Re: ip prefix-list equivalent

From: Howard C. Berkowitz (hcb@xxxxxxxxxxxx)
Date: Mon Mar 25 2002 - 11:33:38 GMT-3

• Next message: Phil: "Re: SNA test for DLSW - Need working config"
• Previous message: Williams, Glenn: "SNA test for DLSW - Need working config"
• Maybe in reply to: ying chang: "ip prefix-list equivalent"
• Next in thread: ying chang: "Re: ip prefix-list equivalent"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
>"Engelhard M. Labiro" <engelhard@netmarks.co.jp> wrote,

>?I think the original poster wants the equivalent command of
>a prefix-list which deny a network with netmask greater than or
>equal to /25, which are /25, /26, /27, /28, /29, /30, /31 and /32.
>
>I think, this can not be done with one line of access-list ,
>there must be several lines of access-list as follow:
>
>access-list 101 deny ip any host 255.255.255.128
>access-list 101 deny ip any host 255.255.255.192
>access-list 101 deny ip any host 255.255.255.224
>access-list 101 deny ip any host 255.255.255.240
>access-list 101 deny ip any host 255.255.255.248
>access-list 101 deny ip any host 255.255.255.252
>access-list 101 deny ip any host 255.255.255.254
>
>I am thinking to summarize in one line of those access-lists,
>but I can`t find it. So, please someone correct me if I am wrong.

You are quite correct. Historically, prefix length restrictions
using conventional access lists were first implemented by Sean Doran
when he was at Sprint. He wrote a program to generate the necessary
statements, which ran about 16 pages of rules.

>
>> I do a test but using /16 instead of /25 and it work. The access list
>> look like this :
>>
>> access-list 111 per ip any 255.255.0.0 0.0.0.0 log
>>
>> Show access-list
>> ================
>> Extended IP access list 111
>> permit ip any host 255.255.0.0 log (1 match)
>>
>> r1#sho ip bgp
>>
>> Network Next Hop Metric LocPrf Weight Path
>> *>i160.0.0.0 148.4.2.2 0 100 0 i
>> *> 192.1.1.1/32 148.4.4.4 0 11 101 i
>>
>> Parry Chua
>>
>> -----Original Message-----
>> From: ying chang [mailto:ying_c@hotmail.com]
>> Sent: Monday, March 25, 2002 5:33 AM
>> To: ccielab@groupstudy.com
>> Subject: ip prefix-list equivalent
>>
>>
>> Hi,
>>
>> How can you do the following without using the ip prefix-list?
>> These two
>> statements can be used to deny /25+ netmask (first statement
>> deny /25+,
>> second statement permit any):
>>
>> ip prefix-list long seq 5 deny 0.0.0.0/0 ge 25
>> ip prefix-list long seq 10 permit 0.0.0.0/0 le 32
>>
> > I have trouble to get access-list equivalent for the first statement.

--
"What Problem are you trying to solve?"
***send Cisco questions to the list, so all can benefit -- not
directly to me***
*******************************************************************************
*
Howard C. Berkowitz      hcb@gettcomm.com
Chief Technology Officer, GettLab/Gett Communications http://www.gettlabs.com
Technical Director, CertificationZone.com http://www.certificationzone.com
"retired" Certified Cisco Systems Instructor (CID) #93005

• Next message: Phil: "Re: SNA test for DLSW - Need working config"
• Previous message: Williams, Glenn: "SNA test for DLSW - Need working config"
• Maybe in reply to: ying chang: "ip prefix-list equivalent"
• Next in thread: ying chang: "Re: ip prefix-list equivalent"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:21 GMT-3