cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2307
Views
20
Helpful
3
Replies

Prefix List for all Private Networks

Mokhalil82
Level 4
Level 4

Hi

I would like to create prefix list on my router running BGP with the ISP to only allow routs coming in from private networks. I will attach these to a route map and then reference in my BGP config. Are these the correct prefix list or do I need any le or ge in there.

ip prefix-list FROM-VIRGIN seq 10 permit 10.0.0.0/8 
ip prefix-list FROM-VIRGIN seq 10 permit 172.16.0.0/12
ip prefix-list FROM-VIRGIN seq 10 permit 192.168.0.0/16 

Thanks

3 Replies 3

Ganesh Hariharan
VIP Alumni
VIP Alumni

Hello Mokhalil82,

Agreed with Jon..

ip prefix-list FROM-VIRGIN seq 10 permit 10.0.0.0/8 
ip prefix-list FROM-VIRGIN seq 10 permit 172.16.0.0/12
ip prefix-list FROM-VIRGIN seq 10 permit 192.168.0.0/16 

The above will only do exact match for the prefix 10.0.0.0 with a subnet mask of 255.0.0.0. This does not match 10.1.0.0/8, nor does it match 10.10.1.4/32, nor anything in between.

When you add the keywords “GE” and “LE” to the prefix-list, the “len” value changes its meaning. When using GE and LE, the len value specifies how many bits of the prefix you are checking, starting with the most significant bit.

ip prefix-list LIST permit 10.20.3.0/24 le 32

This means:
Check the first 24 bits of the prefix 10.20.3.0,The subnet mask must be less than or equal to 32.

Hope it Helps..

-GI

Dear friends,

Please allow me to join - just a small remark.

Ganesh wrote:

Check the first 24 bits of the prefix 10.20.3.0,The subnet mask must be less than or equal to 32.

In other words, this means: "Check whether the network being examined is a subnet of 10.20.3.0/24 and its netmask is less or equal to /32 (obviously, not less than /24, as it would no longer be a subnet)." Indeed, when using ge and/or le criteria, the network/netmask combination in the prefix-list entry specifies the basic network whose subnets are being matched, and the ge and le specify criteria on the netmasks of these subnets.

Best regards,
Peter

Jon Marshall
Hall of Fame
Hall of Fame

Your prefix list will only match routes with that specific prefix length, probably not what you want.

Add "le 32" to the end of each line which will cover all possible subnets.

You should probably use different sequence numbers as well.

Jon

Review Cisco Networking for a $25 gift card