RE: Help - Prefix-list

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Sun Nov 02 2003 - 16:40:42 GMT-3

• Next message: Jake: "Re: Any one wanting to sell some equipment ??"
• Previous message: ccie2be: "Re: PIM Multicast simple question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        Actually no it's not the same. This is the major difference
between the access-list and the prefix-list. When using a standard
access-list, you can only match on the network portion of a prefix, and
cannot match on the subnet mask portion.

        The most specific match you can have with an access-list is the
host keyword, but when you're saying:

'access-list 1 permit host 1.2.3.0'

it will match the following:

1.2.3.0/24
1.2.3.0/25
1.2.3.0/26
1.2.3.0/27
1.2.3.0/28
1.2.3.0/29
1.2.3.0/30
1.2.3.0/31
1.2.3.0/32

        If you want to match on the subnet mask as well, you must use a
prefix-list (note: there is an exception to this case, as you can use an
extended access-list to match on prefix/length pairs in BGP).

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)

> -----Original Message-----
> From: Wayne Hines [mailto:wayneh@DataNetDev.com.au]
> Sent: Friday, October 31, 2003 10:20 AM
> To: 'Marco P. Rodrigues'; 'Brian McGahan'
> Subject: RE: Help - Prefix-list
>
> Yes, it would but that would assume you can get the ip address 1.2.3.0
> onto
> an interface.
>
> eg with a 2511 IOS 12.1
>
> int s0
> ip add 1.2.3.0 255.255.255.255
> Bad mask /32 for address 1.2.3.0
>
> Wayne
> -----Original Message-----
> From: Marco P. Rodrigues [mailto:drkangel@restricted.net]On Behalf Of
> Marco P. Rodrigues
> Sent: Saturday, 1 November 2003 3:31
> To: Brian McGahan
> Cc: wayneh@DataNetDev.com.au
> Subject: RE: Help - Prefix-list
>
>
> Wont ip prefix-list SLASH32 permit 1.2.3.0/32 correlate to the ip
> access-list host 1.2.3.0 ?
>
> On Thu, 30 Oct 2003, Brian McGahan wrote:
>
> .:Date: Thu, 30 Oct 2003 17:36:04 -0600
> .:From: Brian McGahan <bmcgahan@internetworkexpert.com>
> .:To: "wayneh@DataNetDev.com.au" <wayneh@DataNetDev.com.au>,
> .: "ccielab@groupstudy.com" <ccielab@groupstudy.com>
> .:Subject: RE: Help - Prefix-list
> .:
> .:Wayne,
> .:
> .: Actually, there is no prefix list that directly correlates to
> .:access-list 1 permit host 1.2.3.0, since ip prefix-list X permit
> .:1.2.3.0/32 le 32 is not valid syntax. The ACL should instead read
> .:1.2.3.0 0.0.0.255.
> .:
> .:Brian McGahan, CCIE #8593
> .:bmcgahan@internetworkexpert.com
> .:
> .:Internetwork Expert, Inc.
> .:http://www.InternetworkExpert.com
> .:Toll Free: 877-224-8987
> .:Direct: 708-362-1418 (Outside the US and Canada)
> .:
> .:
> .:> -----Original Message-----
> .:> From: Wayne Hines [mailto:wayneh@DataNetDev.com.au]
> .:> Sent: Thursday, October 30, 2003 6:19 AM
> .:> To: 'Brian McGahan'; ccielab@groupstudy.com
> .:> Subject: RE: Help - Prefix-list
> .:>
> .:> Brian,
> .:>
> .:> >Ip prefix-list LIST permit 1.2.3.0/24 le 32
> .:> ^^
> .:> ge
> .:> >This means:
> .:> >Check the first 24 bits of the prefix 1.2.3.0
> .:> >The subnet mask must be less than or equal to 32
> .:> ^^^^
> .:> greater
> .:>
> .:> >This equates to the access-list syntax:
> .:> >Access-list 1 permit host 1.2.3.0
> .:>
> .:> Shouldn't the changes above occur to match the access-list?
> .:> Or conversely shouldn't the access-list change to
> .:> Access-list 1 permit 1.2.3.0 0.0.0.255
> .:>
> .:> Wayne
> .:>
> .:> -----Original Message-----
> .:> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On
Behalf Of
> .:> Brian McGahan
> .:> Sent: Monday, 27 October 2003 10:08
> .:> To: 'Silvio Nunes'; ccielab@groupstudy.com
> .:> Subject: RE: Help - Prefix-list
> .:>
> .:>
> .:> Silvio,
> .:>
> .:> Prefix-lists are used to match on prefix and prefix-length
> .:> pairs. Normal prefix-list syntax is as follows:
> .:>
> .:> Ip prefix-list LIST permit w.x.y.z/len
> .:>
> .:> Where w.x.y.z is your exact prefix
> .:> And where len is your exact prefix-length
> .:>
> .:> "Ip prefix-list LIST permit 1.2.3.0/24" would be an exact match
for
> .:the
> .:> prefix 1.2.3.0 with a subnet mask of 255.255.255.0. This does not
> .:match
> .:> 1.2.0.0/24, nor does it match 1.2.3.4/32, nor anything in between.
> .:>
> .:> When you add the keywords "GE" and "LE" to the prefix-list, the
"len"
> .:> value changes its meaning. When using GE and LE, the len value
> .:> specifies how many bits of the prefix you are checking, starting
with
> .:> the most significant bit.
> .:>
> .:> Ip prefix-list LIST permit 1.2.3.0/24 le 32
> .:>
> .:> This means:
> .:> Check the first 24 bits of the prefix 1.2.3.0
> .:> The subnet mask must be less than or equal to 32
> .:>
> .:> This equates to the access-list syntax:
> .:> Access-list 1 permit host 1.2.3.0
> .:>
> .:>
> .:> Ip prefix-list LIST permit 0.0.0.0/0 le 32
> .:>
> .:> This means:
> .:> Check the first 0 bits of the prefix 0.0.0.0
> .:> The subnet mask must be less than or equal to 32
> .:> This equates to anything
> .:>
> .:>
> .:> Ip prefix-list LIST permit 0.0.0.0/0
> .:>
> .:> This means:
> .:> The exact prefix 0.0.0.0, with the exact prefix-length 0.
> .:> This is matching a default route.
> .:>
> .:>
> .:> Ip prefix-list LIST permit 10.0.0.0/8 ge 21 le 29
> .:>
> .:> This means:
> .:> Check the first 8 bits of the prefix 10.0.0.0
> .:> The subnet mask must be greater than or equal to 21, and less than
or
> .:> equal to 29.
> .:>
> .:>
> .:> Ip prefix-list CLASS_A permit 0.0.0.0/1 ge 8 le 8
> .:>
> .:> This matches all class A addresses with classful masks. It means:
> .:> Check the first bit of the prefix, it must be a 0.
> .:> The subnet mask must be greater than or equal to 8, and less than
or
> .:> equal to 8. (It is exactly 8)
> .:>
> .:>
> .:> When using the GE and LE values, you must satisfy the condition:
> .:>
> .:> Len < GE <= LE
> .:>
> .:> Therefore:
> .:> Ip prefix-list LIST permit 1.2.3.0/24 ge 8
> .:> Is not a valid list.
> .:>
> .:>
> .:> What you can not do with the prefix-list is match on arbitrary
bits
> .:like
> .:> you can in an access-list. Prefix-lists cannot be used to check
if a
> .:> number is even or odd, nor check if a number is divisible by 15,
> .:etc...
> .:> Bit checking in a prefix-list is sequential, starting with the
most
> .:> significant (leftmost) bit.
> .:>
> .:>
> .:> HTH,
> .:>
> .:> Brian McGahan, CCIE #8593
> .:> bmcgahan@internetworkexpert.com
> .:>
> .:> Internetwork Expert, Inc.
> .:> http://www.InternetworkExpert.com
> .:> Toll Free: 877-224-8987
> .:> Direct: 708-362-1418 (Outside the US and Canada)
> .:>
> .:>
> .:> > -----Original Message-----
> .:> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf
> .:> Of
> .:> > Silvio Nunes
> .:> > Sent: Sunday, October 26, 2003 4:51 PM
> .:> > To: ccielab@groupstudy.com
> .:> > Subject: Help - Prefix-list
> .:> >
> .:> > Hi all,
> .:> >
> .:> > I4m having some dificcults to found any kind of material
regarding
> .:> > prefix-list to undertand how it works.
> .:> > I still didn4t understand very well the function and when to use
> .:> ge/le.
> .:> >
> .:> > Do you know some interesting material or tip ?
> .:> >
> .:> > Regards,
> .:> >
> .:> >

• Next message: Jake: "Re: Any one wanting to sell some equipment ??"
• Previous message: ccie2be: "Re: PIM Multicast simple question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:07 GMT-3