Solved: prefix list problem

sarahr202 · ‎12-15-2012

Hi everybody

Please consider the following example:

rest of network------f0/0-R2- f0/1---------------------R3

R2#show ip route
C    200.200.200.0/24 is directly connected, FastEthernet0/1
C    199.199.199.0/24 is directly connected, FastEthernet0/0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D       10.0.0.0/8 [90/409600] via 199.199.199.1, 00:02:59, FastEthernet0/0
C       10.1.0.0/16 is directly connected, Loopback1

router eigrp 1

network 10.0.0.0

network 199.199.199.0

network 200.200.200.0

distribute-list list out FastEthernet0/1

no auto-summary

ip prefix-list list seq 5 permit 10.0.0.0/8

!

This is what my book says about prefix list above:

Without ge or le configured, both prefix ( 10.0.0.0) and prefix length ( 8) must be exact match.

Based on the above statement, prefix 10.0.0.0/8 should be the only prefix permitted out of f0/1. The prefix 199.199.199.0/24 and 10.1.0.0/16 do no match the above prefix list and thus should not be advertised as per configurations.

However when I check the routing table at R3, I found prefixes 199.199.199.0/24, and 10.1.0.0/16

R3#show ip route

C    200.200.200.0/24 is directly connected, FastEthernet0/0
D    199.199.199.0/24 [90/307200] via 200.200.200.2, 00:10:51, FastEthernet0/0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D       10.0.0.0/8 [90/435200] via 200.200.200.2, 00:10:51, FastEthernet0/0
D       10.1.0.0/16 [90/409600] via 200.200.200.2, 00:10:51, FastEthernet0/0

I appreciate your help

thanks and have a great weekend.

Reza Sharifi · ‎12-15-2012

Hi Sarah,

Can you attached that to an access-list instead of prefix-list:

see my example:

router eigrp 1

network 10.0.0.0

network 199.199.199.0

network 200.200.200.0

distribute-list test out GigabitEthernet0/0

no auto-summary

ip access-list standard test

permit 10.0.0.0 0.0.0.255

Now if you go to R3 and do a "sh ip route eigrp" you should only see the 10.0.0.0 subnet.

HTH

Reza

View solution in original post

Reza Sharifi · ‎12-15-2012

Hi Sarah,

When the prefix-list does not have le ge at the end of it, then it is an exact match. So, in your case you are right 10.0.0.0/8 is an exact match and if you are denying 10.0.0.0/8 than 10.1.0.0/16 should be allowed:

I have include an example using prefix-list with eigrp before the prefix is applied and after:

before:

Switch#sh ip route eigrp

D 199.199.199.0/24 [90/2816] via 10.1.1.1, 00:00:01, GigabitEthernet1/0/47

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks

D 10.0.0.0/8 [90/2816] via 10.1.1.1, 00:00:01, GigabitEthernet1/0/47

D 10.1.0.0/16 [90/2816] via 10.1.1.1, 00:00:01, GigabitEthernet1/0/47

Switch#

As you can see 10/8 is in the routing table and so is 10.1/16 and 199.199.199/24

here is the prefix list config

ip prefix-list test seq 5 deny 10.0.0.0/8

ip prefix-list test seq 10 permit 0.0.0.0/0 le 32

router eigrp 1

network 10.0.0.0

network 199.199.199.0

network 200.200.200.0

distribute-list prefix test out GigabitEthernet0/0

no auto-summary

R2(config-router)#

and the result is that 10/8 is not in the routing table any more :

make sure to clear the eigrp neighbor first before you look at the routing table again

Switch#clear ip eigrp 1 neighbors

now

Switch#sh ip route eigrp

D 199.199.199.0/24 [90/2816] via 10.1.1.1, 00:00:03, GigabitEthernet1/0/47

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

D 10.1.0.0/16 [90/2816] via 10.1.1.1, 00:00:03, GigabitEthernet1/0/47

Switch#

HTH

Reza

View solution in original post

pardeep_verma · ‎12-15-2012

Hi Sarah,

Can u share ur configuration for router-2 & 3

With Regards
Pardeep Kumar
( Rate please if it is helpful )

With Regards Pardeep Kumar ( Rate please if it is helpful )

sarahr202 · ‎12-15-2012

R2#show running-config
Building configuration...

Current configuration : 1209 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef

no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated

archive
log config
hidekeys

interface Loopback1
ip address 10.1.1.1 255.255.0.0
!
interface FastEthernet0/0
ip address 199.199.199.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 200.200.200.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 1
network 10.0.0.0
network 199.199.199.0
network 200.200.200.0
distribute-list list out FastEthernet0/1
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
ip access-list standard list
!
!
ip prefix-list list seq 5 permit 10.0.0.0/8

control-plane

line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

R2#

---------------------------------------------------------------------

R3

R3#show running-config
Building configuration...

Current configuration : 976 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
ip domain name lab.local
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated

log config
hidekeys

interface FastEthernet0/0
ip address 200.200.200.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 1
network 200.200.200.0
auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
control-plane

!line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
!
end

R3#

==================================================

thanks

Reza Sharifi · ‎12-15-2012

Hi Sarah,

Did the solution work for you?

Thanks,

Reza

Reza Sharifi · ‎12-15-2012

Hi Sarah,

Can you attached that to an access-list instead of prefix-list:

see my example:

router eigrp 1

network 10.0.0.0

network 199.199.199.0

network 200.200.200.0

distribute-list test out GigabitEthernet0/0

no auto-summary

ip access-list standard test

permit 10.0.0.0 0.0.0.255

Now if you go to R3 and do a "sh ip route eigrp" you should only see the 10.0.0.0 subnet.

HTH

Reza

sarahr202 · ‎12-15-2012

Hi Reza.

I have already learned how we can use distribute list to control routes in updates using access-list or route map.

The third option we have is to use ip prefix list and referenced it in distribute list. So this is what I am trying to understand.

The first thing I need to understand the how this ip prefix list command works.

Ip prefix list has many options such as le ge etc. I am still trying to understand how the ip prefix list works when none of this option is used. For example ip prefix-list lee permit 10.0.0.0/8

Book says prefix with the exact match and prefix length will match the above. For example

10.0.0.0/8 will match the prefix list lee but 10.1.0.0/16 will not.

However, When I put this book 's claim to test, I found 10.1.0.0/16 still permitted out of int f0/1 of R2. I was expecting since 10.1.0.0/16 does not match the prefix list 10.0.0.0/8, therefore it will be denied by implicit deny statement under ip prefix lee and therefore R2 will not be advertise this prefix to its neighbor R3.

For some reason, R3 is learning this route, and also 199.199.199.0/24

This is what I am trying to figure out.

thanks and have a great day.

Reza Sharifi · ‎12-15-2012

Hi Sarah,

When the prefix-list does not have le ge at the end of it, then it is an exact match. So, in your case you are right 10.0.0.0/8 is an exact match and if you are denying 10.0.0.0/8 than 10.1.0.0/16 should be allowed:

I have include an example using prefix-list with eigrp before the prefix is applied and after:

before:

Switch#sh ip route eigrp

D 199.199.199.0/24 [90/2816] via 10.1.1.1, 00:00:01, GigabitEthernet1/0/47

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks

D 10.0.0.0/8 [90/2816] via 10.1.1.1, 00:00:01, GigabitEthernet1/0/47

D 10.1.0.0/16 [90/2816] via 10.1.1.1, 00:00:01, GigabitEthernet1/0/47

Switch#

As you can see 10/8 is in the routing table and so is 10.1/16 and 199.199.199/24

here is the prefix list config

ip prefix-list test seq 5 deny 10.0.0.0/8

ip prefix-list test seq 10 permit 0.0.0.0/0 le 32

router eigrp 1

network 10.0.0.0

network 199.199.199.0

network 200.200.200.0

distribute-list prefix test out GigabitEthernet0/0

no auto-summary

R2(config-router)#

and the result is that 10/8 is not in the routing table any more :

make sure to clear the eigrp neighbor first before you look at the routing table again

Switch#clear ip eigrp 1 neighbors

now

Switch#sh ip route eigrp

D 199.199.199.0/24 [90/2816] via 10.1.1.1, 00:00:03, GigabitEthernet1/0/47

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

D 10.1.0.0/16 [90/2816] via 10.1.1.1, 00:00:03, GigabitEthernet1/0/47

Switch#

HTH

Reza

sarahr202 · ‎12-15-2012

Thanks Reza.

In my example, there is an implicit deny at the end of ip prefix list so 10.0.0.0/8 is allowed but all the rest i.e 10.1.0.0/16, 199.199.199.0/24 should not have been advertised to R3 because of implicit deny.

I think this is the bug in ios .

thanks and have a great weekend.

Peter Koltl · ‎12-16-2012

this is correct but not an answer to the original anomaly (-:

donlindsay70 · ‎12-16-2012

Can you check that you have the prefix keyword in your eigrp config for the filter as it's in Resa's example but not in the config above.

Sent from Cisco Technical Support iPad App