Solved: Prefix-list usage

hclisschennai · ‎02-11-2009

Hi Everybody,

I am not able to understand the usage & function of ip prefix-list. Inspite of reading various document, i am confused how it works. Can you please explain with example mentioned below:

PERMIT:

192.168.1.0/24

192.168.2.0/24

192.168.2.128/25

DENY:

172.16.0.0/16

172.18.0.0/16

172.19.1.0/24

Hope you will help me in understanding the concepts better

R.B.Kumar

Istvan_Rabai · ‎02-11-2009

Hi R.B. Kumar,

The easiest implementation of your permits and denies is to take each one individually and put them in a prefix-list like this:

ip prefix-list TEST seq 5 permit 192.168.1.0/24

ip prefix-list TEST seq 10 permit 192.168.2.0/24

etc.

These simple statements define exact prefix matches.

However, if you want to match several prefixes with a single prefix-list statement, things get more complicated.

Let's say you want to match the following prefixes with a single statement:

PERMIT:

192.168.1.0/24

192.168.2.0/24

192.168.2.128/25

One possible solution follows:

ip prefix-list TEST seq 5 permit 192.168.0.0/22 ge 24 le 25

This statement means the following:

1. Match all prefixes that begin with the 192.168.0.0 on their first 22 bits.

2. From the result select those prefixes, that have a prefix-length greater than or equal to 24 (ge 24) AND their prefix length is less than or equal to 25 (le 25).

So the result will be those prefixes that:

- begin with the 192.168.0.0 on their first 22 bits

AND

- have a prefix length 24 to 25.

You should test this on a router so you can see the result with your own eyes.

Please let me know if you need further explanation.

Thanks:

Istvan

View solution in original post

Mohamed Sobair · ‎02-11-2009

R.B,

Simply Prefix-list is used to match the Network & Network mask rather than normal ACL which is used to match the Network Wildcard bits.

HTH

Mohamed

hclisschennai · ‎02-11-2009

Hi Mohamed,

Thanks for your response. I too understood this from various documents.Still i am not clear with the concept

But can you explain in detail with the example i mentioned in the earlier post

R.B.Kumar

Istvan_Rabai · ‎02-11-2009

Hi R.B. Kumar,

The easiest implementation of your permits and denies is to take each one individually and put them in a prefix-list like this:

ip prefix-list TEST seq 5 permit 192.168.1.0/24

ip prefix-list TEST seq 10 permit 192.168.2.0/24

etc.

These simple statements define exact prefix matches.

However, if you want to match several prefixes with a single prefix-list statement, things get more complicated.

Let's say you want to match the following prefixes with a single statement:

PERMIT:

192.168.1.0/24

192.168.2.0/24

192.168.2.128/25

One possible solution follows:

ip prefix-list TEST seq 5 permit 192.168.0.0/22 ge 24 le 25

This statement means the following:

1. Match all prefixes that begin with the 192.168.0.0 on their first 22 bits.

2. From the result select those prefixes, that have a prefix-length greater than or equal to 24 (ge 24) AND their prefix length is less than or equal to 25 (le 25).

So the result will be those prefixes that:

- begin with the 192.168.0.0 on their first 22 bits

AND

- have a prefix length 24 to 25.

You should test this on a router so you can see the result with your own eyes.

Please let me know if you need further explanation.

Thanks:

Istvan