RE: Prefix-lists

From: Mike Williams (ccie2be@swbell.net)
Date: Sun Apr 27 2003 - 20:07:30 GMT-3

• Next message: Tim Fletcher: "Re: Router Eigrp / Network 150.0.0.0 vs 150.200.0.0"
• Previous message: Brian Dennis: "RE: ppp chap password"
• Maybe in reply to: Brian McGahan: "RE: Prefix-lists"
• Next in thread: Jerry Haverkos: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Brian,

Yes, your comments are helpful, and thanks for replying. Just one more
point to clear up.

You mention that 'access-list 1 permit host 1.2.3.0' will match
1.2.3.0/23, /24, /25, etc..... But is that because 1.2.3.0 is a
"network" address as opposed to a "host" address. For instance, if I
say 'access-list 1 permit host 10.2.3.4' that is the same as
'access-list 1 permit 10.2.3.4 0.0.0.0' so only that single address
would be allowed. But what you're saying is that 'access-list 1 permit
host 1.2.3.0' is the equivalent of saying 'access-list 1 permit 1.2.3.0
0.0.0.0' and since access-lists don't match on mask, this exact entry
1.2.3.0, while satisfying the access-list, could be a a network with any
mask from /23 to /32....

BTW, why /23? Wouldn't this only allow for masks of /24 thru /32?

One final comment. You mention below that the 'ip prefix-list x permit
1.2.3.0/24 le 32' has the same effect (allowing /24 through /32), but as
I learned in the lab (after reading your info from the original post),
this prefix-list really only allows networks /25 through /32 and
excludes the /24. =)

Thanks again. Your insight is valuable to me.

Mike W.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian McGahan
Sent: Sunday, April 27, 2003 4:45 PM
To: 'Mike Williams'; ccielab@groupstudy.com
Subject: RE: Prefix-lists

Mike,

Wouldn't the above prefix-list statement allow the following networks?

Yes

If so, then it's not equivalent to the access-list 1 permit host
1.2.3.0

Yes and no. access-list 1 permit host 1.2.3.0 will match:

1.2.3.0/23
1.2.3.0/24
1.2.3.0/..
1.2.3.0/32

As will the prefix-list ip prefix-list x permit 1.2.3.0/24 le 32.
However, the prefix-list in this case will match more than the
access-list. It will match 1.2.3.x, where x is any number. The
access-list will match only where x is zero. Access-lists do not match
on prefix-length (subnet mask), they only match on network.

This list: ip prefix-list LIST permit 1.2.3.0/32 would match the exact
host route 1.2.3.0/32.

Is it possible for a route to have a /0? Is that why this only matches
the default route because the default route is 0.0.0.0/0 ?

Yes. The default route is the only route that has a mask of zero,
therefore you are matching only the default route.

HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866-CyscoXP
Outside US: 847.674.3392
Fax: 847.674.2625

-----Original Message-----
From: Mike Williams [mailto:ccie2be@swbell.net]
Sent: Sunday, April 27, 2003 2:39 PM
To: brian@cyscoexpert.com
Subject: Prefix-lists

Brian,
 
I was digging through the GroupStudy CCIE list archives looking for info
on prefix-lists. I found a post of yours that was, I must say, very
complete and informative. I learned the essence of how they work from
your post within like 5 minutes.
 
I did have a question tho. In your post you say:
 
<--------- begin quote --------->
 
ip prefix-list LIST permit 1.2.3.0/24 le 32
 
This means:
Check the first 24 bits of the prefix 1.2.3.0
The subnet mask must be less than or equal to 32
 
This equates to the access-list syntax:
Access-list 1 permit host 1.2.3.0
 
<--------- end quote --------->
 
My question is, is this analogy accurate? Wouldn't the above
prefix-list statement allow the following networks?
 
1.2.3.0/25
1.2.3.0/26
1.2.3.0/27
1.2.3.0/28
1.2.3.0/29
1.2.3.0/30
1.2.3.0/31
1.2.3.0/32
 
If so, then it's not equivalent to the access-list 1 permit host 1.2.3.0
 
I'm just trying to make sure I understand this prefix-list using ge and
le properly. It seems the equivalent of access-list 1 permit host
1.2.3.0 would be
 
ip prefix-list LIST permit 1.2.3.0/32
 
Also, you mention:
 
<--------- begin quote --------->
 
ip prefix-list LIST permit 0.0.0.0/0
 
This means:
The exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.
 
<--------- end quote --------->
 
I see what you're saying here, but this confuses me as it seems that
this will match any network (the /0 implies that it won't check the
prefix for a match), but because there is no ge or le parameter, it will
match any network with a /0 subnet mask. Is it possible for a route to
have a /0? Is that why this only matches the default route because the
default route is 0.0.0.0/0 ?
 
Let me know your thoughts.
 
Thanks!
Mike W.

• Next message: Tim Fletcher: "Re: Router Eigrp / Network 150.0.0.0 vs 150.200.0.0"
• Previous message: Brian Dennis: "RE: ppp chap password"
• Maybe in reply to: Brian McGahan: "RE: Prefix-lists"
• Next in thread: Jerry Haverkos: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:08 GMT-3