Re: IE Lab 7 - Using deny in ip prefix lists

From: ccie2be (ccie2be@nyc.rr.com)
Date: Mon Oct 11 2004 - 21:19:12 GMT-3

• Next message: Peter Ding: "BSR harsh value"
• Previous message: jsung7: "Re: Understanding debup output (Long reply)"
• Maybe in reply to: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Next in thread: Geert Nijs: "RE: IE Lab 7 - Using deny in ip prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you very, very much.

That /32 did the trick.

Tim
----- Original Message -----
From: "Wang Dehong-DWANG1" <Dehong.Wang@motorola.com>
To: "'ccie2be'" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Monday, October 11, 2004 7:18 PM
Subject: RE: IE Lab 7 - Using deny in ip prefix lists

>
> Try to add the "le 32" to the line.. I think that 0.0.0.0/0 is the default
route instead of any..
>
> ip prefix-list ADV seq 5 deny 54.3.7.0/24
> ip prefix-list ADV seq 10 deny 54.3.7.254/32
> ip prefix-list ADV seq 15 permit 0.0.0.0/0
> !
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
> Sent: Monday, October 11, 2004 5:57 PM
> To: Group Study
> Subject: IE Lab 7 - Using deny in ip prefix lists
>
>
> Hi guys,
>
> I'm stump by this one.
>
>
> R6 is connected to BB1 via subnet 54.3.7.0/24 and to R2 via 204.12.3.0/24.
>
> R2 is config'd to only accept rip updates from R6. Here's R2's config:
>
> router rip
> version 2
> network 204.12.3.0
> distribute-list gateway R6 in
> no auto-summary
> !
> ip prefix-list R6 seq 5 permit 204.12.3.6/32
>
> And, here's the config for R6:
>
> router rip
> version 2
> network 54.0.0.0
> network 150.3.0.0
> network 163.3.0.0
> network 204.12.3.0
> distribute-list prefix ADV out
> distribute-list gateway R2 in
> no auto-summary
> !
> ip prefix-list ADV seq 5 deny 54.3.7.0/24
> ip prefix-list ADV seq 10 deny 54.3.7.254/32
> ip prefix-list ADV seq 15 permit 0.0.0.0/0
> !
> ip prefix-list R2 seq 5 permit 204.12.3.2/32
>
> I'm trying to get R2 to accept updates from which include subnet 150.3.0.0
and 163.3.0.0 but it seems that I can't achieve this by using the above
prefix list ADV which denies the routes I don't want R2 to get.
>
> However, everything works if instead of denying the routes I don't want R2
to get, I just explicitly permit the routes R2 should get.
>
> In other words, the following prefix list works:
>
> ip prefix-list ADV seq 5 permit 163.3.6.0/24
> ip prefix-list ADV seq 10 permit 150.3.0.0/24
>
>
> I don't understand this. Why is it OK to explicitly allow routes I want
advertised and implicitly deny everything else but it's not OK to explicitly
deny the routes I don't want and implicitly allow everything else?
>
> It doesn't make sense. Can someone explain this? I'd be tremendously
grateful.
>
> Thanks, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Peter Ding: "BSR harsh value"
• Previous message: jsung7: "Re: Understanding debup output (Long reply)"
• Maybe in reply to: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Next in thread: Geert Nijs: "RE: IE Lab 7 - Using deny in ip prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:46 GMT-3