RE: Prefix-lists
From: Mike Williams (ccie2be@swbell.net)
Date: Sun Apr 27 2003 - 23:53:42 GMT-3
Actually this brings up a good question.........
I've seen some people mention using extended access-lists for
distribute-lists for BGP, but other than that, could you even use an
extended access-list for route filtering with other routing protocols?
I mean, what would be the point? What good would an extended list do
over a standard list when it comes to specifying networks to
permit/deny?
Mike W.
-----Original Message-----
From: Jerry Haverkos [mailto:jhaverkos@columbus.rr.com]
Sent: Sunday, April 27, 2003 8:17 PM
To: Mike Williams; ccielab@groupstudy.com
Subject: RE: Prefix-lists
Mike - et al
Are you all saying a standard access-list can be used as a prefix
list???
access-list 1 permit host 1.2.3.0 is the same as
access-list 1 permit 1.2.3.0 0.0.0.0
How does this relate to an equivalent written as an
extended access-list??
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Mike Williams
Sent: Sunday, April 27, 2003 7:08 PM
To: ccielab@groupstudy.com
Subject: RE: Prefix-lists
Brian,
Yes, your comments are helpful, and thanks for replying. Just one more
point to clear up.
You mention that 'access-list 1 permit host 1.2.3.0' will match
1.2.3.0/23, /24, /25, etc..... But is that because 1.2.3.0 is a
"network" address as opposed to a "host" address. For instance, if I
say 'access-list 1 permit host 10.2.3.4' that is the same as
'access-list 1 permit 10.2.3.4 0.0.0.0' so only that single address
would be allowed. But what you're saying is that 'access-list 1 permit
host 1.2.3.0' is the equivalent of saying 'access-list 1 permit 1.2.3.0
0.0.0.0' and since access-lists don't match on mask, this exact entry
1.2.3.0, while satisfying the access-list, could be a a network with any
mask from /23 to /32....
BTW, why /23? Wouldn't this only allow for masks of /24 thru /32?
One final comment. You mention below that the 'ip prefix-list x permit
1.2.3.0/24 le 32' has the same effect (allowing /24 through /32), but as
I learned in the lab (after reading your info from the original post),
this prefix-list really only allows networks /25 through /32 and
excludes the /24. =)
Thanks again. Your insight is valuable to me.
Mike W.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian McGahan
Sent: Sunday, April 27, 2003 4:45 PM
To: 'Mike Williams'; ccielab@groupstudy.com
Subject: RE: Prefix-lists
Mike,
�Wouldn't the above prefix-list statement allow the following networks?�
Yes
�If so, then it's not equivalent to the access-list 1 permit host
1.2.3.0�
Yes and no. �access-list 1 permit host 1.2.3.0� will match:
1.2.3.0/23
1.2.3.0/24
1.2.3.0/..
1.2.3.0/32
As will the prefix-list �ip prefix-list x permit 1.2.3.0/24 le 32�.
However, the prefix-list in this case will match more than the
access-list. It will match 1.2.3.x, where x is any number. The
access-list will match only where x is zero. Access-lists do not match
on prefix-length (subnet mask), they only match on network.
This list: �ip prefix-list LIST permit 1.2.3.0/32� would match the exact
host route 1.2.3.0/32.
�Is it possible for a route to have a /0? Is that why this only matches
the default route because the default route is 0.0.0.0/0 ?�
Yes. The default route is the only route that has a mask of zero,
therefore you are matching only the default route.
HTH
Brian McGahan, CCIE #8593
Director of Design and Implementation
brian@cyscoexpert.com
CyscoExpert Corporation
Internetwork Consulting & Training
Toll Free: 866-CyscoXP
Outside US: 847.674.3392
Fax: 847.674.2625
-----Original Message-----
From: Mike Williams [mailto:ccie2be@swbell.net]
Sent: Sunday, April 27, 2003 2:39 PM
To: brian@cyscoexpert.com
Subject: Prefix-lists
Brian,
I was digging through the GroupStudy CCIE list archives looking for info
on prefix-lists. I found a post of yours that was, I must say, very
complete and informative. I learned the essence of how they work from
your post within like 5 minutes.
I did have a question tho. In your post you say:
<--------- begin quote --------->
ip prefix-list LIST permit 1.2.3.0/24 le 32
This means:
Check the first 24 bits of the prefix 1.2.3.0
The subnet mask must be less than or equal to 32
This equates to the access-list syntax:
Access-list 1 permit host 1.2.3.0
<--------- end quote --------->
My question is, is this analogy accurate? Wouldn't the above
prefix-list statement allow the following networks?
1.2.3.0/25
1.2.3.0/26
1.2.3.0/27
1.2.3.0/28
1.2.3.0/29
1.2.3.0/30
1.2.3.0/31
1.2.3.0/32
If so, then it's not equivalent to the access-list 1 permit host 1.2.3.0
I'm just trying to make sure I understand this prefix-list using ge and
le properly. It seems the equivalent of access-list 1 permit host
1.2.3.0 would be
ip prefix-list LIST permit 1.2.3.0/32
Also, you mention:
<--------- begin quote --------->
ip prefix-list LIST permit 0.0.0.0/0
This means:
The exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.
<--------- end quote --------->
I see what you're saying here, but this confuses me as it seems that
this will match any network (the /0 implies that it won't check the
prefix for a match), but because there is no ge or le parameter, it will
match any network with a /0 subnet mask. Is it possible for a route to
have a /0? Is that why this only matches the default route because the
default route is 0.0.0.0/0 ?
Let me know your thoughts.
Thanks!
Mike W.
This archive was generated by hypermail 2.1.4
: Thu May 01 2003 - 13:36:08 GMT-3