RE: SV: Match Any behaviour in Prefix lists

From: moelkomy@cisco.com
Date: Sat Sep 17 2005 - 11:26:59 GMT-3

• Next message: Leigh Harrison: "Re: SV: Match Any behaviour in Prefix lists"
• Previous message: Venkataramanaiah.R: "Re: Telnet access into loopback"
• Maybe in reply to: Jens Petter Eikeland: "SV: Match Any behaviour in Prefix lists"
• Next in thread: Leigh Harrison: "Re: SV: Match Any behaviour in Prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I lab it in case of deny and found that both deny 0.0.0.0/0
and deny 0.0.0.0/0 le 32 have same effect, which is denying everything.

Regards,

-------------------------------------------------------------------

Mohamed ElKomy

Cisco Systems, Systems Engineer

Office: +2024885300

GSM: +20121022297

FAX: +2024885400

moelkomy@cisco.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Venkataramanaiah.R
Sent: Saturday, September 17, 2005 4:41 PM
To: Leigh Harrison
Cc: ccielab@groupstudy.com
Subject: Re: SV: Match Any behaviour in Prefix lists

Guys, Although i agree with your way of interpreting the default route
sounds logical to me, it is not working that way practically. Even, i
applied the same logic, however it is not working when i lab it up..
Default
route gets in only when i permit 0.0.0.0/0 <http://0.0.0.0/0> and not
with
0.0.0.0/32 <http://0.0.0.0/32>.

Well, if you look at permit all, it works fine with our logic. ie.,
permit
0.0.0.0/0 <http://0.0.0.0/0> le 32 works for Permit all.

Again, for deny all, the same logic does not work... To deny all, only
deny
0.0.0.0/0 <http://0.0.0.0/0> works.

Could you guys lab it and confirm.

Thanks for your attempt to clarify

-Venkat

On 9/17/05, Leigh Harrison <ccileigh@gmail.com> wrote:
>
> Venkat,
>
> The way I think of it is:-
>
> ip prefix-list test permit 192.168.0.0/16 <http://192.168.0.0/16> le
32
>
> The way I read it is the prefix that I'm looking for has to start
> 192.168.x.x and have a mask of less than or equal to 32 bits - so the
> mask has to be between 16 and 32 bits and begin with 192.168 and it's
in.
>
> The bit that got me was making the difference between a prefix-list
and
> an access-list.
>
> For the default route:-
> ip prefix-list test permit 0.0.0.0/32 <http://0.0.0.0/32>
>
> This one reads "The prefix that I'm looking for has to start
0.0.0.0<http://0.0.0.0>and
> have mask of 32" - think "1 in the mask = unchangable bits" - so the
> only thing it will allow here is 0.0.0.0 <http://0.0.0.0> - no need to
put
> any ge or le
> on the end as 32 bits is pretty definitive !!
>
> For all routes:-
> ip prefix-list test permit 0.0.0.0/0 <http://0.0.0.0/0> le 32
>
> This one reads "The prefix that I'm looking for has to start
0.0.0.0<http://0.0.0.0>and
> have a mask of 0" - think "1 in the mask = unchangable bits" - as it's
a
> 0, there are no bits that are fixed. The less than or equal to at the
> end reads "but has to have a mask of 32 bits or less" - which will
cover
> everything.
>
> To read the last example as a whole:-
> "I am looking for a prefix that has any number is it, with a mask of
32
> bits or less"
>
> To read the first example as a whole:-
> " I am looking for a prefix that begins with 192.168 and has a mask of
> 32 bits or less"
>
> Hope that helps
>
> LH
>
>
> Jens Petter Eikeland wrote:
>
> >HI ,
> >
> >I was wondering the same thing a while ago.. Here is how it is :
> >
> >prefix-list to match the "default-route" is;
> >
> >ip prefix-list mebean permit 0.0.0.0/32 <http://0.0.0.0/32>
> >
> >all the first 32 bits "must" be zeros.
> >
> >
> >prefix-list to match "any" route is;
> >
> >ip prefix-list mrbean permit 0.0.0.0/0 <http://0.0.0.0/0> le 32.
> >
> >All the 32 bits can be "anything" and can have any mask.
> >
> >Jens Petter Eikeland
> >
> >-----Opprinnelig melding-----
> >Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
> >Venkataramanaiah.R
> >Sendt: 17. september 2005 10:39
> >Til: ccielab@groupstudy.com
> >Emne: Match Any behaviour in Prefix lists
> >
> >Any idea, which what do we configure for match any when you use the
> prefix
> >lists?
> >
> >In a case of deny only 0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
> matches all the routes
> >
> >In a case of Permit, only 0.0.0.0/0 <http://0.0.0.0/0>
<http://0.0.0.0/0>
> le 32 matches all the
> >routes. Just 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> does not
> match all traffic, rather
> >it matches just the default route, when used with a permit command.
> >
> >I am sure this is something to do with the way the prefix lists
operate,
> >which is apparently not clear to me.
> >
> >Can someone clarify?
> >
> >TIA
> >-Venkat
> >
>
>_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
>
>_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html

• Next message: Leigh Harrison: "Re: SV: Match Any behaviour in Prefix lists"
• Previous message: Venkataramanaiah.R: "Re: Telnet access into loopback"
• Maybe in reply to: Jens Petter Eikeland: "SV: Match Any behaviour in Prefix lists"
• Next in thread: Leigh Harrison: "Re: SV: Match Any behaviour in Prefix lists"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3