understanding Prefix-List
I am trying to understand the purpose of the number that comes after the "/".
example:
ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17
2 means match 2 bits of first octet 10
however whatever I put , the prefix list will care just about the ge 17
to clarify it I have this table before filtering:
if I use : ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17
router eigrp 1
distribute-list prefix TEST in
so what 's the purpose of the number that comes after the slash sign "/", example:10.0.0.0/2
Thank you
example:
ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17
2 means match 2 bits of first octet 10
however whatever I put , the prefix list will care just about the ge 17
to clarify it I have this table before filtering:
R1(config)#do sh ip route
10.0.0.0/8 is variably subnetted, 6 subnets, 6 masks
D 10.1.0.0/16 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D 10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D 10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D 10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D 10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
D 10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
if I use : ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17
router eigrp 1
distribute-list prefix TEST in
R1(config)#do sh ip route
10.0.0.0/8 is variably subnetted, 5 subnets, 5 masks
D 10.2.0.0/17 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D 10.3.0.0/18 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D 10.4.0.0/19 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D 10.5.0.0/20 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
D 10.6.0.0/21 [90/156160] via 192.168.12.2, 00:00:03, FastEthernet0/0
so what 's the purpose of the number that comes after the slash sign "/", example:10.0.0.0/2
Thank you
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Here is a personal example that would help you to understand it better.
Let say I have two routers R1 and R2
R1 has the following loop-back interface with 32 bit subnet mask
lo0 10.0.0.1 255.255.255.255
lo1 10.0.1.1 255.255.255.255
lo2 10.0.2.1 255.255.255.255
All the network above it's been advertised. So, now I want to filter traffic preventing Lo2 to be advertise towards R2
R1(config)# Ip prefix-list Filter_10.0.2.1 deny 10.0.2.1 /32 ----"we are denying that specific subnet"
R1(config)# Ip prefix-list Filter_10.0.2.1 permit 0.0.0.0 /0 le 32 --- "below my description"
Permit anything else with any prefix-list
Ip prefix-list Filter_10.0.2.1 permit 0.0.0.0 /0
ge (greater) Minimum prefix length to be matched
le (less) Maximum prefix length to be matched
When I said (le 32) means: The prefix list should be less OR equal to 32. I have a 32 bit a address so all the network should be less or equal 32.
You follow me so far?
Another example.
I would like to include any routes in the range of 10.0.3.0/24 with a prefix length of 26 or greater. Essentially any advertised route that’s a /26,/27,/28,/29,/30,/31,or
R2(config)#ip prefix-list LIST1 permit 10.0.3.0/24 ge 26
R2#clear ip eigrp 100 neighbors
R2#sh ip route
10.0.0.0/8 is variably subnetted, 7 subnets, 7 masks
D 10.0.3.128/26 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.192/27 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.224/28 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.248/30 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.252/31 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.254/32 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.240/29 [90/156160] via 192.168.1.1, 00:00:19, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/0
As you can see we are now collecting the desired routing information. Like the “gr” option the “le” or “less than or equal to” option has a similar effect but in reverse. After clearing the list and creating the rule below the results are as follows:
R2(config)#ip prefix-list LIST1 permit 10.0.3.0/24 le 26
R2(config)#do clear ip eigrp neighbor
R2(config)#do sh ip route
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 10.0.3.0/25 [90/156160] via 192.168.1.1, 00:00:02, FastEthernet0/0
D 10.0.3.128/26 [90/156160] via 192.168.1.1, 00:00:02, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/0
The example configuration above will include /24, /25 and /26 prefixes falling inside the 10.0.3.0/24 range of network
Hope it helps,
Let say I have two routers R1 and R2
R1 has the following loop-back interface with 32 bit subnet mask
lo0 10.0.0.1 255.255.255.255
lo1 10.0.1.1 255.255.255.255
lo2 10.0.2.1 255.255.255.255
All the network above it's been advertised. So, now I want to filter traffic preventing Lo2 to be advertise towards R2
R1(config)# Ip prefix-list Filter_10.0.2.1 deny 10.0.2.1 /32 ----"we are denying that specific subnet"
R1(config)# Ip prefix-list Filter_10.0.2.1 permit 0.0.0.0 /0 le 32 --- "below my description"
Permit anything else with any prefix-list
Ip prefix-list Filter_10.0.2.1 permit 0.0.0.0 /0
ge (greater) Minimum prefix length to be matched
le (less) Maximum prefix length to be matched
When I said (le 32) means: The prefix list should be less OR equal to 32. I have a 32 bit a address so all the network should be less or equal 32.
You follow me so far?
Another example.
I would like to include any routes in the range of 10.0.3.0/24 with a prefix length of 26 or greater. Essentially any advertised route that’s a /26,/27,/28,/29,/30,/31,or
R2(config)#ip prefix-list LIST1 permit 10.0.3.0/24 ge 26
R2#clear ip eigrp 100 neighbors
R2#sh ip route
10.0.0.0/8 is variably subnetted, 7 subnets, 7 masks
D 10.0.3.128/26 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.192/27 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.224/28 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.248/30 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.252/31 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.254/32 [90/156160] via 192.168.1.1, 00:00:17, FastEthernet0/0
D 10.0.3.240/29 [90/156160] via 192.168.1.1, 00:00:19, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/0
As you can see we are now collecting the desired routing information. Like the “gr” option the “le” or “less than or equal to” option has a similar effect but in reverse. After clearing the list and creating the rule below the results are as follows:
R2(config)#ip prefix-list LIST1 permit 10.0.3.0/24 le 26
R2(config)#do clear ip eigrp neighbor
R2(config)#do sh ip route
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 10.0.3.0/25 [90/156160] via 192.168.1.1, 00:00:02, FastEthernet0/0
D 10.0.3.128/26 [90/156160] via 192.168.1.1, 00:00:02, FastEthernet0/0
192.168.1.0/30 is subnetted, 1 subnets
C 192.168.1.0 is directly connected, FastEthernet0/0
The example configuration above will include /24, /25 and /26 prefixes falling inside the 10.0.3.0/24 range of network
Hope it helps,
thanks Hemil Aquino
I had this one : 10.0.0.0/2 ge 17 -----you can see it is just 2 bits after the slash "/"
if it was 10.0.0.0/8 ge 17 or 10.0.0.0/16 ge 17, it would make sense , but 2 bits from the first octet , I could not tell what is covered to be permitted and what is not...
I had this one : 10.0.0.0/2 ge 17 -----you can see it is just 2 bits after the slash "/"
if it was 10.0.0.0/8 ge 17 or 10.0.0.0/16 ge 17, it would make sense , but 2 bits from the first octet , I could not tell what is covered to be permitted and what is not...
i know 10 in binary is 00001010
if My prefix list is :
ip prefix-list LIST1 permit 10.0.0.0/2
you would think from the first octet (10) in binary it has 2 Zeros 00001010
so any network that starts with 10 in our case is permitted
but when I used that prefix list ... the routing table dis not show any of the Network 10
if My prefix list is :
ip prefix-list LIST1 permit 10.0.0.0/2
you would think from the first octet (10) in binary it has 2 Zeros 00001010
so any network that starts with 10 in our case is permitted
but when I used that prefix list ... the routing table dis not show any of the Network 10
Prefix list ip prefix-list LIST1 permit 10.0.0.0/2 without ge or le will permit exactly that network 0.0.0.0/2 (0.0.0.0 192.0.0.0). Router will automatically convert 10.0.0.0/2 to 0.0.0.0/2, since it is the same range as 0.0.0.0/2 (matches network range 0.0.0.0 - 63.255.255.255).
ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17 will be match for any network from range that first octet starts 0 - 63 that has subnet mask greater or equal to /17 -> and it did its job. As you can see from your outing output - route
ip prefix-list TEST seq 5 permit 10.0.0.0/2 ge 17 will be match for any network from range that first octet starts 0 - 63 that has subnet mask greater or equal to /17 -> and it did its job. As you can see from your outing output - route
D 10.1.0.0/16 [90/156160] via 192.168.12.2, 00:00:01, FastEthernet0/0
Premium Content
You need an Expert Office subscription to comment.Start Free Trial