helloo..

i think this will also work.........

ip prefix-list test 5 10.0.0.0/14 ge 15 le 16

ip prefix-list 10 test 10 10.4.0.0/16

arun :)

Arun,

This would work but would allow additional prefixes such as 10.0.0.0/15, 10.0.0.0/16, 10.1.0.0/15, 10.2.0.0/15, 10.3.0.0/15.

On the other hand you could change the first statement for ge 16 le 16, at which point only prefix 10.0.0.0/16 would be allowed on top of the specified prefixes (10.1.0.0/16 - 10.4.0.0/16).

Regards,

hi sir, i should admit that i m not able to understand ge or le at all !!! either u explain to me in simple words plz or refer me a doc that can explain me prefix list in an easy manner, i checked the univercd bgp guide and prefix list doc but didnt understand, can u plz refer me some doc or explain

thanks again in advance

Please refer to the attached document and let me know if it helps.

Regards,

sorry sir, but it didnt helped :( i m getting really confuse in ge and le parameters, see i have these 4 networks

10.24.0.0/16

10.25.0.0/16

10.26.0.0/16

10.27.0.0/16

now the summary will be 10.24.0.0/14 right ?

how can i specify this in the prefix list,

plz sir dont take me wrong but just dont give the answer i mean plz explain ur answer, like if u include ge or le then plz tell me how and why u have written them

thanks in advance

That is correct. You can use one statement to match the 4 prefixes as they share a common boundary.

Now if you want these prefixes to be allowed but strictly with a prefix length of 16, you would have the following prefix-list:

ip prefix-list test seq 10 permit 10.24.0.0/14 ge 16 le 16

If you didn't configure le 16 ge 16 then the default prefix length (/14) would be applied and would therefore not allow the /16 prefixes.

Hope this helps,

Slight oversight.

10.1.0.0/15 and 10.3.0.0/15 are illegal prefix/prefix length combination.

Sorry for the confusion,

hi sir, i started reading wendell odom exam certification for ccie and i think i m understanding it now, just a lil more practice i guess, there is one final question so plz tell me

i have these networks

10.1.0.0/16 till 10.20.0.0/16

i want to filter

1) all the odd networks

2) all the even networks

wat will be the prefix list ??

plz give separate prefix list for 1 and 2.

thanks again in advance

This kind of requirement (odd/even) cannot be achieved with a prefix-list as prefix-lists do not allow to configure non contiguous masks.

This would easily be done with an extended ACL as they do allow for non contiguous masks:

1) Allow all odd networks between 10.1.0.0/16 and 10.20.0.0/16 inclusively

access-list 101 permit ip 10.1.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.17.0.0 0.2.255.255 host 255.255.0.0

2) Allow all even networks between 10.1.0.0/16 and 10.20.0.0/16 inclusively

access-list 101 permit ip 10.0.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.16.0.0 0.2.255.255 host 255.255.0.0

access-list 101 permit ip 10.20.0.0 0.0.255.255 host 255.255.0.0

Hope this helps,

Small rectification on the second access-list. The requirement stated 10.1.0.0/16 to 10.20.0.0/16 and the proposed ACL allows 10.0.0.0/16. It can be modified as follow to fulfill the requirement:

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0

access-list 101 permit ip 10.0.0.0 0.14.255.255 host 255.255.0.0

access-list 101 permit ip 10.16.0.0 0.2.255.255 host 255.255.0.0

access-list 101 permit ip 10.20.0.0 0.0.255.255 host 255.255.0.0

Hope this helps,

Really interesting ....

sir,

can u just tell then how will be my access-list if i want to permit only networks

10.1.0.0/16 to 10.10.0.0/16 ??

Again, 10.1.0.0/16 to 10.10.0/16 don't all fall under a common mask boundary, so you will need more than one line.

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0 /* denies 10.0.0.0/16 as it is part of the following block but shouldn't allowed according to your specifications */

access-list 101 permit ip 10.0.0.0 0.0.15.255 host 255.255.0.0 /* allows 10.0.0.0/16 tp 10.15.0.0/16 */

access-list 101 permit ip 10.16.0.0 0.0.255.255 host 255.255.0.0 /* allows 10.16.0.0/16 */

Hope this helps,

Sorry I misread the specifications. Here's the new ACL:

access-list 101 deny ip 10.0.0.0 0.0.255.255 host 255.255.0.0 /* denies 10.0.0.0/16 from the following block */

access-list 101 permit ip 10.0.0.0 0.7.255.255 host 255.255.0.0 /* permits 10.0.0.0/16 to 10.7.0.0/16 */

access-list 101 permit ip 10.8.0.0 0.1.255.255 host 255.255.0.0 /* permits 10.8.0.0/16 to 10.9.0.0/16 */

access-list 101 permit ip 10.0.10.0 0.0.255.255 host 255.255.0.0 /* permits 10.10.0.0/16 */

Hope this helps,

thanks u sir,,

so the logic is divide into block size of nearest 2^n , and the find the network portion by logical AND of first and last ip,and for mask portion logical XOR of first and last ip....

after it if any ip are coming out of our requirement,make specific access-list for it...

am i right???

... :)