Re: Prefix lists differences ?

From: marc van hoof (mvh@marcvanhoof.com)
Date: Fri Nov 05 2004 - 02:11:06 GMT-3

• Next message: Scott Morris: "RE: DLSW bridge group Q"
• Previous message: Cisco Net: "Re: Prefix lists differences ?"
• Maybe in reply to: Cisco Net: "Prefix lists differences ?"
• Next in thread: Sergio Silva: "RE: Prefix lists differences ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

they are different...

access-list 100 permit 192.160.0.0 0.0.0.255 255.255.255.0 0.0.0.255

will permit any network that "starts with" 192.160.0. and has a mask that
"starts with" 255.255.255.

so 192.160.0.128/255.255.255.128 would match, as would
192.160.0.64/255.255.255.224

whereas....

access-list 100 permit host 192.160.0.0 host 255.255.255.0

will only match the network 192.160.0.0/24

when you use access lists to do this kind of thing, think of the "source"
component as the network, and the "destination" component as the netmask.

the masks associated to each in the access list are used to decide how
exactly each needs to match.

you could also do this:

access-list 100 permit host 192.160.0.0 255.255.255.0 0.0.0.255

this would match:

192.160.0.0/24
192.160.0.0/25
192.160.0.0/26
.
.
192.160.0.0/32

but NOT 192.160.0.32/27...

it's a pain to get your head around at first, but makes sense somewhere
along the line...

On Thu, 4 Nov 2004, Cisco Net wrote:

> Thank you guys..
> By the way Marc mentioned,
> access-list 100 permit 192.160.0.0 0.0.0.255 255.255.255.0 0.0.0.255
>
> an alternate idea of acl instead of prefix list /24
>
> Is this acl is right or it should be,
> access-list 100 permit 192.160.0.0 0.0.0.255 host 255.255.255.0
>
> ????
> Just making sure..
> I guess both are fine...
> Cert
>
>
> On Fri, 5 Nov 2004 15:37:46 +1100 (EST), marc van hoof
> <mvh@marcvanhoof.com> wrote:
>> ah - ok - i thought that when you said "the /24 applies to both the
>> network address and the net mask" that you meant the netmask (as well as
>> the network) had 24 fixed bits and 8 variable bits...
>>
>> as mentioned later in the post, it wasn't long ago that you had masks for
>> masks...
>>
>> misunderstanding - apologies...
>>
>>
>>
>> cheers,
>> -marc.
>>
>> On Thu, 4 Nov 2004, ccie2be wrote:
>>
>>> No, those 2 prefix aren't the same.
>>>
>>> The 1st prefix list means that the 1st 24 bits must equal to 192.168.0 and
>>> the net mask is 24 bits long.
>>>
>>> The 2nd perfix list means that the 1st 24 bits must equal 192.168.0 (same as
>>> before) but the le 32 that follows means the net mask can be from 24 bits
>>> long to 32 bits long.
>>>
>>> Don't overlook that le means LESS THAN OR EQUAL.
>>>
>>> So, the 1st perfix list means 192.168.0.0 255.255.255.0 ONLY/
>>>
>>> The 2nd prefix list means the following matches:
>>>
>>> 192.168.0.0/24
>>> 192.168.0.0/25
>>> 192.168.0.0/26
>>> 192.168.0.0/27
>>> 192.168.0.0/28
>>> 192.168.0.0/29
>>> 192.168.0.0/30
>>> 192.168.0.0/31
>>> 192.168.0.0/32
>>>
>>> So, you see there's a big difference.
>>>
>>> HTH, Tim
>>> ----- Original Message -----
>>> From: "marc van hoof" <mvh@marcvanhoof.com>
>>> To: "ccie2be" <ccie2be@nyc.rr.com>
>>> Cc: "Cisco Net" <network.cisco@gmail.com>; "Group Study"
>>> <ccielab@groupstudy.com>
>>> Sent: Thursday, November 04, 2004 10:54 PM
>>> Subject: Re: Prefix lists differences ?
>>>
>>>
>>>> so what you're saying is that if you don't specify the ge xx le xx, it
>>>> means that you are specifying a minimum mask length ?
>>>>
>>>> seems odd, but i'll believe it...
>>>>
>>>> basically that would mean that
>>>>
>>>> ip prefix-list 10 permit 192.168.0.0/24
>>>>
>>>> is the same as
>>>>
>>>> ip prefix-list 10 permit 192.168.0.0/24 le 32
>>>>
>>>> ??
>>>>
>>>> on this topic, do people remember the days before prefix-lists, where you
>>>> HAD to use extended ip access lists for route filtering, and the
>>>> "destination address/mask" of the extended acl referred to the mask of the
>>>> route ?
>>>>
>>>> it was never any fun to see:
>>>>
>>>> access-list 100 permit 192.160.0.0 0.0.0.255 255.255.255.0 0.0.0.255
>>>>
>>>> cheers,
>>>> -marc.
>>>>
>>>> On Thu, 4 Nov 2004, ccie2be wrote:
>>>>
>>>>> They're the same.
>>>>>
>>>>> The slash 24 in the 1st prefix list means the 1st 24 bits of the network
>>>>> address must match and the ge 24 le 24 means the net mask must be
>>> exactly 24
>>>>> bits.
>>>>>
>>>>> In the 2nd prefix list, when you don't have either ge or le, then the
>>> /24
>>>>> refers to both the network address and the net mask.
>>>>>
>>>>> HTH, Tim
>>>>>
>>>>> ----- Original Message -----
>>>>> From: "Cisco Net" <network.cisco@gmail.com>
>>>>> To: "Group Study" <ccielab@groupstudy.com>
>>>>> Sent: Thursday, November 04, 2004 10:20 PM
>>>>> Subject: Prefix lists differences ?
>>>>>
>>>>>
>>>>>> Hi
>>>>>> Is the meaning of the following 2 Prefix lists are same ?
>>>>>> -ip prefix-list ONE permit 100.100.100.0/24 ge 24 le 24
>>>>>> -ip prefix-list TEO permit 100.100.100.0/24
>>>>>>
>>>>>> I thought both are same.. What do you think ?
>>>>>> Regds
>>>>>> Cert
>>>>>>
>>>>>> _______________________________________________________________________
>>>>>> Subscription information may be found at:
>>>>>> http://www.groupstudy.com/list/CCIELab.html
>>>>>
>>>>> _______________________________________________________________________
>>>>> Subscription information may be found at:
>>>>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: DLSW bridge group Q"
• Previous message: Cisco Net: "Re: Prefix lists differences ?"
• Maybe in reply to: Cisco Net: "Prefix lists differences ?"
• Next in thread: Sergio Silva: "RE: Prefix lists differences ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:38 GMT-3