SV: SV: Match Any behaviour in Prefix lists

From: Jens Petter Eikeland (jenseike@start.no)
Date: Sat Sep 17 2005 - 12:33:02 GMT-3

• Next message: Venkataramanaiah.R: "Re: SV: Match Any behaviour in Prefix lists"
• Previous message: Lee Donald: "RE: Session limit for line"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi ..
You are right.. sorry about that. I dont know why i wrote it down incorrect.

This is as it should be :
To deny the default route 0.0.0.0/0:

ip prefix-list abc deny 0.0.0.0/0

To permit all routes with a prefix of 0/0:

ip prefix-list abc permit 0.0.0.0/0 le 32

You can check it out in the documentation..
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/iprr
p_r/ip2_i1g.htm#wp1039727

Jens P

-----Opprinnelig melding-----
Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
Venkataramanaiah.R
Sendt: 17. september 2005 15:41
Til: Leigh Harrison
Kopi: ccielab@groupstudy.com
Emne: Re: SV: Match Any behaviour in Prefix lists

Guys, Although i agree with your way of interpreting the default route
sounds logical to me, it is not working that way practically. Even, i
applied the same logic, however it is not working when i lab it up.. Default
route gets in only when i permit 0.0.0.0/0 <http://0.0.0.0/0> and not with
0.0.0.0/32 <http://0.0.0.0/32>.

Well, if you look at permit all, it works fine with our logic. ie., permit
0.0.0.0/0 <http://0.0.0.0/0> le 32 works for Permit all.

Again, for deny all, the same logic does not work... To deny all, only deny
0.0.0.0/0 <http://0.0.0.0/0> works.

Could you guys lab it and confirm.

Thanks for your attempt to clarify

-Venkat

On 9/17/05, Leigh Harrison <ccileigh@gmail.com> wrote:
>
> Venkat,
>
> The way I think of it is:-
>
> ip prefix-list test permit 192.168.0.0/16 <http://192.168.0.0/16> le 32
>
> The way I read it is the prefix that I'm looking for has to start
> 192.168.x.x and have a mask of less than or equal to 32 bits - so the
> mask has to be between 16 and 32 bits and begin with 192.168 and it's in.
>
> The bit that got me was making the difference between a prefix-list and
> an access-list.
>
> For the default route:-
> ip prefix-list test permit 0.0.0.0/32 <http://0.0.0.0/32>
>
> This one reads "The prefix that I'm looking for has to start
0.0.0.0<http://0.0.0.0>and
> have mask of 32" - think "1 in the mask = unchangable bits" - so the
> only thing it will allow here is 0.0.0.0 <http://0.0.0.0> - no need to put
> any ge or le
> on the end as 32 bits is pretty definitive !!
>
> For all routes:-
> ip prefix-list test permit 0.0.0.0/0 <http://0.0.0.0/0> le 32
>
> This one reads "The prefix that I'm looking for has to start
0.0.0.0<http://0.0.0.0>and
> have a mask of 0" - think "1 in the mask = unchangable bits" - as it's a
> 0, there are no bits that are fixed. The less than or equal to at the
> end reads "but has to have a mask of 32 bits or less" - which will cover
> everything.
>
> To read the last example as a whole:-
> "I am looking for a prefix that has any number is it, with a mask of 32
> bits or less"
>
> To read the first example as a whole:-
> " I am looking for a prefix that begins with 192.168 and has a mask of
> 32 bits or less"
>
> Hope that helps
>
> LH
>
>
> Jens Petter Eikeland wrote:
>
> >HI ,
> >
> >I was wondering the same thing a while ago.. Here is how it is :
> >
> >prefix-list to match the "default-route" is;
> >
> >ip prefix-list mebean permit 0.0.0.0/32 <http://0.0.0.0/32>
> >
> >all the first 32 bits "must" be zeros.
> >
> >
> >prefix-list to match "any" route is;
> >
> >ip prefix-list mrbean permit 0.0.0.0/0 <http://0.0.0.0/0> le 32.
> >
> >All the 32 bits can be "anything" and can have any mask.
> >
> >Jens Petter Eikeland
> >
> >-----Opprinnelig melding-----
> >Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av
> >Venkataramanaiah.R
> >Sendt: 17. september 2005 10:39
> >Til: ccielab@groupstudy.com
> >Emne: Match Any behaviour in Prefix lists
> >
> >Any idea, which what do we configure for match any when you use the
> prefix
> >lists?
> >
> >In a case of deny only 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
> matches all the routes
> >
> >In a case of Permit, only 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0>
> le 32 matches all the
> >routes. Just 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> does not
> match all traffic, rather
> >it matches just the default route, when used with a permit command.
> >
> >I am sure this is something to do with the way the prefix lists operate,
> >which is apparently not clear to me.
> >
> >Can someone clarify?
> >
> >TIA
> >-Venkat
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html

• Next message: Venkataramanaiah.R: "Re: SV: Match Any behaviour in Prefix lists"
• Previous message: Lee Donald: "RE: Session limit for line"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3