From: Lee Donald (Lee.Donald@t-systems.co.uk)
Date: Fri Apr 01 2005 - 05:18:46 GMT-3
The Deny would have worked, but I think it is always better to permit exact
networks rather than deny and then let in everything else.
192.54.16.0/21 le 24 ge 24 is the correct statement.
Lee.
_____
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: 31 March 2005 17:12
To: Lee Donald; Sundar Palaniappan; Curtis Gregg
Cc: ccielab@groupstudy.com
Subject: RE: IP Prefix-list Question
Hi Lee,
I did not include .20 and .21, assue I include those too, so the solution
should be
deny 192.54.20.0/21 le 24 ge 24 not deny 192.54.0.0/21 ge 24 le 24, correct
me if I am wrong.
thanks
Mani
Lee Donald <Lee.Donald@t-systems.co.uk> wrote:
The solution I used Mani was
192.54.0.0/21 le 24 ge 24
Which excluded 192.54.21.0/24 and 192.54.22.0/24 and for filled the
requirements of the question.
-----Original Message-----
From: mani poopal [mailto:mani_ccie@yahoo.com]
Sent: 31 March 2005 16:57
To: Sundar Palaniappan; Curtis Gregg
Cc: ccielab@groupstudy.com
Subject: Re: IP Prefix-list Question
Hi Guys,
I was watching this thread very good one with good examples. I have a small
question. Assume now you have 5 routes(192.54.1.0/24, 192.54.2.0/24,
192.54.3.0/24, 192.54.4.0/24 and 192.54.5.0/24), now if the question asks to
use minimum number fo commands to allow these 5 prefixes what will be the
solution be:
====================================
ip prefix-list cisco permit 192.54.0.0/22 ge 24 le 24==>A[will this line
conver 0,1,2, and 3]
ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24
=====================================
or
=====================================
ip prefix-list cisco permit 192.54.1.0/24 ==========>B
ip prefix-list cisco permit 192.54.2.0/23 ge 24 le 24--covers 2 and 3
ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24--covers 4 and 5
====================================
thanks
Mani
Sundar Palaniappan wrote:
You are right on target!
--Sundar Palaniappan
On Thu, 31 Mar 2005 09:53:25 -0500, Curtis Gregg wrote:
>
>
>
> Very cool explanation.
>
>
>
> Please verify I understand it correctly.
>
>
>
> How I understand it:
>
> We have 23 bits in the 3rd octet that we care about and the 24 bit of that
> octet we don't care about which that can be either on or off (0 or 1).
>
>
>
> Question:
>
> So the 23 bits that we care about have to stay the same as the network
> number? For example: 192.168.4.0 has to stay the same_0000010. None of the
> other bits can change except the last bit. Which off equals 4 and on
equals
> 5.
>
>
>
> Basically we can not change the bits we care about. For example; ip
> prefix-list cisco permit 192.54.4.0/23 says that the 23 bits are our
network
> do not change.
>
>
>
> And the ge 24 le 24 basically says any advertised network must have a 24
bit
> mask.
>
>
>
> Thanks a lot for all your time!
>
>
>
> Curtis R. Gregg
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Sundar Palaniappan
> Sent: Tuesday, March 29, 2005 11:29 AM
> To: ccielab@groupstudy.com
> Subject: Fwd: IP Prefix-list Question
>
>
>
> Lee,
>
>
>
> Shall attempt to make it a little simple from what the other guys have
>
> stated above.
>
>
>
> 192.54.4.0/23
>
>
>
> 3rd octet in binary:
>
>
>
> 4 - 00000100
>
> 5 - 00000101
>
>
>
> When the SM is 23 bits, you don't care about the last bit in the 3rd
>
> octet - i.e it can be on or off. When the last bit is a 0 that matches
>
> network 4 and the last bit is 1 it matches network 5.
>
>
>
> HTH,
>
> Sundar Palaniappan
>
>
>
>
>
> On Tue, 29 Mar 2005 17:16:39 +0100, simon hart
>
> wrote:
>
> > Lee,
>
> >
>
> > I will see if I can explain
>
> >
>
> > A prefix list with just a subnet mask i.e. 192.54.4.0/24 means that the
> only
>
> > allowable route is 192.54.4.0 255.255.255.0 no other routes are allowed
> at
>
> > all.
>
> >
>
> > When ge or le is added the syntax and function of the prefix list
changes
>
> > slightly, for example
>
> >
>
> > 192.54.4.0/23 ge 24 le 24 means
>
> >
>
> > The first 23 bits of 192.54.4.0 must match (in pretty much the same way
as
>
> > an access list)
>
> >
>
> > The subnet mask of the advertised route can only be 24, nothing more
> nothing
>
> > less. Thus the only bit we are testing for is the last bit of the third
>
> > octet which can be either 0 or 1.
>
> > Therefore such an access list will allow either 192.54.4.0/24 or
>
> > 192.54.5.0/24
>
> >
>
> > When ge or le (or both together) are added to the prefix list, then the
>
> > initial function of the prefix list changes.
>
> >
>
> > HTH
>
> >
>
> > Simon
>
> >
>
> > -----Original Message-----
>
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>
> > Lee Donald
>
> > Sent: 29 March 2005 17:03
>
> > To: Philippe Couture; Lee Donald
>
> > Cc: Dillon Yang; Sundar Palaniappan; Group Study
>
> > Subject: RE: IP Prefix-list Question
>
> >
>
> > I understand the le and ge, but the 192.54.4.0/23 bit I don't get.
>
> >
>
> > I have tried it and it works but I just need to get my head round it.
>
> >
>
> > How does the /23 incorporate the 5 subnet aswell?
>
> >
>
> > -----Original Message-----
>
> > From: Philippe Couture [mailto:philippecouture@gmail.com]
>
> > Sent: 29 March 2005 16:55
>
> > To: Lee Donald
>
> > Cc: Dillon Yang; Sundar Palaniappan; Group Study
>
> > Subject: Re: IP Prefix-list Question
>
> >
>
> > Hi Lee,
>
> >
>
> > Did you try those three lines together ?
>
> >
>
> > ip prefix-list cisco permit 192.54.1.0/24
>
> > ip prefix-list cisco permit 192.54.2.0/24
>
> > ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24
>
> >
>
> > In terms of methodology, the /xx means the mask length, just as if you
>
> > were using an access-list. So, you apply a mask of 23 bits to filter
>
> > the bits in the network, and whatever is included in this mask can go
>
> > through, on the condition that its prefix length respects the ge / le
>
> > options that may be added. These ge / le options apply to the prefix
>
> > length in the advertisement. Using both le 24 and ge 24 is a way to
>
> > say "equal", since the only way to be "less or equal" and "greater or
>
> > equal" at the same time is to be precisely equal.
>
> >
>
> > Philippe
>
> >
>
> > On Tue, 29 Mar 2005 16:48:04 +0100, Lee Donald
>
> > wrote:
>
> > > Guys,
>
> > >
>
> > > I have tried this and it only lets subnets 4 & 5 in ?
>
> > >
>
> > > Also I was after the methlogy behind it so I can work it out for
myself,
>
> > you
>
> > > just telling me the answer is only part of it.
>
> > >
>
> > > I don't quite understand the /23 and the le 24 ge 24 bits ?
>
> > >
>
> > >
>
> > > -----Original Message-----
>
> > > From: Dillon Yang [mailto:gzdillon@hotmail.com]
>
> > > Sent: 29 March 2005 16:41
>
> > > To: Sundar Palaniappan
>
> > > Cc: Group Study
>
> > > Subject: Re: IP Prefix-list Question
>
> > >
>
> > > Yes, Sundar:
>
> > >
>
> > > The task is just the SIX routes!
>
> > > so feel free.
>
> > > I think you'd not overthink the unknown subnet as 3, 6, 7.
>
> > > Any expert advice?
>
> > >
>
> > > HTH
>
> > > dillon
>
> > >
>
> > > ----- Original Message -----
>
> > > From: "Sundar Palaniappan"
>
> > > To: "Philippe Couture"
>
> > > Cc: ;
>
> > > Sent: Tuesday, March 29, 2005 11:28 PM
>
> > > Subject: Re: IP Prefix-list Question
>
> > >
>
> > > > Dillon,
>
> > > >
>
> > > > You are allowing subnets 3, 6, 7 that aren't part of the requirment.
>
> > > >
>
> > > > Lee's requirement is minimum number of lines to be used. Your
solution
>
> > > > would be correct if only one line is to be used to accomplish that.
>
> > > >
>
> > > > Not sure if Cisco would consider your solution correct.
>
> > > >
>
> > > > --Sundar Palaniappan
>
> > > >
>
> > > >
>
> > > > On Tue, 29 Mar 2005 10:23:04 -0500, Sundar Palaniappan
>
> > > > wrote:
>
> > > > > My bad.
>
> > > > >
>
> > > > > Last statement should be,
>
> > > > >
>
> > > > > ip prefix-list cisco permit 192.54.4.0/23 ge 24 le 24
>
> > > > >
>
> > > > > What you are doing is, you are permiting everything after
>
> > > > > 192.54.4.0/23 but the subnet mask has to be 24 bits always.
>
> > > > >
>
> > > > > If you don't use le 24 then you are allowing prefixes with shorter
>
> > > > > mask i.e .25, .26 etc to be advertised.
>
> > > > >
>
> > > > > In the lab, I wouldn't take a chance and just nail it down.
>
> > > > >
>
> > > > > HTH,
>
> > > > > Sundar Palaniappan
>
> > > > >
>
> > > > >
>
> > > > > On Tue, 29 Mar 2005 10:03:43 -0500, Philippe Couture
>
> > > > >
wrote:
>
> > > > > > Sundar,
>
> > > > > >
>
> > > > > > Wouldn't the third line need to be "ip prefix-list cisco permit
>
> > > > > > 192.54.4.0/23 ge 24" ?
>
> > > > > >
>
> > > > > > I could be wrong but I think that since you don't care about the
>
> > 24th
>
> > > > > > bit (i.e. you want to match .4 and .5), you would use a mask
> length
>
> > of
>
> > > > > > 23, and the "ge 24" says to use prefix lengths of 24 or more. If
> you
>
> > > > > > want to really only allow 24 and nothing longer, you would also
> need
>
> > > > > > to add "le 24".
>
> > > > > >
>
> > > > > > Phil
>
> > > > > >
>
> > > > > >
>
> > > > > > On Tue, 29 Mar 2005 09:54:59 -0500, Sundar Palaniappan
>
> > > > > > wrote:
>
> > > > > > > Lee,
>
> > > > > > >
>
> > > > > > > Or you could you configure
>
> > > > > > >
>
> > > > > > > ip prefix-list cisco permit 192.54.1.0/24
>
> > > > > > > ip prefix-list cisco permit 192.54.2.0/24
>
> > > > > > > ip prefix-list cisco permit 192.54.4.0/24 ge 23
>
> > > > > > >
>
> > > > > > > Either way you need 3 statements atleast.
>
> > > > > > >
>
> > > > > > > HTH,
>
> > > > > > > Sundar Palaniappan
>
> > > > > > >
>
>
> > > > > > > On Tue, 29 Mar 2005 15:19:12 +0100, Lee Donald
>
> > > > > > > wrote:
>
> > > > > > > > I'm having trouble understanding IP Prefix-lists can anybody
>
> > > clarify this
>
> > > > > > > > for me?
>
> > > > > > > >
>
> > > > > > > > I have this question; use a prefix list with the minimum
> amount
>
> > of
>
> > > lines to
>
> > > > > > > > allow 1,2,4,5 networks in.
>
> > > > > > > >
>
> > > > > > > > 192.54.1.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.2.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.4.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.5.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.21.0/24
>
> > > > > > > >
>
> > > > > > > > 192.54.22.0/24
>
> > > > > > > >
>
> > > > > > > > I have 3 lines, 2 denying 21, and 22, the other allowing
>
> > > everything.
>
> > > > > > > >
>
> > > > > > > > Is this the minimum?, if not why not?
>
> > > > > > > >
>
> > > > > > > > Thanks in advance for your help.
>
> > > > > > > >
>
> > > > > > > > Regards
>
> > > > > > > >
>
> > > > > > > > Lee Donald.
>
> > > > > > > >
>
> > > > > > > >
>
> > >
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:51 GMT-3