02-11-2009 08:36 AM - edited 03-04-2019 03:31 AM
Hi Everybody,
I am not able to understand the usage & function of ip prefix-list. Inspite of reading various document, i am confused how it works. Can you please explain with example mentioned below:
PERMIT:
192.168.1.0/24
192.168.2.0/24
192.168.2.128/25
DENY:
172.16.0.0/16
172.18.0.0/16
172.19.1.0/24
Hope you will help me in understanding the concepts better
R.B.Kumar
Solved! Go to Solution.
02-11-2009 09:09 AM
Hi R.B. Kumar,
The easiest implementation of your permits and denies is to take each one individually and put them in a prefix-list like this:
ip prefix-list TEST seq 5 permit 192.168.1.0/24
ip prefix-list TEST seq 10 permit 192.168.2.0/24
etc.
These simple statements define exact prefix matches.
However, if you want to match several prefixes with a single prefix-list statement, things get more complicated.
Let's say you want to match the following prefixes with a single statement:
PERMIT:
192.168.1.0/24
192.168.2.0/24
192.168.2.128/25
One possible solution follows:
ip prefix-list TEST seq 5 permit 192.168.0.0/22 ge 24 le 25
This statement means the following:
1. Match all prefixes that begin with the 192.168.0.0 on their first 22 bits.
2. From the result select those prefixes, that have a prefix-length greater than or equal to 24 (ge 24) AND their prefix length is less than or equal to 25 (le 25).
So the result will be those prefixes that:
- begin with the 192.168.0.0 on their first 22 bits
AND
- have a prefix length 24 to 25.
You should test this on a router so you can see the result with your own eyes.
Please let me know if you need further explanation.
Thanks:
Istvan
02-11-2009 08:52 AM
R.B,
Simply Prefix-list is used to match the Network & Network mask rather than normal ACL which is used to match the Network Wildcard bits.
HTH
Mohamed
02-11-2009 08:57 AM
Hi Mohamed,
Thanks for your response. I too understood this from various documents.Still i am not clear with the concept
But can you explain in detail with the example i mentioned in the earlier post
R.B.Kumar
02-11-2009 09:09 AM
Hi R.B. Kumar,
The easiest implementation of your permits and denies is to take each one individually and put them in a prefix-list like this:
ip prefix-list TEST seq 5 permit 192.168.1.0/24
ip prefix-list TEST seq 10 permit 192.168.2.0/24
etc.
These simple statements define exact prefix matches.
However, if you want to match several prefixes with a single prefix-list statement, things get more complicated.
Let's say you want to match the following prefixes with a single statement:
PERMIT:
192.168.1.0/24
192.168.2.0/24
192.168.2.128/25
One possible solution follows:
ip prefix-list TEST seq 5 permit 192.168.0.0/22 ge 24 le 25
This statement means the following:
1. Match all prefixes that begin with the 192.168.0.0 on their first 22 bits.
2. From the result select those prefixes, that have a prefix-length greater than or equal to 24 (ge 24) AND their prefix length is less than or equal to 25 (le 25).
So the result will be those prefixes that:
- begin with the 192.168.0.0 on their first 22 bits
AND
- have a prefix length 24 to 25.
You should test this on a router so you can see the result with your own eyes.
Please let me know if you need further explanation.
Thanks:
Istvan
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: