Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Prefix-list

I need to filter networks from being received over eigrp.

Site A is advertising

10.80.20.0/24

10.80.24.0/24

10.80.16.0/24

10.80.50.0/24

10.80.91.0/24

I want to prevent Site B from receiving all route except for 10.80.20.0/24.

What is the best way to do this?   i created a prefix-list    ip prefix-list inbound_filter seq 10 permit 10.80.20.0/22 le 32

Is my thinking correct with this?  Is there a better way of doing this?

Thanks in advance.

Everyone's tags (1)
7 REPLIES
Hall of Fame Super Blue

Re: Prefix-list

ironshoreit wrote:

I need to filter networks from being received over eigrp.

Site A is advertising

10.80.20.0/24

10.80.24.0/24

10.80.16.0/24

10.80.50.0/24

10.80.91.0/24

I want to prevent Site B from receiving all route except for 10.80.20.0/24.

What is the best way to do this?   i created a prefix-list    ip prefix-list inbound_filter seq 10 permit 10.80.20.0/22 le 32

Is my thinking correct with this?  Is there a better way of doing this?

Thanks in advance.

If you simply want to match only the 10.80.20.0/24 network then you don't to use le or ge ie.

ip prefix-list inbound_filter seq 10 permit 10.80.20.0/24

will do the job because you only care about an exact match for the /24 subnet.

Jon

Re: Prefix-list

Hi,

Your understanding is correct. here you need to block something so you create either prefix-list or access-list. But prefix list is better here

b'se you wan to block everything from /32 to /22.

It is always better to block something at source but i am sure your other sites might need those prefixes so your approach of blocking

it at destination here is the only option.

Regards

Mahesh

Hall of Fame Super Blue

Re: Prefix-list

mahesh.gohil wrote:

Hi,

Your understanding is correct. here you need to block something so you create either prefix-list or access-list. But prefix list is better here

b'se you wan to block everything from /32 to /22.

It is always better to block something at source but i am sure your other sites might need those prefixes so your approach of blocking

it at destination here is the only option.

Regards

Mahesh

Mahesh

I'm confused now

The requirement is to only allow 10.180.20.0/24 so you only need 10.180.20.0/24 because that is an exact match. If you only permit that in your filter then everything else will be dropped.

Am i misunderstanding ?

Jon

Re: Prefix-list

Sir,

I completely agree with you....by looking at the list of prefix /24 only is required...but when looked at owner written prefix-list

of /32 to /22 i thought he might have missed some prefix in first list.

anyway one of which is correct...wither first list or second prefix-list ...only owner of this post can clarify on this.

by the way sorry to write on top of your post...i was typing when you already posted a post.

Regards

Mahesh

Hall of Fame Super Blue

Re: Prefix-list

Mahesh

by the way sorry to write on top of your post...i was typing when you already posted a post.

No problem, i do it all the time and you may well be right about a missing prefix from original post so it's always good to have multiple answers. I just thought i was missing something.

Jon

New Member

Re: Prefix-list

Sorry guys let me clarify a bit more.  

So as Mahesh wrote there are some other sites that will needed the network so that is why I am doing the filtering on the destination end. 

Based on your comments would the best way be to setup a prefix-list to allow all the Nets I need and utilize the default deny to filter the rest?

Or is the reverse way a better option?   It seem I may be over complicating things by using the le at the end of the prefix-list.  I am trying to accomplish task with the least amount of configuration. 

Hall of Fame Super Blue

Re: Prefix-list

ironshoreit wrote:

Sorry guys let me clarify a bit more.  

So as Mahesh wrote there are some other sites that will needed the network so that is why I am doing the filtering on the destination end. 

Based on your comments would the best way be to setup a prefix-list to allow all the Nets I need and utilize the default deny to filter the rest?

Or is the reverse way a better option?   It seem I may be over complicating things by using the le at the end of the prefix-list.  I am trying to accomplish task with the least amount of configuration.

If you need some of the networks then by all means do the filtering on the destination device.

You do not need to use le or ge on the destination device assuming you only want to allow 10.80.20.0/24.

Jon

562
Views
0
Helpful
7
Replies
CreatePlease to create content