits) AND it will make sure that it has a 24 bit mask. BOTH the 24 bits checked and the 24 bit subnet mask must match for the network to be permitted or denied.

While if using "le" and "ge" the "/" will be used to do bit match manipulation while the "le" and the "ge" do the subnet mask manipulation.

In the case of using "le" with the "/", the "/" will act as the lower limit of the subnet mask, as the subnet mask can't be any lower than the bits we are checking, which is extremely logical.

In the case of using "ge" with the "/" the "/" will act as the bit matcher, while the subnetmask can be anything starting from the "ge" value up to 32.

In the case of using both "le" and "ge", the "/" does the bit match, and the "le" and "ge" does the subnet mask ranging (The subnetmask can be anything from "ge" to "le").

If both "le" and "ge" are used equally, this means that we are matching an exact subnet mask, and the "/" does the bit matching.

Ex: "172.16.8.0/24 ge 25" the number directly after the / becomes ONLY bits checked and the number after the ge is the subnet mask manipulator. So in this case we are going to check the first 24 bits of the network from left to right for an exact match. If those match we are then going to check the subnet mask, which in this case can be GREATER THAN OR EQUAL TO 25 bits - meaning that as long as the first 24 bits of the network match the subnet mask could be 25,26,27,28,29,30,31,or 32 bits. They would all match.

Ex: "172.16.8.0/24 le 28" Again this will check the first 24 bits of the network to make sure that they match. Then it will check to make sure that the subnet mask is LESS THAN OR EQUAL TO 28 bits. Now this isn't going to be 28 bits down to 0 bits, the subnet mask can't be any lower than the bits we are checking. So the valid range of subnet masks for this one would be 28 bits down to 24 bits (24,25,26,27,and 28). All of those would match.

Ex: "172.16.8.0/24 ge 25 le 27" here we are checking the first 24 bits to make sure they exactly match. Then our subnet mask must be GREATER THAN OR EQUAL TO 25 bits LESS THAN OR EQUAL TO 27 bits. Meaning that 25,26,and 27 bit subnet masks would match.).

Ex: "0.0.0.0/0 ge 24 le 24" any route with /24 subnet mask.

Ex: "0.0.0.0/0 le 32" any route with a subnet mask from 0 to 32 = any route.

BR,

Mohammed Mahmoud.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card