From: William Lijewski (wlijewski@cox.net)
Date: Sat Apr 10 2004 - 18:30:53 GMT-3
The important thing to remember about Prefix-lists is that you check bits
from the left to the right and you cannot skip any bits like you can with an
Access-list. First let's take a look at the third octets in binary:
128 64 32 16 8 4 2 1
1 - 0 0 0 0 0 0 0 1
2 - 0 0 0 0 0 0 1 0
3 - 0 0 0 0 0 0 1 1
4 - 0 0 0 0 0 1 0 0
5 - 0 0 0 0 0 1 0 1
6 - 0 0 0 0 0 1 1 0
7 - 0 0 0 0 0 1 1 1
8 - 0 0 0 0 1 0 0 0
You want to permit only the 1, 2, 3, and 8 third octets. Well if we take a
look at what bits match in the third octet we have the first four bits that
will match - up to the 16 bit are all 0's. If we base our prefix list on
just the bits that are matching we would get:
192.168.0.0/20 ge 24 le 24
This would check the first 20 bits from left to right to make sure that they
match and it would check to make sure that the networks have a 24-bit mask
(I'm assuming 24 for the subnet). Since there are 4 bits in the third octet
we don't care about we will have 16 networks that this would match (4^2=16).
This would match the following addresses:
192.168.0.0 through 192.168.15.0
That is a lot more than we want. If we look at the 5th bit from the left,
the 8 bit, we can see that it needs to be on for 8 to match. So we could
try a Prefix-list like this:
192.168.8.0/21 ge 24 le 24
This will check the first 21 bits, in the third octet it will make sure that
the 8 bit is on and then not care about the next three bits. Again it will
check to make sure it has a 24-bit subnet. This one will only end up
matching a single network that we want, but it will match 8 networks in
total (3^2=8). It will match the following networks:
192.168.8.0 through 192.168.15.0
Since we have the 8 bit on in our standard and it is checking up to that
bit, nothing under 8 will get through. We are not going to be able to do
this Prefix-list in one line due to the 8 needing to get through. We are
going to do a Prefix-list entry that will permit ONLY the 8 network:
192.168.8.0/24
This will check the first 24 bits and check to make sure it has a 24-bit
subnet mask.
Then for the other three we need to let through:
128 64 32 16 8 4 2 1
1 - 0 0 0 0 0 0 0 1
2 - 0 0 0 0 0 0 1 0
3 - 0 0 0 0 0 0 1 1
If we look at those we can see that we can go 6 bits from the left in the
third octet. This will leave the 1 bit and 2 bits that we don't care about.
Our Prefix-list entry for this would be:
192.168.0.0/22 ge 24 le 24
This is going to check the first 22 bits from the left and make sure the
networks have a 24-bit subnet mask. This is going to permit one more
network than we want, it is going to permit 4 networks (2^2=4). It will
permit the following networks:
192.168.0.0
192.168.1.0
192.168.2.0
192.168.3.0
This is letting the 0 network through also, but it is as close as we can get
with 2 lines. It doesn't say that we have the 0 network anywhere so it
could be acceptable. The two lines again would be:
192.168.8.0/24
192.168.0.0/22 ge 24 le 24
Now, if you wanted to make sure that the 0 network didn't get through you
would need to do four separate lines:
192.168.1.0/24
192.168.2.0/24
192.168.3.0/24
192.168.8.0/24
Hope that helps,
Bill Lijewski
CCIE #8642
Network Learning Inc
5 Day R&S CCIE Bootcamp Instructor
http://www.ccbootcamp.com
bill@eccie.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Fernando Rodriguez
Sent: Saturday, April 10, 2004 11:20 AM
To: ccielab@groupstudy.com
Subject: Prefix list...yes, again [bcc][faked-from]
Importance: Low
Hi all,
Just a quick question. I know this has been talked a
thousand times all over but I still don4t get the
point. I keep on reading a long mail that Bill
Lijewski sent a few days ago but...
Just quick to the point. I have the networks from
192.168.1.0 to 192.168.8.0. I want a prefix list to
only redistribute 192.168.0.1, 192.168.0.2,
192.168.0.3 and 192.168.0.8.
I believe the answer is 192.168.4.0 0.0.3.0...how do
you end having that?
Sorry once again but I just don4t get it.
Thanks a lot,
Fernando
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:46 GMT-3