11-23-2007 09:31 PM - edited 03-03-2019 07:40 PM
Hi,
I would just like to verify to you guys if my prefix-list is correct. I am trying to filter 10.197.0.0/16 and longer prefixes from injecting to our network. Here's my configuration.
ip prefix-list pin seq 10 deny 10.197.0.0/16 le 32
ip prefix-list pin seq 100 permit 0.0.0.0/0 le 32
Will this stop at /16 prefix? Is this sequence 10 the same as this if I use ge as the parameter?
ip prefix-list pin seq 10 deny 10.197.0.0/16 ge 15
Thanks in advance,
John
Solved! Go to Solution.
11-26-2007 06:12 PM
You want to deny 10.197.0.0 - 10.197.255.255 ?
_____________________________________________
Rack1R3#sh ip int bri | ex una
Interface IP-Address OK? Method Status Protocol
Serial1/0 192.168.13.3 YES manual up up
Loopback0 10.197.0.1 YES manual up up
Loopback1 10.196.0.1 YES manual up up
Loopback10 10.197.10.1 YES manual up up
Loopback11 10.196.10.1 YES manual up up
Loopback20 10.197.20.1 YES manual up up
Loopback21 10.196.20.1 YES manual up up
Loopback100 10.197.100.1 YES manual up up
Loopback150 10.197.150.1 YES manual up up
Loopback200 10.197.200.1 YES manual up up
___________________
Rack1R3#sh run | sec prefix
ip prefix-list pin seq 10 deny 10.197.0.0/16 le 32
ip prefix-list pin seq 100 permit 0.0.0.0/0 le 32
_____________________
Rack1R3#sh run | sec route-map
route-map pin permit 10
match ip address prefix-list pin
_____________________
Rack1R3#sh run | sec eigrp
router eigrp 1
redistribute connected metric 1 1 1 1 1 route-map pin
network 192.168.13.3 0.0.0.0
no auto-summary
______________________
Notice how only 10.196.x.x networks are sent over to R2.
Rack1R2#sh ip route eigrp
10.0.0.0/24 is subnetted, 3 subnets
D EX 10.196.10.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0
D EX 10.196.0.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0
D EX 10.196.20.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0
___________________
BTW, the sequence is used for the prefix-list order and it does nothing to the deny/permit parameter on itself.
11-26-2007 02:52 AM
Hi John ,
You can just use this prefix-list:
ip prefix-list pin seq 10 deny 10.197.0.0/16 ge 16 le 32
This will deny all packets starting from 10.197.0.1 up to 10.197.255.255 .
Hope it helps.
Have a nice day man...
11-26-2007 01:44 PM
Hi,
Thanks for your reply. That prefix-list wont work because the ge condition is equal to the subnet bits of the network. I tried to apply that line in my lab and it failed. Thanks.
-John
11-26-2007 06:12 PM
You want to deny 10.197.0.0 - 10.197.255.255 ?
_____________________________________________
Rack1R3#sh ip int bri | ex una
Interface IP-Address OK? Method Status Protocol
Serial1/0 192.168.13.3 YES manual up up
Loopback0 10.197.0.1 YES manual up up
Loopback1 10.196.0.1 YES manual up up
Loopback10 10.197.10.1 YES manual up up
Loopback11 10.196.10.1 YES manual up up
Loopback20 10.197.20.1 YES manual up up
Loopback21 10.196.20.1 YES manual up up
Loopback100 10.197.100.1 YES manual up up
Loopback150 10.197.150.1 YES manual up up
Loopback200 10.197.200.1 YES manual up up
___________________
Rack1R3#sh run | sec prefix
ip prefix-list pin seq 10 deny 10.197.0.0/16 le 32
ip prefix-list pin seq 100 permit 0.0.0.0/0 le 32
_____________________
Rack1R3#sh run | sec route-map
route-map pin permit 10
match ip address prefix-list pin
_____________________
Rack1R3#sh run | sec eigrp
router eigrp 1
redistribute connected metric 1 1 1 1 1 route-map pin
network 192.168.13.3 0.0.0.0
no auto-summary
______________________
Notice how only 10.196.x.x networks are sent over to R2.
Rack1R2#sh ip route eigrp
10.0.0.0/24 is subnetted, 3 subnets
D EX 10.196.10.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0
D EX 10.196.0.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0
D EX 10.196.20.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0
___________________
BTW, the sequence is used for the prefix-list order and it does nothing to the deny/permit parameter on itself.
11-27-2007 11:40 AM
Thanks Edison,
Now I know my prefix-list is correct. Anyway, I just used distribute list to filter the incoming routes and it was pretty good. So far... Hehe! Thanks a lot.
Regards,
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: