Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
771
Views
5
Helpful
7
Replies

Help with IP prefix list

Go to solution
Andrew White
Level 2
Level 2

‎06-23-2019 07:58 AM

Hello,

 

On our Nexus switches we have a BGP peering with an external company.  I need to advertise our WAN subnet into their BGP and need some help.  They want me to use IP Prefix lists for the below subnets that exist in our WAN.

 

172.30.0.0/24  (we have about 10 networks /24 here like 172.30.5.0/24 and 172.30.15.0/24)

192.168.138.0/24

192.168.136.0/24
192.168.115.0/24

192.168.144.0/22

192.168.3.0/24

 

This external company need to get to the above subnets and visa versa.  BGP is working already by the way.

 

Is it best to use an access list or route map?

 

Would this work?

 

ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25
ip prefix-list myprefixlist1 seq 10 permit 192.168.138.0/24

ip prefix-list myprefixlist1 seq 15 permit 192.168.136.0/24
ip prefix-list myprefixlist1 seq 20 permit 192.168.115.0/24
ip prefix-list myprefixlist1 seq 25 permit 192.168.144.0/22
ip prefix-list myprefixlist1 seq 30 permit 192.168.3.0/24
!
router bgp 65000
neighbor 192.0.2.2 remote-as 65001
neighbor 192.0.2.2 prefix-list myprefixlist1 in

 

Thanks

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Hector Gustavo Serrano Gutierrez
Cisco Employee
Cisco Employee
In response to Andrew White

‎06-23-2019 09:34 AM - edited ‎06-23-2019 09:40 AM

"Wouldn't ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25 cover all subnets in 172.30.x.x/24?"

It would be:

ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/16 ge 23 le 25

 

"I guess I could just do?

ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24

That would match exactly the 172.30.0.0/24 and nothing else.

or

172.30.0.0/19 ge 24 le 24 as this will allow 172.30.0.x/24-172.30.31.x/24 subnets"

Sounds good to me :)

 

Cheers. 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Martin L
VIP
VIP

‎06-23-2019 08:28 AM


permit 172.30.0.0/24 ge 23 le 25 looks wrong... .give me a second... i take a deep look
0 Helpful

Go to solution
Andrew White
Level 2
Level 2
In response to Martin L

‎06-23-2019 09:05 AM - edited ‎06-23-2019 09:10 AM

Wouldn't ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25 cover all subnets in 172.30.x.x/24?

 

I have the range start from 172.30.1.x/24 , but have some on 172.30.3.x/24 then 7.x/24, 14,x/24, 21.x/24 and so on up until 31.x/24.  They are in no sequential order.

I guess I could just do?

 

ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24

 

or

 

172.30.0.0/19 ge 24 le 24 as this will allow 172.30.0.x/24-172.30.31.x/24 subnets

0 Helpful

Go to solution
Hector Gustavo Serrano Gutierrez
Cisco Employee
Cisco Employee
In response to Andrew White

‎06-23-2019 09:34 AM - edited ‎06-23-2019 09:40 AM

"Wouldn't ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25 cover all subnets in 172.30.x.x/24?"

It would be:

ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/16 ge 23 le 25

 

"I guess I could just do?

ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24

That would match exactly the 172.30.0.0/24 and nothing else.

or

172.30.0.0/19 ge 24 le 24 as this will allow 172.30.0.x/24-172.30.31.x/24 subnets"

Sounds good to me :)

 

Cheers. 

0 Helpful

Go to solution
Andrew White
Level 2
Level 2
In response to Hector Gustavo Serrano Gutierrez

‎06-23-2019 09:42 AM

I think "ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24" is the same as "ip prefix-list myprefixlist1 seq 5 permit 172.30.0.0/24 ge 23 le 25"

Both statements would cover subnets 172.30.0.0/24 to 172.30.255.0/24 is that correct?
0 Helpful

Go to solution
Martin L
VIP
VIP
In response to Andrew White

‎06-23-2019 10:04 AM - edited ‎06-23-2019 10:07 AM


permit 172.30.0.0/24 ge 23 le 25 --is invalid due to length of /24; make sure: specified length < ge-value <= le-value, that's why Hector used /16 and not /24

1st part is match my network bits. aka 24 bits in 172.30.0.0, so last octet does not matter what u got.
then, match mark prefix length /23, /24,and /25 inclusive

 

see https://learningnetwork.cisco.com/message/727879#727879

0 Helpful

Go to solution
Martin L
VIP
VIP

‎06-23-2019 08:48 AM - edited ‎06-23-2019 08:57 AM

we have about 10 networks /24 here like 172.30.5.0/24 and 172.30.15.0/24

your prefix should be 172.30.0.0/20 ge 24 le 24
- 172.30.0.0 255.255.240.0 give u range of 172.30.0.1 to 172.30.15.254 (magic number 16)
- ge 24 le 24 is needed to mark prefix length, which is /24 exact

 

Furthermore, if u want to eliminate 1st 4 prefixes, 172.30.0.0/24 thru 172.30.4.0/24 since you have 172.30.5.0/24 thru 10.0

you can add deny before permitting 172.30.5.0/20

deny 172.30.0.0/22 ge 24 le 24

permit 172.30.5.0/20 ge 24 le 24

how to get that or why , see https://learningnetwork.cisco.com/thread/133609?start=0&tstart=0

 

--------------------

Please rate and mark posts accordingly if you have found any of the information provided useful.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card