RE: IE Lab 7 - Using deny in ip prefix lists

From: Wang Dehong-DWANG1 (Dehong.Wang@motorola.com)
Date: Mon Oct 11 2004 - 20:18:26 GMT-3

• Next message: Chad Hintz: "RE: oct/14 RTP"
• Previous message: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Maybe in reply to: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Next in thread: ccie2be: "Re: IE Lab 7 - Using deny in ip prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try to add the "le 32" to the line.. I think that 0.0.0.0/0 is the default route instead of any..

ip prefix-list ADV seq 5 deny 54.3.7.0/24
ip prefix-list ADV seq 10 deny 54.3.7.254/32
ip prefix-list ADV seq 15 permit 0.0.0.0/0
!

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of ccie2be
Sent: Monday, October 11, 2004 5:57 PM
To: Group Study
Subject: IE Lab 7 - Using deny in ip prefix lists

Hi guys,

I'm stump by this one.

R6 is connected to BB1 via subnet 54.3.7.0/24 and to R2 via 204.12.3.0/24.

R2 is config'd to only accept rip updates from R6. Here's R2's config:

router rip
 version 2
 network 204.12.3.0
 distribute-list gateway R6 in
 no auto-summary
!
ip prefix-list R6 seq 5 permit 204.12.3.6/32

And, here's the config for R6:

router rip
 version 2
 network 54.0.0.0
 network 150.3.0.0
 network 163.3.0.0
 network 204.12.3.0
 distribute-list prefix ADV out
 distribute-list gateway R2 in
 no auto-summary
!
ip prefix-list ADV seq 5 deny 54.3.7.0/24
ip prefix-list ADV seq 10 deny 54.3.7.254/32
ip prefix-list ADV seq 15 permit 0.0.0.0/0
!
ip prefix-list R2 seq 5 permit 204.12.3.2/32

I'm trying to get R2 to accept updates from which include subnet 150.3.0.0 and 163.3.0.0 but it seems that I can't achieve this by using the above prefix list ADV which denies the routes I don't want R2 to get.

However, everything works if instead of denying the routes I don't want R2 to get, I just explicitly permit the routes R2 should get.

In other words, the following prefix list works:

ip prefix-list ADV seq 5 permit 163.3.6.0/24
ip prefix-list ADV seq 10 permit 150.3.0.0/24

I don't understand this. Why is it OK to explicitly allow routes I want advertised and implicitly deny everything else but it's not OK to explicitly deny the routes I don't want and implicitly allow everything else?

It doesn't make sense. Can someone explain this? I'd be tremendously grateful.

Thanks, Tim

• Next message: Chad Hintz: "RE: oct/14 RTP"
• Previous message: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Maybe in reply to: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Next in thread: ccie2be: "Re: IE Lab 7 - Using deny in ip prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:46 GMT-3