Re: IE Lab 7 - Using deny in ip prefix lists

From: ccie2be (ccie2be@nyc.rr.com)
Date: Tue Oct 12 2004 - 10:45:18 GMT-3

• Next message: Stan Zhang: "Re: OT: CCIE position in Atlanta"
• Previous message: Tim Fletcher: "Re: Understanding debup output"
• Maybe in reply to: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I hate it when I forget these little but crucial details.

Thanks, Tim
----- Original Message -----
From: "Geert Nijs" <geert.nijs@simac.be>
To: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study" <ccielab@groupstudy.com>
Sent: Tuesday, October 12, 2004 9:35 AM
Subject: RE: IE Lab 7 - Using deny in ip prefix lists

You are denying all routes. Prefix list should be:

ip prefix-list ADV seq 5 deny 54.3.7.0/24
ip prefix-list ADV seq 10 deny 54.3.7.254/32
ip prefix-list ADV seq 15 permit 0.0.0.0/0 le 32

Regards,
Geert #13729

________________________________

From: nobody@groupstudy.com on behalf of ccie2be
Sent: Tue 10/12/2004 0:56
To: Group Study
Subject: IE Lab 7 - Using deny in ip prefix lists

Hi guys,

I'm stump by this one.

R6 is connected to BB1 via subnet 54.3.7.0/24 and to R2 via 204.12.3.0/24.

R2 is config'd to only accept rip updates from R6. Here's R2's config:

router rip
 version 2
 network 204.12.3.0
 distribute-list gateway R6 in
 no auto-summary
!
ip prefix-list R6 seq 5 permit 204.12.3.6/32

And, here's the config for R6:

router rip
 version 2
 network 54.0.0.0
 network 150.3.0.0
 network 163.3.0.0
 network 204.12.3.0
 distribute-list prefix ADV out
 distribute-list gateway R2 in
 no auto-summary
!
ip prefix-list ADV seq 5 deny 54.3.7.0/24
ip prefix-list ADV seq 10 deny 54.3.7.254/32
ip prefix-list ADV seq 15 permit 0.0.0.0/0
!
ip prefix-list R2 seq 5 permit 204.12.3.2/32

I'm trying to get R2 to accept updates from which include subnet 150.3.0.0
and
163.3.0.0 but it seems that I can't achieve this by using the above prefix
list ADV which denies the routes I don't want R2 to get.

However, everything works if instead of denying the routes I don't want R2
to
get, I just explicitly permit the routes R2 should get.

In other words, the following prefix list works:

ip prefix-list ADV seq 5 permit 163.3.6.0/24
ip prefix-list ADV seq 10 permit 150.3.0.0/24

I don't understand this. Why is it OK to explicitly allow routes I want
advertised and implicitly deny everything else but it's not OK to explicitly
deny the routes I don't want and implicitly allow everything else?

It doesn't make sense. Can someone explain this? I'd be tremendously
grateful.

Thanks, Tim

• Next message: Stan Zhang: "Re: OT: CCIE position in Atlanta"
• Previous message: Tim Fletcher: "Re: Understanding debup output"
• Maybe in reply to: ccie2be: "IE Lab 7 - Using deny in ip prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:46 GMT-3