RE: Prefix-lists

From: Brian McGahan (brian@cyscoexpert.com)
Date: Sun Apr 27 2003 - 23:56:03 GMT-3

• Next message: Mike Williams: "RE: Prefix-lists"
• Previous message: Jean-Francois Vaillancourt: "summary-address usage in BGP?"
• Maybe in reply to: Brian McGahan: "RE: Prefix-lists"
• Next in thread: Mike Williams: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Mike,

        See answers inline

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Mike Williams
> Sent: Sunday, April 27, 2003 6:08 PM
> To: ccielab@groupstudy.com
> Subject: RE: Prefix-lists
>
> Brian,
>
> Yes, your comments are helpful, and thanks for replying. Just one
more
> point to clear up.
>
> You mention that 'access-list 1 permit host 1.2.3.0' will match
> 1.2.3.0/23, /24, /25, etc..... But is that because 1.2.3.0 is a
> "network" address as opposed to a "host" address. For instance, if I
> say 'access-list 1 permit host 10.2.3.4' that is the same as
> 'access-list 1 permit 10.2.3.4 0.0.0.0' so only that single address
> would be allowed. But what you're saying is that 'access-list 1
permit
> host 1.2.3.0' is the equivalent of saying 'access-list 1 permit
1.2.3.0
> 0.0.0.0' and since access-lists don't match on mask, this exact entry
> 1.2.3.0, while satisfying the access-list, could be a a network with
any
> mask from /23 to /32....
>
> BTW, why /23? Wouldn't this only allow for masks of /24 thru /32?

/23 was a typo, it should have been /24. The 'host' keyword doesn't
have anything to do with it being a host address, just that the wildcard
is an exact match (0.0.0.0).

 
> One final comment. You mention below that the 'ip prefix-list x
permit
> 1.2.3.0/24 le 32' has the same effect (allowing /24 through /32), but
as
> I learned in the lab (after reading your info from the original post),
> this prefix-list really only allows networks /25 through /32 and
> excludes the /24. =)
>

That is correct. The prefix-list syntax is:

Ip prefix-list X permit x.x.x.x/[len] ge [ge-value] le [le-value]

where len < ge-value <= le-value

Therefore you can't say: 'ip prefix-list x permit 1.2.3.0/24 ge 24'

You would have to say:

Ip prefix-list x seq 10 permit 1.2.3.0/24
Ip prefix-list x seq 20 permit 1.2.3.0/24 ge 25

HTH

Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com

CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866-CyscoXP
Outside US: 847.674.3392
Fax: 847.674.2625

• Next message: Mike Williams: "RE: Prefix-lists"
• Previous message: Jean-Francois Vaillancourt: "summary-address usage in BGP?"
• Maybe in reply to: Brian McGahan: "RE: Prefix-lists"
• Next in thread: Mike Williams: "RE: Prefix-lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:08 GMT-3