Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
941
Views
0
Helpful
7
Replies

Prefix-list

ironshoreit
Level 1
Level 1

‎10-20-2010 07:12 AM - edited ‎03-04-2019 10:11 AM

I need to filter networks from being received over eigrp.

Site A is advertising

10.80.20.0/24

10.80.24.0/24

10.80.16.0/24

10.80.50.0/24

10.80.91.0/24

I want to prevent Site B from receiving all route except for 10.80.20.0/24.

What is the best way to do this?   i created a prefix-list    ip prefix-list inbound_filter seq 10 permit 10.80.20.0/22 le 32

Is my thinking correct with this?  Is there a better way of doing this?

Thanks in advance.

Labels:
0 Helpful
7 Replies 7

Jon Marshall
Hall of Fame
Hall of Fame

‎10-20-2010 09:50 AM 

ironshoreit wrote:
I need to filter networks from being received over eigrp.
Site A is advertising
10.80.20.0/24
10.80.24.0/24
10.80.16.0/24
10.80.50.0/24
10.80.91.0/24
I want to prevent Site B from receiving all route except for 10.80.20.0/24.
What is the best way to do this?   i created a prefix-list    ip prefix-list inbound_filter seq 10 permit 10.80.20.0/22 le 32
Is my thinking correct with this?  Is there a better way of doing this? 
Thanks in advance.

If you simply want to match only the 10.80.20.0/24 network then you don't to use le or ge ie.

ip prefix-list inbound_filter seq 10 permit 10.80.20.0/24

will do the job because you only care about an exact match for the /24 subnet.

Jon

0 Helpful

Mahesh Gohil
Level 7
Level 7

‎10-20-2010 09:57 AM

Hi,

Your understanding is correct. here you need to block something so you create either prefix-list or access-list. But prefix list is better here

b'se you wan to block everything from /32 to /22.

It is always better to block something at source but i am sure your other sites might need those prefixes so your approach of blocking

it at destination here is the only option.

Regards

Mahesh

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mahesh Gohil

‎10-20-2010 10:10 AM 

mahesh.gohil wrote:
Hi,
Your understanding is correct. here you need to block something so you create either prefix-list or access-list. But prefix list is better here
b'se you wan to block everything from /32 to /22.
It is always better to block something at source but i am sure your other sites might need those prefixes so your approach of blocking
it at destination here is the only option.
Regards
Mahesh

Mahesh

I'm confused now

The requirement is to only allow 10.180.20.0/24 so you only need 10.180.20.0/24 because that is an exact match. If you only permit that in your filter then everything else will be dropped.

Am i misunderstanding ?

Jon

0 Helpful

Mahesh Gohil
Level 7
Level 7
In response to Jon Marshall

‎10-20-2010 10:23 AM

Sir,

I completely agree with you....by looking at the list of prefix /24 only is required...but when looked at owner written prefix-list

of /32 to /22 i thought he might have missed some prefix in first list.

anyway one of which is correct...wither first list or second prefix-list ...only owner of this post can clarify on this.

by the way sorry to write on top of your post...i was typing when you already posted a post.

Regards

Mahesh

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to Mahesh Gohil

‎10-20-2010 10:29 AM

Mahesh

by the way sorry to write on top of your post...i was typing when you already posted a post.

No problem, i do it all the time and you may well be right about a missing prefix from original post so it's always good to have multiple answers. I just thought i was missing something.

Jon

0 Helpful

ironshoreit
Level 1
Level 1
In response to Jon Marshall

‎10-20-2010 10:55 AM

Sorry guys let me clarify a bit more.  

So as Mahesh wrote there are some other sites that will needed the network so that is why I am doing the filtering on the destination end. 

Based on your comments would the best way be to setup a prefix-list to allow all the Nets I need and utilize the default deny to filter the rest?

Or is the reverse way a better option?   It seem I may be over complicating things by using the le at the end of the prefix-list.  I am trying to accomplish task with the least amount of configuration. 

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to ironshoreit

‎10-20-2010 11:57 AM 

ironshoreit wrote:
Sorry guys let me clarify a bit more.   
So as Mahesh wrote there are some other sites that will needed the network so that is why I am doing the filtering on the destination end.  
Based on your comments would the best way be to setup a prefix-list to allow all the Nets I need and utilize the default deny to filter the rest? 
Or is the reverse way a better option?   It seem I may be over complicating things by using the le at the end of the prefix-list.  I am trying to accomplish task with the least amount of configuration.

If you need some of the networks then by all means do the filtering on the destination device.

You do not need to use le or ge on the destination device assuming you only want to allow 10.80.20.0/24.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card