Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

prefix list !! help plz

hi every1, plz some 1 solve this problem

suppose i have 10 contigiuous networks connected on my routers loopback interfaces

10.1.0.1/16

10.2.0.1/16

10.3.0.1/16

10.4.0.1/16

10.5.0.1/16

10.6.0.1/16

10.7.0.1/16

10.8.0.1/16

10.9.0.1/16

10.10.0.1/16

now i want to advertise only network 10.1.0.0 - 10.4.0.0/16 using prefix list, can some 1 tell me is it possible like i know how to do it in access-list but not getting it in prefix, plz tell me wat will be the prefix list for this???

32 REPLIES
Cisco Employee

Re: prefix list !! help plz

You can certainly do this with prefix-lists. The prefix-list to cover 10.1.0.0/16 - 10.4.0.0/16 would be as follow:

ip prefix-list test seq 5 permit 10.1.0.0/16

ip prefix-list test seq 10 permit 10.2.0.0/15

ip prefix-list test seq 15 permit 10.4.0.0/16

It would have been easier to aggregate 10.0.0.0/16 - 10.3.0.0, which is aggregatable with the following statement.

ip prefix-list test seq 5 permit 10.0.0.0/14

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: prefix list !! help plz

Oops,

I forgot. It should look like this:

ip prefix-list test seq 5 permit 10.1.0.0/16

ip prefix-list test seq 10 permit 10.2.0.0/15 le 16

ip prefix-list test seq 15 permit 10.4.0.0/16

And also for the second example:

ip prefix-list test seq 5 permit 10.0.0.0/14 le 16

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Hi ,

Hi ,

I have a router which is learning route 10.227.0.0/24 via BGP

 sh ip route | i 10.227
B        10.227.0.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.2.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.3.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.4.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.5.0/24 [20/0] via 192.168.155.241, 19:20:57
B        10.227.6.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.7.0/24 [20/0] via 192.168.155.241, 2d02h
B        10.227.8.0/24 [20/0] via 192.168.155.241, 1w2d
B        10.227.9.0/24 [20/0] via 192.168.155.241, 1w2d

But when I am trying to redistribute 10.227.0.0/16 from BGP to ospf it doesn't work

ip prefix list WAN-ROUTES  seq 450 permit 10.227.0.0/16

sh ip ospf database | I 10.227

whereas when I check other prefixes it gets redistributed

Please help me out with this issue

Thanks,

Prabhu

Silver

The issue is with your prefix

The issue is with your prefix list. Since you specified /16 so it will only match a prefix with the length of /16 but there is no bgp route/prefix with a subnet mask of /16 but /24, therefore it's not working. Also make sure there is no prefix list above seq 450 that would deny it.

This is what you need:

ip  prefix-list WAN-ROUTES  seq 450 permit 10.227.0.0/16 le 24

I labbed it in gns3 and it worked fine.

B        10.227.0.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.2.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.3.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.4.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.5.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.6.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.7.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.8.0/24 [20/0] via 10.10.10.1, 00:11:12
B        10.227.9.0/24 [20/0] via 10.10.10.1, 00:11:12
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

R3#sh ip ospf database
            OSPF Router with ID (4.4.4.4) (Process ID 1)
                Router Link States (Area 0)
Link ID         ADV Router      Age         Seq#       Checksum Link count
4.4.4.4         4.4.4.4         96          0x80000003 0x005A55 2
100.100.100.100 100.100.100.100 1630        0x80000002 0x00D062 2
                Type-5 AS External Link States
Link ID         ADV Router      Age         Seq#       Checksum Tag
10.227.0.0      4.4.4.4         95          0x80000002 0x008CC3 100
10.227.2.0      4.4.4.4         95          0x80000002 0x0076D7 100
10.227.3.0      4.4.4.4         95          0x80000002 0x006BE1 100
10.227.4.0      4.4.4.4         95          0x80000002 0x0060EB 100
10.227.5.0      4.4.4.4         95          0x80000002 0x0055F5 100
10.227.6.0      4.4.4.4         95          0x80000002 0x004AFF 100
10.227.7.0      4.4.4.4         95          0x80000002 0x003F0A 100
10.227.8.0      4.4.4.4         95          0x80000002 0x003414 100
10.227.9.0      4.4.4.4         95          0x80000002 0x00291E 100

New Member

Hi ,

Hi ,

Thanks for your reply, but if you add the statement

ip  prefix-list WAN-ROUTES  seq 450 permit 10.227.0.0/16 le 24

can you please tell me what is the sh ip route output

since I need  10.227.0.0/16 to be present when I run sh ip route cmd

but I feel it will be 10.227.0.0/24 if the above prefix list is added

Regards,

Prabhu

New Member

Hi ,

Hi ,

I have tried the prefix list stated by you

ip  prefix-list WAN-ROUTES  seq 450 permit 10.227.0.0/16 le 24

but still show ip route is showing route for 10.227.0.0/24 and not for 10.227.0.0/16

sh ip route | i 10.227.0.0
B        10.227.0.0/24 [20/0] via 192.168.155.241, 1w2d

sh ip route 10.227.0.0
Routing entry for 10.227.0.0/24
  Known via "bgp 64610", distance 20, metric 0
  Tag 2856, type external
  Redistributing via ospf 100
  Advertised by ospf 100 metric-type 1 subnets route-map BGP-TO-OSPF
  Last update from 192.168.155.241 1w2d ago
  Routing Descriptor Blocks:
  * 192.168.155.241, from 192.168.155.241, 1w2d ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 2856
      MPLS label: none

sh ip ospf database | i 10.227
10.227.0.0      172.30.248.250  57          0x80000001 0x004F05 2856
10.227.2.0      172.30.248.250  57          0x80000001 0x003919 2856
10.227.3.0      172.30.248.250  57          0x80000001 0x002E23 2856
10.227.4.0      172.30.248.250  57          0x80000001 0x00232D 2856
10.227.5.0      172.30.248.250  57          0x80000001 0x001837 2856
10.227.6.0      172.30.248.250  57          0x80000001 0x000D41 2856
10.227.7.0      172.30.248.250  57          0x80000001 0x00024B 2856
10.227.8.0      172.30.248.250  57          0x80000001 0x00F655 2856
10.227.9.0      172.30.248.250  57          0x80000001 0x00EB5F 2856
10.227.10.0     172.30.248.250  57          0x80000001 0x00E069 2856
10.227.11.0     172.30.248.250  57          0x80000001 0x00D573 2856
10.227.12.0     172.30.248.250  57          0x80000001 0x00CA7D 2856
10.227.13.0     172.30.248.250  57          0x80000001 0x00BF87 2856
10.227.14.0     172.30.248.250  57          0x80000001 0x00B491 2856
10.227.15.0     172.30.248.250  57          0x80000001 0x00A99B 2856
10.227.16.0     172.30.248.250  57          0x80000001 0x009EA5 2856
10.227.17.0     172.30.248.250  57          0x80000001 0x0093AF 2856
10.227.18.0     172.30.248.250  57          0x80000001 0x0088B9 2856
10.227.19.0     172.30.248.250  57          0x80000001 0x007DC3 2856
10.227.20.0     172.30.248.250  57          0x80000001 0x0072CD 2856
10.227.21.0     172.30.248.250  57          0x80000001 0x0067D7 2856
10.227.22.0     172.30.248.250  57          0x80000001 0x005CE1 2856
10.227.23.0     172.30.248.250  57          0x80000001 0x0051EB 2856
10.227.24.0     172.30.248.250  57          0x80000001 0x0046F5 2856
10.227.29.0     172.30.248.250  59          0x80000001 0x000F28 2856
10.227.30.0     172.30.248.250  59          0x80000001 0x000432 2856
10.227.31.0     172.30.248.250  59          0x80000001 0x00F83C 2856
10.227.32.0     172.30.248.250  59          0x80000001 0x00ED46 2856
10.227.33.0     172.30.248.250  59          0x80000001 0x00E250 2856
10.227.34.0     172.30.248.250  59          0x80000001 0x00D75A 2856
10.227.35.0     172.30.248.250  59          0x80000001 0x00CC64 2856
10.227.36.0     172.30.248.250  59          0x80000001 0x00C16E 2856
10.227.37.0     172.30.248.250  59          0x80000001 0x00B678 2856
10.227.38.0     172.30.248.250  59          0x80000001 0x00AB82 2856
10.227.39.0     172.30.248.250  59          0x80000001 0x00A08C 2856
10.227.40.0     172.30.248.250  59          0x80000001 0x009596 2856
10.227.41.0     172.30.248.250  59          0x80000001 0x008AA0 2856
10.227.44.0     172.30.248.250  59          0x80000001 0x0069BE 2856
10.227.47.0     172.30.248.250  59          0x80000001 0x0048DC 2856
10.227.48.0     172.30.248.250  59          0x80000001 0x003DE6 2856
10.227.49.0     172.30.248.250  59          0x80000001 0x0032F0 2856
10.227.50.0     172.30.248.250  59          0x80000001 0x0027FA 2856
10.227.51.0     172.30.248.250  59          0x80000001 0x001C05 2856
10.227.52.0     172.30.248.250  59          0x80000001 0x00110F 2856
10.227.54.0     172.30.248.250  59          0x80000001 0x00FA23 2856
10.227.56.0     172.30.248.250  59          0x80000001 0x00E437 2856
10.227.60.0     172.30.248.250  59          0x80000001 0x00B85F 2856
10.227.62.0     172.30.248.250  59          0x80000001 0x00A273 2856
10.227.63.0     172.30.248.250  59          0x80000001 0x00977D 2856
10.227.64.0     172.30.248.250  59          0x80000001 0x008C87 2856
10.227.65.0     172.30.248.250  59          0x80000001 0x008191 2856
10.227.66.0     172.30.248.250  59          0x80000001 0x00769B 2856
10.227.67.0     172.30.248.250  59          0x80000001 0x006BA5 2856
10.227.69.0     172.30.248.250  59          0x80000001 0x0055B9 2856
10.227.70.0     172.30.248.250  59          0x80000001 0x004AC3 2856
10.227.71.0     172.30.248.250  59          0x80000001 0x003FCD 2856
10.227.72.0     172.30.248.250  59          0x80000001 0x0034D7 2856
10.227.74.0     172.30.248.250  59          0x80000001 0x001EEB 2856
10.227.76.0     172.30.248.250  59          0x80000001 0x0008FF 2856
10.227.78.0     172.30.248.250  59          0x80000001 0x00F114 2856
10.227.79.0     172.30.248.250  59          0x80000001 0x00E61E 2856
10.227.80.0     172.30.248.250  59          0x80000001 0x00DB28 2856
10.227.81.0     172.30.248.250  59          0x80000001 0x00D032 2856
10.227.82.0     172.30.248.250  59          0x80000001 0x00C53C 2856
10.227.84.0     172.30.248.250  59          0x80000001 0x00AF50 2856
10.227.86.0     172.30.248.250  59          0x80000001 0x009964 2856
10.227.87.0     172.30.248.250  59          0x80000001 0x008E6E 2856
10.227.88.0     172.30.248.250  59          0x80000001 0x008378 2856
10.227.89.0     172.30.248.250  59          0x80000001 0x007882 2856
10.227.91.0     172.30.248.250  59          0x80000001 0x006296 2856
10.227.92.0     172.30.248.250  59          0x80000001 0x0057A0 2856
10.227.93.0     172.30.248.250  59          0x80000001 0x004CAA 2856
10.227.94.0     172.30.248.250  59          0x80000001 0x0041B4 2856
10.227.95.0     172.30.248.250  59          0x80000001 0x0036BE 2856
10.227.96.0     172.30.248.250  59          0x80000001 0x001CDA 2856
10.227.96.255   172.30.248.250  59          0x80000001 0x002BC8 2856
10.227.102.0    172.30.248.250  59          0x80000001 0x00E805 2856
10.227.103.0    172.30.248.250  59          0x80000001 0x00DD0F 2856
10.227.104.0    172.30.248.250  59          0x80000001 0x00D219 2856
10.227.105.0    172.30.248.250  59          0x80000001 0x00C723 2856
10.227.106.0    172.30.248.250  59          0x80000001 0x00BC2D 2856
10.227.115.0    172.30.248.250  59          0x80000001 0x005987 2856
10.227.116.0    172.30.248.250  59          0x80000001 0x004E91 2856
10.227.117.0    172.30.248.250  59          0x80000001 0x00439B 2856
10.227.118.0    172.30.248.250  59          0x80000001 0x0038A5 2856
10.227.119.0    172.30.248.250  59          0x80000001 0x002DAF 2856
10.227.120.0    172.30.248.250  59          0x80000001 0x0022B9 2856
10.227.121.0    172.30.248.250  59          0x80000001 0x0017C3 2856
10.227.123.0    172.30.248.250  59          0x80000001 0x0001D7 2856
10.227.136.0    172.30.248.250  59          0x80000001 0x00715A 2856
10.227.140.0    172.30.248.250  59          0x80000001 0x004582 2856
10.227.143.0    172.30.248.250  59          0x80000001 0x0024A0 2856
10.227.145.0    172.30.248.250  59          0x80000001 0x000EB4 2856
10.227.146.0    172.30.248.250  60          0x80000001 0x0003BE 2856
10.227.148.0    172.30.248.250  60          0x80000001 0x00ECD2 2856

Regards,

Prabhu

Silver

Prefix list is matching the

Prefix list is matching the bgp routes in the local rib and route-map used by OSPF for redistribution is calling the prefix-list. You can use a standard access-list and result will be the same.

ip access-list standard test

permit 10.227.0.0 0.0.255.255

* I am not sure how you can aggregate bgp routes in current scenario using a prefix list or access-list unless you advertise an aggregate address from the upstream bgp router or create a static route for 10.227.0.0/16 and redistribute it into ospf.

Silver

I advertised an aggregate

I advertised an aggregate address from the upstream bgp router and then redistributed that into ospf. But I am not sure if that's the solution you are looking for because I am not clear what the end goal is. 
R3#sh ip bgp
BGP table version is 20, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.227.0.0/16    10.10.10.1               0             0 100 i
R3#
R3#
R3#
R3#sh ip osp
R3#sh ip ospf dat
R3#sh ip ospf database
            OSPF Router with ID (4.4.4.4) (Process ID 1)
                Router Link States (Area 0)
Link ID         ADV Router      Age         Seq#       Checksum Link count
4.4.4.4         4.4.4.4         1206        0x80000007 0x005259 2
100.100.100.100 100.100.100.100 1391        0x80000004 0x00CC64 2
                Type-5 AS External Link States
Link ID         ADV Router      Age         Seq#       Checksum Tag
10.227.0.0      4.4.4.4         48          0x80000003 0x008AC4 100
New Member

Hi ,

Hi ,

I thinkg you are right

in this case the upstream router advertises 10.227.0.0/24

sh ip bgp | i 10.227.0
 *>  10.227.0.0/24    192.168.155.241                       

whereas prefix list created as below

ip prefix-list WAN-routes seq 450 permit 10.227.0.0/16 le 24

so /16 is not there in BGP table whereas /24 is present in bgp table hence even after applying above prefix list still we are getting route for /24 and not /16

sh ip route 10.227.0.0

Routing entry for 10.227.0.0/24
  Known via "bgp 64610", distance 20, metric 0
  Tag 2856, type external
  Redistributing via ospf 100
  Advertised by ospf 100 metric-type 1 subnets route-map BGP-TO-OSPF
  Last update from 192.168.155.241 1w2d ago
  Routing Descriptor Blocks:
  * 192.168.155.241, from 192.168.155.241, 1w2d ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 2856
      MPLS label: none

Hence I should make upstream router to advertise /16 instead of /24 - am I right ?

Regards,

Prabhu

Silver

Correct. That's what I can

Correct. That's what I can think of.

upstream bgp router:

aggregate-address 10.227.0.0  255.255.0.0 summary-only

* with this  command only /16 would be advertised, if you remove summariy-only then aggregate address would be advertised in addition to  more specified routes. 

Silver

Forgot to add the command for

Forgot to add the command for redistribution under the ospf process:

redistribute bgp AS subnets route-map WAN-ROUTES  

* You may already have it configured the right way, but I just wanted to add it to make sure that all pieces are covered.

New Member

Re: prefix list !! help plz

thanks for the reply but i didnt understand any of u, plz i m not an expert just started prefix list, i understand the ge and le and seq and all but i didnt understand how to specify the range of ip addres that i need to block ( or allow ), can u explain that by keeping my example, can i specify my range ( i.e. from 10.1.0.0 - 10.4.0.0 ) in a single prefix statement ?? i m really confused here plz explain to me how can i do it?

still thanks for ur feedback but i didnt get it really

Cisco Employee

Re: prefix list !! help plz

Shaila,

You couldn't permit 10.1.0.0/16 - 10.4.0.0/16 in a single statement without also including other prefixes since these prefixes do not fall on a common boundary.

The first portion of the prefix-list is key in this exercise.

for instance

10.0.0.0/14 le 16 ge 16

would include 10.0.0.0/16 - 10.3.0.0/16

10.0.0.0/13 le 16 ge 16

would include 10.0.0.0/16 - 10.7.0.0/16

10.0.0.0/12 le 16 ge 16

would include 10.0.0.0/16 - 10.15.0.0/16

Let me know if this makes sense to you,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: prefix list !! help plz

Hi ,

You can use the following command for advertising 10.1.0.0 anc 10.4.0.0 /16 netwrks.

ip prefix-list XXX ser 5 permit 10.1.0.0/16

ip prefix-list YYY seq 10 permit 10.4.0.0/16.

Details - Prefix-list:

To create a prefix list or add a prefix-list entry, use the ip prefix-list command in global configuration mode. To delete a prefix-list entry, use the no form of this command.

ip prefix-list {list-name | list-number} [seq number] {deny network/length | permit network/length} [ge ge-length] [le le-length]

The ip prefix-list command is used to configure IP prefix filtering. Prefix lists are configured with permit or deny keywords to either permit or deny the prefix based on the matching condition. A prefix list consists of an IP address and a bit mask. The IP address can be a classful network, a subnet, or a single host route. The bit mask is entered as a number from 1 to 32. An implicit deny is applied to traffic that does not match any prefix-list entry.

Prefix lists are configured to match an exact prefix length or a prefix range. The ge and le keywords are used to specify a range of the prefix lengths to match, providing more flexible configuration than can be configured with just the network/length argument. The prefix list is processed using an exact match when neither the ge nor le keyword is entered. If only the ge value is entered, the range is the value entered for the ge ge-length argument to a full 32-bit length. If only the le value is entered, the range is from value entered for the network/length argument to the le le-length argument. If both the ge ge-length and le le-length keywords and arguments are entered, the range falls between the values used for the ge-length and le-length arguments. The following formula shows this behavior:

network/length < ge ge-length < le le-length <= 32

A prefix list is configured with a name and/or sequence number. One or the other must be entered when configuring this command. If a sequence number is not entered, a default sequence number of 5 is applied to the prefix list, and subsequent prefix list entries will be increment by 5 (for example, 5, 10, 15, and onwards). If a sequence number is entered for the first prefix list entry but not subsequent entries, then the subsequent entries will also be incremented by 5 (For example, if the first configured sequence number is 3, then subsequent entries will be 8, 13, 18, and onwards). Default sequence numbers can be suppressed by entering the no form of this command with the seq keyword.

Prefix lists are evaluated starting with the lowest sequence number. The longest most specific prefix is matched. The first successful match is processed for a given prefix. Once a match occurs, the permit or deny statement is processed, and the rest of the list is not evaluated.

--------------------------------------------------------------------------------

Tip For best performance, the most frequently processed prefix list statements should be configured with the lowest sequence numbers. The seq number keyword and argument can be used for resequencing.

--------------------------------------------------------------------------------

The prefix list is applied to inbound or outbound updates for specific peer by entering the neighbor prefix-list command. Prefix list information and counters are displayed in the output of the show ip prefix-list command. Prefix-list counters can be reset by entering the clear ip prefix-list command.

Silver

Re: prefix list !! help plz

Examples

In the following example, a prefix list configured to deny the default route 0.0.0.0/0:

Router(config)# ip prefix-list RED deny 0.0.0.0/0

In the following example, a prefix list is configured to permit traffic from the 172.16.1.0/24 subnet:

Router(config)# ip prefix-list BLUE permit 172.16.1.0/24

In the following example, a prefix list is configured to permit routes from the 10.0.0.0/8 network that have a mask length that is less than or equal to 24 bits:

Router(config)# ip prefix-list YELLOW permit 10.0.0.0/8 le 24

In the following example, a prefix list is configured to deny routes from the 10.0.0.0/8 network that have a mask length that is greater than or equal to 25 bits:

Router(config)# ip prefix-list PINK deny 10.0.0.0/8 ge 25

In the following example, a prefix list is configured to routes to permit routes from any network that have a mask length from 8 to 24 bits:

Router(config)# ip prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24

In the following example, a prefix list configured to deny any route with any mask length from the 10.0.0.0/8 network:

Router(config)# ip prefix-list ORANGE deny 10.0.0.0/8 le 32

Thanks,

Satish

Bronze

Re: prefix list !! help plz

helloo..

i think this will also work.........

ip prefix-list test 5 10.0.0.0/14 ge 15 le 16

ip prefix-list 10 test 10 10.4.0.0/16

arun :)

Cisco Employee

Re: prefix list !! help plz

Arun,

This would work but would allow additional prefixes such as 10.0.0.0/15, 10.0.0.0/16, 10.1.0.0/15, 10.2.0.0/15, 10.3.0.0/15.

On the other hand you could change the first statement for ge 16 le 16, at which point only prefix 10.0.0.0/16 would be allowed on top of the specified prefixes (10.1.0.0/16 - 10.4.0.0/16).

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: prefix list !! help plz

hi sir, i should admit that i m not able to understand ge or le at all !!! either u explain to me in simple words plz or refer me a doc that can explain me prefix list in an easy manner, i checked the univercd bgp guide and prefix list doc but didnt understand, can u plz refer me some doc or explain

thanks again in advance

Cisco Employee

Re: prefix list !! help plz

Please refer to the attached document and let me know if it helps.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: prefix list !! help plz

sorry sir, but it didnt helped :( i m getting really confuse in ge and le parameters, see i have these 4 networks

10.24.0.0/16

10.25.0.0/16

10.26.0.0/16

10.27.0.0/16

now the summary will be 10.24.0.0/14 right ?

how can i specify this in the prefix list,

plz sir dont take me wrong but just dont give the answer i mean plz explain ur answer, like if u include ge or le then plz tell me how and why u have written them

thanks in advance

Cisco Employee

Re: prefix list !! help plz

That is correct. You can use one statement to match the 4 prefixes as they share a common boundary.

Now if you want these prefixes to be allowed but strictly with a prefix length of 16, you would have the following prefix-list:

ip prefix-list test seq 10 permit 10.24.0.0/14 ge 16 le 16

If you didn't configure le 16 ge 16 then the default prefix length (/14) would be applied and would therefore not allow the /16 prefixes.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: prefix list !! help plz

Slight oversight.

10.1.0.0/15 and 10.3.0.0/15 are illegal prefix/prefix length combination.

Sorry for the confusion,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: prefix list !! help plz

hi sir, i started reading wendell odom exam certification for ccie and i think i m understanding it now, just a lil more practice i guess, there is one final question so plz tell me

i have these networks

10.1.0.0/16 till 10.20.0.0/16

i want to filter

1) all the odd networks

2) all the even networks

wat will be the prefix list ??

plz give separate prefix list for 1 and 2.

thanks again in advance

Cisco Employee

Re: prefix list !! help plz

This kind of requirement (odd/even) cannot be achieved with a prefix-list as prefix-lists do not allow to configure non contiguous masks.

This would easily be done with an extended ACL as they do allow for non contiguous masks:

1) Allow all odd networks between 10.1.0.0/16 and 10.20.0.0/16 inclusively

access-list 101 permit ip 10.1.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.17.0.0 0.2.255.255 host 255.255.0.0

2) Allow all even networks between 10.1.0.0/16 and 10.20.0.0/16 inclusively

access-list 101 permit ip 10.0.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.16.0.0 0.2.255.255 host 255.255.0.0

access-list 101 permit ip 10.20.0.0 0.0.255.255 host 255.255.0.0

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: prefix list !! help plz

Small rectification on the second access-list. The requirement stated 10.1.0.0/16 to 10.20.0.0/16 and the proposed ACL allows 10.0.0.0/16. It can be modified as follow to fulfill the requirement:

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0

access-list 101 permit ip 10.0.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.16.0.0 0.2.255.255 host 255.255.0.0

access-list 101 permit ip 10.20.0.0 0.0.255.255 host 255.255.0.0

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Bronze

Re: prefix list !! help plz

Really interesting ....

sir,

can u just tell then how will be my access-list if i want to permit only networks

10.1.0.0/16 to 10.10.0.0/16 ??

Cisco Employee

Re: prefix list !! help plz

Again, 10.1.0.0/16 to 10.10.0/16 don't all fall under a common mask boundary, so you will need more than one line.

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0 /* denies 10.0.0.0/16 as it is part of the following block but shouldn't allowed according to your specifications */

access-list 101 permit ip 10.0.0.0 0.0.15.255 host 255.255.0.0 /* allows 10.0.0.0/16 tp 10.15.0.0/16 */

access-list 101 permit ip 10.16.0.0 0.0.255.255 host 255.255.0.0 /* allows 10.16.0.0/16 */

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: prefix list !! help plz

Sorry I misread the specifications. Here's the new ACL:

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0 /* denies 10.0.0.0/16 from the following block */

access-list 101 permit ip 10.0.0.0 0.7.255.255 host 255.255.0.0 /* permits 10.0.0.0/16 to 10.7.0.0/16 */

access-list 101 permit ip 10.8.0.0 0.1.255.255 host 255.255.0.0 /* permits 10.8.0.0/16 to 10.9.0.0/16 */

access-list 101 permit ip 10.0.10.0 0.0.255.255 host 255.255.0.0 /* permits 10.10.0.0/16 */

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Bronze

Re: prefix list !! help plz

thanks u sir,,

so the logic is divide into block size of nearest 2^n , and the find the network portion by logical AND of first and last ip,and for mask portion logical XOR of first and last ip....

after it if any ip are coming out of our requirement,make specific access-list for it...

am i right???

... :)

728
Views
44
Helpful
32
Replies