Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCNP CCIE Complete : Prefix Lists

Prefix Lists

Dec 01,2008 by alperen

small font medium font large font
image

Prefix Lists
Prefix lists were first introduced in IOS 12.0. They operate in much the same way as distribute
lists. Prefix lists are generally used to filter routes. Prefix lists can be combined with route maps.
We will discuss that in more detail in the next section.
The first two steps covered for distribute lists are the same for prefix lists:
1. Decide which routes need to be blocked from and/or accepted by the router.
2. Determine whether an inbound filter on the router or an outbound filter on another device
would be better to use.
BGP Filters 303
Where the processes differ is in the last two steps. Instead of creating an access list, you need
to create a prefix list. Instead of attaching the distribute-list keyword to the neighbor
statement, you need to attach the prefix-list keyword to the neighbor statement. Thus, the
third and fourth steps for prefix lists would be as follows:
3. Create a prefix list.
4. Attach the prefix-list keyword to the neighbor statement.
You may be wondering, if distribute lists and prefix lists are so similar, why not use distribute
lists and forget about prefix lists? Remember: Distribute lists rely on an access list. An access list
reads from top to bottom, and any new line of the access list you add is placed at the end of the
access list. The problem occurs if you need to permit or deny a new route closer to the beginning
of the access list after the access list has been created. In order to accomplish this, you would
need to remove the access list and configure a new access list. Prefix lists overcome this limitation
with the use of sequence numbers. For instance, if you had a prefix list that had sequence 10
and sequence 15 and you decided you needed to enter a new prefix list line before sequence 15,
you could use sequence 11, 12, 13, or 14 to accomplish this. Prefix lists are easier to manage as
a network grows in size. An important item to remember about prefix lists is that they have an
implicit deny all at the end of them.
When configuring a prefix list, if you do not specify a sequence number, the first line of the
prefix list will start at 5 and each additional line added increments by 5. To configure a prefix
list, the following command needs to be used in global configuration mode:
ip prefix-list list-name [seq seq-value] {permit | deny} network/len
➥[ge ge-value] [le le-value]
list-name - the name to use for the prefix list.
seq-value - the numeric value of the sequence. seq is an optional paramater.
network - the network address.
len - the length of the subnet mask.
ge-value - the from value of the range.
le-value - the to value of the range.
The le-value and the ge-value can be used to create a range of addresses to permit or deny
for the network address entered. You can also use the values independently of each other. For
instance, if the network address of 192.168.24.0 /24 was entered and the ge-value of 28 was
used, any addresses within the network address with a subnet mask equal to or greater than /28
would be the addresses that would be matched. If the le-value of 28 had been used instead of
the ge-value, any addresses within the network address with a mask between /24 and /28 would
be the addresses that were matched.
Now that you know the syntax, we will walk through the configuration of a line for a prefix list:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip prefix-list ?
304 Chapter 9  Advanced Border Gateway Protocol
WORD Name of a prefix list
sequence-number Include/exclude sequence numbers in NVGEN
R1(config)#ip prefix-list 1 ?
deny Specify packets to reject
description Prefix-list specific description
permit Specify packets to forward
seq sequence number of an entry
R1(config)#ip prefix-list 1 seq ?
<1-4294967294> Sequence number
R1(config)#ip prefix-list 1 seq 10 ?
deny Specify packets to reject
permit Specify packets to forward
R1(config)#ip prefix-list 1 seq 10 permit ?
A.B.C.D IP prefix <network>/<length>, e.g., 35.0.0.0/8
R1(config)#ip prefix-list 1 seq 10 permit 192.168.24.0/24 ?
ge Minimum prefix length to be matched
le Maximum prefix length to be matched
<cr>
To permit all or deny all routes, the following prefix list lines can be used:
ip prefix-list name permit 0.0.0.0/0 le 32
ip prefix-list name deny 0.0.0.0/0 le 32
Name is the name of the prefix list. You can optionally specify the sequence number.
After the prefix list has been created, you need to apply it to the appropriate BGP session. The
command to associate a prefix list with a BGP session is as follows:
neighbor peer-address prefix-list name {in | out}
peer-address - address of the BGP peer you want to apply the filter to.
name - the name of the prefix list to associate.
Now that you understand how to create and apply prefix lists, let’s put that knowledge to
work. Refer to Figure 9.8.
198 times read

Related news
» Prefix lists
by alperen posted on Dec 01,2008
» Distribute Lists
by alperen posted on Dec 01,2008
» Route Filtering
by alperen posted on Nov 30,2008
» Restricting Networks Advertised to a BGP Peer
by admin posted on Jul 21,2008
» Distribute list
by alperen posted on Dec 01,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.