05-03-2011 07:19 AM - edited 03-04-2019 12:15 PM
Currently I use an access-list to block 0.0.0.0 and several class B addresses inbound from our MPLS BGP carrier.
ip access-list standard DEFAULT
deny 0.0.0.0
deny 10.96.0.0 0.0.255.255
deny 10.6.0.0 0.0.255.255
permit any
I now have to start blocking a 10.0.0.0/8 summary from them because we want to start advertising that address into the cloud.
I have made attemps to convert to a prefix-list with no success.
Does any have experience with this that could give me some advice for this configuration.
Thank you for your asistance.
Mhudak
Solved! Go to Solution.
05-03-2011 11:07 AM
Hi,
to translate the current ACL into the prefix-list:
ip prefix-list DEFAULT seq 5 deny 0.0.0.0/0
ip prefix-list DEFAULT seq 10 deny 10.96.0.0/16 le 32
ip prefix-list DEFAULT seq 15 deny 10.6.0.0/16 le 32
ip prefix-list DEFAULT seq 20 permit 0.0.0.0/0 le 32
If you want to block 10.0.0.0/8, too, just add
ip prefix-list DEFAULT seq 18 deny 10.0.0.0/8
To understand 100%, note:
ip prefix-list DEFAULT seq 10 deny 10.96.0.0/16 le 32 - blocks 10.96.0.0/16 plus all more specific subnets like 10.96.20.0/24
ip prefix-list DEFAULT seq 18 deny 10.0.0.0/8 - blocks 10.0.0.0/8, but does not block more specific subnets like 10.1.1.0/24
HTH,
Milan
05-03-2011 07:29 AM
I have made attemps to convert to a prefix-list with no success.
Can you post what you tried
Regards.
Alain.
05-03-2011 11:07 AM
Hi,
to translate the current ACL into the prefix-list:
ip prefix-list DEFAULT seq 5 deny 0.0.0.0/0
ip prefix-list DEFAULT seq 10 deny 10.96.0.0/16 le 32
ip prefix-list DEFAULT seq 15 deny 10.6.0.0/16 le 32
ip prefix-list DEFAULT seq 20 permit 0.0.0.0/0 le 32
If you want to block 10.0.0.0/8, too, just add
ip prefix-list DEFAULT seq 18 deny 10.0.0.0/8
To understand 100%, note:
ip prefix-list DEFAULT seq 10 deny 10.96.0.0/16 le 32 - blocks 10.96.0.0/16 plus all more specific subnets like 10.96.20.0/24
ip prefix-list DEFAULT seq 18 deny 10.0.0.0/8 - blocks 10.0.0.0/8, but does not block more specific subnets like 10.1.1.0/24
HTH,
Milan
05-03-2011 11:18 AM
Tested and worked Great!
I appreciate your help.
Thank you
Mhudak
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide