OSPF IP Prefix-List



R4 has Loopback 0 4.4.4.4 in area 0
other physical interfaces as shown in the topology they are in area 1,2,3


I have configured on R4:
R4#sh run | beg ip prefix
ip prefix-list INTO-AREA3 seq 5 deny 2.2.2.2/32
ip prefix-list INTO-AREA3 seq 10 permit 0.0.0.0/0 le 32
ip prefix-list INTO-AREA3 seq 15 deny 192.168.14.0/24
ip prefix-list INTO-AREA3 seq 20 deny 192.168.24.0/24

router ospf 1
 area 3 filter-list prefix INTO-AREA3 in

when I go to R3 I see the routes below still there when they should be filtered out:
192.168.14.0/24
192.168.24.0/24

I have changed the sequence number of this command to sequence 25:
ip prefix-list INTO-AREA3 seq 25 permit 0.0.0.0/0 le 32

and now I see the filtering worked. When I go to R3 which is in area 3. I do not see the routes:

192.168.14.0/24
192.168.24.0/24

Any Expert to explain the logic that the route has used in regard to the  ip prefix-list sequences. ?

Thank you
jskfanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
ip prefix-list INTO-AREA3 seq 10 permit 0.0.0.0/0 le 32
This one is equivalent of permit ip any any - after deny 2.2.2.2/32 all routes are permitted. Prefix-list is ordered just as any other ACL.

Statements
ip prefix-list INTO-AREA3 seq 15 deny 192.168.14.0/24
ip prefix-list INTO-AREA3 seq 20 deny 192.168.24.0/24
will never be checked since all routes will match sequence 10 permit 0.0.0.0/0 le 32
jskfanAuthor Commented:
if I understand after : permit 0.0.0.0/0 le 32
there is no other Prefix-list that will be looked at regardless of the sequence number ..Correct ?
JustInCaseCommented:
Yes. All routes are checked until first match is found (and action permit or deny is applied from matching statement). 0.0.0.0/0 le 32 will always be match (networks 192.168.14.0/24 and 192.168.24.0/24 are subsets of 0.0.0.0/0 le32). That's why there is a rule - more specific statements should be configured before less specific.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jskfanAuthor Commented:
Thank you
JustInCaseCommented:
You're welcome.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.