Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1295
Views
0
Helpful
6
Replies

Prefix List for BGP -- To block the Class B range

kaustav.gupta
Level 1
Level 1

‎11-17-2005 09:13 AM - edited ‎03-03-2019 11:00 AM

Hi,

Can prefix-list ISP-IN deny 128.0.0.0/2 ge 17 actually block the entire Class B addresses when applied on a BGP neighbor..

Labels:
0 Helpful
6 Replies 6

sundar.palaniappan
Level 10
Level 10

‎11-17-2005 10:48 AM

No. If you want to filter the 128.0.0.0/16 net, then the following prefix list is what you need.

ip prefix-list ISP-IN deny 128.0.0.0/16 le 17

This prefix list precisely matches the class B net and subnets of same class B aren't matched.

HTH,

Sundar

0 Helpful

kaustav.gupta
Level 1
Level 1
In response to sundar.palaniappan

‎11-17-2005 11:08 AM

Hi,

I shall be more specific in my query now.

Lets say I want to deny the entire class B network i.e. 128.0.0.0 -191.255.255.255 will the ip prefix-list ISP-IN deny 128.0.0.0/2 ge 17 work ??

Tx/Rgs

K Gupta

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to kaustav.gupta

‎11-17-2005 12:36 PM

The answer is yes, assuming you want to accept the /16 and reject any more specific prefixes.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

kaustav.gupta
Level 1
Level 1
In response to Harold Ritter

‎11-21-2005 10:59 AM

Hi,

I tried to figure the prefix-list out but somehow not able to understand how 128.0.0.0/2 can cover till the 191.0.0.0 network ..Gr8 help if u help me uncover the trick

regs

Kas

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to kaustav.gupta

‎11-21-2005 01:35 PM

128.0.0.0/2 means that the first and second bits have to be 1 and 0 respectively. Anything in the range of 128.0.0.0 (0x10000000) to 191.255.255.255 ( 0xbfffffff) will match.

let me know if it helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
0 Helpful

sundar.palaniappan
Level 10
Level 10
In response to kaustav.gupta

‎11-21-2005 01:36 PM

Let's take a look.

128.0.0.0/2 transalates to binary value of 10000000 and the subnet mask of 2 bits transalates to 11000000.

The first 2 bits have to be always 10 (or 128 only)and cannot change and the 6 later bits (don't care bits) can be 1 or 0. If all 6 later bits are on, i.e 10111111 - IP is 191. Hence, all IP addresses in the range of 128-191 falls within this range.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card