08-14-2018 10:48 AM
Hi guys.
for example I have following prefix list:
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 20 permit 192.168.172.16/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 30 permit 192.168.172.32/29
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32
if I'd like to merge rules 10,20,30 to one. is list bellow is right?
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/26 ge 28 le 29
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32
Thank you.
08-14-2018 11:30 AM
Hello,
according to my calculation, you need this:
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/27
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 20 permit 192.168.172.32/29
You don't need a deny at the end, it is implicit:
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32
08-14-2018 12:35 PM - edited 08-14-2018 12:36 PM
Hello
@Andriy Sidko wrote:
Hi guys.
for example I have following prefix list:
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 20 permit 192.168.172.16/28
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 30 permit 192.168.172.32/29ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32
if I'd like to merge rules 10,20,30 to one. is list bellow is right?
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 10 permit 192.168.172.0/26 ge 28 le 29
ip prefix-list PL-DISTRIBUTE-NETS-FROM-GATE seq 200 deny 0.0.0.0/0 le 32
Thank you.
Yes it would incorporate your subnets also 192.168.172.0/28 le 29 would allow subnets in 192.168.172.x greater than 28 and less /equal than 29
08-15-2018 10:00 AM
why 192.168.172.0/28 le 29 but not 192.168.172.0/26 ge 28 le 29
next closest subnet covers all three:
192.168.172.0/28
192.168.172.16/28
192.168.172.32/29
is 192.168.172.0/26 Why why 192.168.172.0/28 le 29 is better?
Thank you.
08-16-2018 07:19 AM
No , In your prefix-list "/28,/29" tells to match only prefixes ,not a subnet mask. when we write prefix-list with "le,ge" that will impact to match subnet mask, so in this prefix-list (10,20,30) nothing to match subnet mask, as georg told we can write this in two line ,listed below.
seq 10 permit 192.168.172.0/27 (this will allow prefix from 172.0 - 172.31)
seq 20 permit 192.168.172.32/29 (this will allow prefix from 172.32 - 172.39).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide