Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Prefix-list checking

Hi,

I would just like to verify to you guys if my prefix-list is correct. I am trying to filter 10.197.0.0/16 and longer prefixes from injecting to our network. Here's my configuration.

ip prefix-list pin seq 10 deny 10.197.0.0/16 le 32

ip prefix-list pin seq 100 permit 0.0.0.0/0 le 32

Will this stop at /16 prefix? Is this sequence 10 the same as this if I use ge as the parameter?

ip prefix-list pin seq 10 deny 10.197.0.0/16 ge 15

Thanks in advance,

John

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: Prefix-list checking

You want to deny 10.197.0.0 - 10.197.255.255 ?

_____________________________________________

Rack1R3#sh ip int bri | ex una

Interface IP-Address OK? Method Status Protocol

Serial1/0 192.168.13.3 YES manual up up

Loopback0 10.197.0.1 YES manual up up

Loopback1 10.196.0.1 YES manual up up

Loopback10 10.197.10.1 YES manual up up

Loopback11 10.196.10.1 YES manual up up

Loopback20 10.197.20.1 YES manual up up

Loopback21 10.196.20.1 YES manual up up

Loopback100 10.197.100.1 YES manual up up

Loopback150 10.197.150.1 YES manual up up

Loopback200 10.197.200.1 YES manual up up

___________________

Rack1R3#sh run | sec prefix

ip prefix-list pin seq 10 deny 10.197.0.0/16 le 32

ip prefix-list pin seq 100 permit 0.0.0.0/0 le 32

_____________________

Rack1R3#sh run | sec route-map

route-map pin permit 10

match ip address prefix-list pin

_____________________

Rack1R3#sh run | sec eigrp

router eigrp 1

redistribute connected metric 1 1 1 1 1 route-map pin

network 192.168.13.3 0.0.0.0

no auto-summary

______________________

Notice how only 10.196.x.x networks are sent over to R2.

Rack1R2#sh ip route eigrp

10.0.0.0/24 is subnetted, 3 subnets

D EX 10.196.10.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0

D EX 10.196.0.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0

D EX 10.196.20.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0

___________________

BTW, the sequence is used for the prefix-list order and it does nothing to the deny/permit parameter on itself.

4 REPLIES
New Member

Re: Prefix-list checking

Hi John ,

You can just use this prefix-list:

ip prefix-list pin seq 10 deny 10.197.0.0/16 ge 16 le 32

This will deny all packets starting from 10.197.0.1 up to 10.197.255.255 .

Hope it helps.

Have a nice day man...

Re: Prefix-list checking

Hi,

Thanks for your reply. That prefix-list wont work because the ge condition is equal to the subnet bits of the network. I tried to apply that line in my lab and it failed. Thanks.

-John

Hall of Fame Super Bronze

Re: Prefix-list checking

You want to deny 10.197.0.0 - 10.197.255.255 ?

_____________________________________________

Rack1R3#sh ip int bri | ex una

Interface IP-Address OK? Method Status Protocol

Serial1/0 192.168.13.3 YES manual up up

Loopback0 10.197.0.1 YES manual up up

Loopback1 10.196.0.1 YES manual up up

Loopback10 10.197.10.1 YES manual up up

Loopback11 10.196.10.1 YES manual up up

Loopback20 10.197.20.1 YES manual up up

Loopback21 10.196.20.1 YES manual up up

Loopback100 10.197.100.1 YES manual up up

Loopback150 10.197.150.1 YES manual up up

Loopback200 10.197.200.1 YES manual up up

___________________

Rack1R3#sh run | sec prefix

ip prefix-list pin seq 10 deny 10.197.0.0/16 le 32

ip prefix-list pin seq 100 permit 0.0.0.0/0 le 32

_____________________

Rack1R3#sh run | sec route-map

route-map pin permit 10

match ip address prefix-list pin

_____________________

Rack1R3#sh run | sec eigrp

router eigrp 1

redistribute connected metric 1 1 1 1 1 route-map pin

network 192.168.13.3 0.0.0.0

no auto-summary

______________________

Notice how only 10.196.x.x networks are sent over to R2.

Rack1R2#sh ip route eigrp

10.0.0.0/24 is subnetted, 3 subnets

D EX 10.196.10.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0

D EX 10.196.0.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0

D EX 10.196.20.0 [170/2560512256] via 192.168.13.3, 00:04:06, Serial1/0

___________________

BTW, the sequence is used for the prefix-list order and it does nothing to the deny/permit parameter on itself.

Re: Prefix-list checking

Thanks Edison,

Now I know my prefix-list is correct. Anyway, I just used distribute list to filter the incoming routes and it was pretty good. So far... Hehe! Thanks a lot.

Regards,

John

473
Views
0
Helpful
4
Replies
CreatePlease to create content