• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 128
  • Last Modified:

OSPF IP Prefix-List



R4 has Loopback 0 4.4.4.4 in area 0
other physical interfaces as shown in the topology they are in area 1,2,3


I have configured on R4:
R4#sh run | beg ip prefix
ip prefix-list INTO-AREA3 seq 5 deny 2.2.2.2/32
ip prefix-list INTO-AREA3 seq 10 permit 0.0.0.0/0 le 32
ip prefix-list INTO-AREA3 seq 15 deny 192.168.14.0/24
ip prefix-list INTO-AREA3 seq 20 deny 192.168.24.0/24

router ospf 1
 area 3 filter-list prefix INTO-AREA3 in

when I go to R3 I see the routes below still there when they should be filtered out:
192.168.14.0/24
192.168.24.0/24

I have changed the sequence number of this command to sequence 25:
ip prefix-list INTO-AREA3 seq 25 permit 0.0.0.0/0 le 32

and now I see the filtering worked. When I go to R3 which is in area 3. I do not see the routes:

192.168.14.0/24
192.168.24.0/24

Any Expert to explain the logic that the route has used in regard to the  ip prefix-list sequences. ?

Thank you
0
jskfan
Asked:
jskfan
Advertise Here
  • 3
  • 2
1 Solution
 
JustInCaseCommented:
ip prefix-list INTO-AREA3 seq 10 permit 0.0.0.0/0 le 32
This one is equivalent of permit ip any any - after deny 2.2.2.2/32 all routes are permitted. Prefix-list is ordered just as any other ACL.

Statements
ip prefix-list INTO-AREA3 seq 15 deny 192.168.14.0/24
ip prefix-list INTO-AREA3 seq 20 deny 192.168.24.0/24
will never be checked since all routes will match sequence 10 permit 0.0.0.0/0 le 32
0
 
jskfanAuthor Commented:
if I understand after : permit 0.0.0.0/0 le 32
there is no other Prefix-list that will be looked at regardless of the sequence number ..Correct ?
0
 
JustInCaseCommented:
Yes. All routes are checked until first match is found (and action permit or deny is applied from matching statement). 0.0.0.0/0 le 32 will always be match (networks 192.168.14.0/24 and 192.168.24.0/24 are subsets of 0.0.0.0/0 le32). That's why there is a rule - more specific statements should be configured before less specific.
0
 
jskfanAuthor Commented:
Thank you
0
 
JustInCaseCommented:
You're welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Access It Instantly
  • 3
  • 2
Advertise Here
Tackle projects and never again get stuck behind a technical roadblock.
Join Now