RE: Basic Dielema....Acces-list or Prefix-List

From: James Matrisciano (jmatrisciano@kenttech.com)
Date: Fri Dec 02 2005 - 13:00:44 GMT-3

Thanks,

to save everybody trouble...you can't do odds or evens with
prefix-lists....thought you could, but according to the following, it is
not possible:

What you can not do with the prefix-list is match on arbitrary bits like
you can in an access-list. Prefix-lists cannot be used to check if a
number is even or odd, nor check if a number is divisible by 15, etc...
Bit checking in a prefix-list is sequential, starting with the most
significant (leftmost) bit.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@xxxxxxxxxxxxxxxxxxxxxx

So access list it is for odds and evens :) Not loosing my head after
all lol

  _____

From: Artir Geci [mailto:artirgeci@gmail.com]
Sent: Friday, December 02, 2005 10:51 AM
To: James Matrisciano
Cc: Vincent Mashburn; hulbertj@comcast.net; Bryant, Paul M; rosy bird;
ccielab@groupstudy.com; swm@emanon.com
Subject: Re: Basic Dielema....Acces-list or Prefix-List

Hi James,

This probably might help you

http://www.groupstudy.com/archives/ccielab/200310/msg01417.html

Artir

On 12/2/05, James Matrisciano <jmatrisciano@kenttech.com> wrote:

        Ok, feeling stupid this morning, but I can not for the life of
me
        remember how to do the following:

        Match all odd numbers
        1.1.1.0
        1.1.2.0
        1.1.3.0
        1.1.4.0
        1.1.5.0
        1.1.6.0

        Now, with an access-list, that's easy work
        Access-list 1 per 1.1.1.0 0.0.254.0

        But with a prefix-list, I am all screwed up, any help on this is
most
        welcome!

        -----Original Message-----
        From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
        Vincent Mashburn
        Sent: Friday, December 02, 2005 10:14 AM
        To: hulbertj@comcast.net; Bryant, Paul M; rosy bird;
        ccielab@groupstudy.com
        Cc: swm@emanon.com
        Subject: RE: Basic Dielema....Acces-list or Prefix-List

        I agree. However, we are running the 12.2 train and trying to
replace or
        add statements via sequence numbers is buggy. Sometimes it
works,
        sometimes not. However, it always works with prefix-lists.

        Vince Mashburn

        Engineer

        901-263-5072

        CCIE (R&S Written), CCNP, CCDA, Network +

        ________________________________

        From: hulbertj@comcast.net [mailto:hulbertj@comcast.net]
        Sent: Friday, December 02, 2005 9:11 AM
        To: Vincent Mashburn; Bryant, Paul M; rosy bird;
ccielab@groupstudy.com
        Cc: swm@emanon.com
        Subject: RE: Basic Dielema....Acces-list or Prefix-List

        IOS does assign a sequence number to standard and extended
access-lists.
        This allows us to remove or add another line anywhere in the
ACL.

        Rack1R1#sho access-lists

        Rack1R1#conf t
        Enter configuration commands, one per line. End with CNTL/Z.
        Rack1R1(config)#access-list 1 permit 1.1.1.0 0.0.0.255
        Rack1R1(config)#access-list 1 deny 2.2.2.0 0.0.0.255
        Rack1R1(config)#access-list 1 permit 3.3.3.0 0.0.0.255
        Rack1R1(config)#access-list 1 deny 4.4.4.0 0.0.0.255
Rack1R1(config)#do
        sho access-lists 1 Standard IP access list 1
            10 permit 1.1.1.0, wildcard bits 0.0.0.255
            20 deny 2.2.2.0, wildcard bits 0.0.0.255
            30 permit 3.3.3.0 , wildcard bits 0.0.0.255
            40 deny 4.4.4.0, wildcard bits 0.0.0.255
        Rack1R1(config)#

        Rack1R1(config)#ip access-list standard 1
Rack1R1(config-std-nacl)#no 30
        Rack1R1(config-std-nacl)#15 permit 15.15.15.0 0.0.0.255
        Rack1R1(config-std-nacl)#do sho access-list 1 Standard IP access
list 1
            10 permit 1.1.1.0, wildcard bits 0.0.0.255
            15 permit 15.15.15.0, wildcard bits 0.0.0.255
            20 deny 2.2.2.0, wildcard bits 0.0.0.255
            40 deny 4.4.4.0, wildcard bits 0.0.0.255
        Rack1R1(config-std-nacl)#

        Jerry

                -------------- Original message --------------

> Prefix-lists are in fact more efficient. The IOS looks
through

> prefix-lists in a more efficient manner than ACL's.
Also,
        Prefix-lists
> allow you to edit or add to (delete from) any line
without
        having to
> take out the entire list (you can do it on the fly).
My
        personal opinion
> is to use prefix-lists in lieu of ACL's whenever
possible.
> Thanks
> Vince Mashburn
> Voice / Network Engineer
> 901-263-5072
>
> -----Original Message-----
> From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On
        Behalf Of
> Bryant, Paul M
> Sent: Friday, December 02, 2005 2:14 AM
> To: 'rosy bird'; ccielab@groupstudy.com
> Cc: swm@emanon.com
> Subject: RE: Basic Dielema....Acces-list or
Prefix-List
>
> Hi Rosy
>! ;
> I have read that ACL should be avoid for route
filtering as
        Prefix-list
> are
> more efficent in the way that they are able to filter.
For
        other filter
> purposes obviously Prefix list are no good, i.e. port
protocol
        etc..
>
> I am not sure how the efficency is achieved I guess it
is the
        way in
> which
> the memory is used can be simpler with a Prefix-list
than an
        acl.
> Probably
> meaning it can be done in hardware. Perhaps one of the
other
        members of
> this
> group might know why they are more efficent in detail.
>
> Thanks
>
> Paul
>
> -----Original Message-----
> From: nobody@groupstudy.com
[mailto:nobody@groupstudy.com] On
        Behalf Of
> rosy
> bird
> Sent: 02 December 2005 07:52
> To: ccielab@groupstudy.com
> Cc: swm@emanon.com
> Subject: Basic Dielema....Acces-list or Prefix-List
>
                &! gt;
> Just wanted to know which is the best practice..use of
AC L or
        Prefix
> list.Insituation where,using a prefix-list would not
give any
        specific
> advantage as such(unless specified of course)...is it
ok to
        use Acls ??
>
>

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3