How to configure Prefix-List on Cisco Router

Prefix-lists can be used to filter prefixes and are far more powerful than simple access-lists.Let’s say I want to filter all prefixes that fall within the 10.0.0.0 range and that have a subnet mask between /24 and /28. Do you think you could do this with an access-list? It will be difficult right…with a prefix-list this is very easy to do!

Prefix-lists can be used to filter prefixes and are far more powerful than simple access-lists.Let's say I want to filter all prefixes that fall within the 10.0.0.0 range and that have a subnet mask between /24 and /28. Do you think you could do this with an access-list? It will be difficult right..



Most CCNP students find prefix-lists difficult to understand so in this lesson I’ll show you how prefix-lists work by using them as route filters.

Prefix-lists can be used to filter prefixes and are far more powerful than simple access-lists.Let's say I want to filter all prefixes that fall within the 10.0.0.0 range and that have a subnet mask between /24 and /28. Do you think you could do this with an access-list? It will be difficult right..

I will show you different scenarios and different filters. Here is the topology that we will use:

prefix list example topology

Above you see two routers called “R1” and “R2”. On R2 we have a couple of loopback interfaces with prefixes that we will advertise in EIGRP. I’m doing this so we have a number of prefixes to play with. Here is the configuration:

R1(config)#router eigrp 12
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0
R2(config)#router eigrp 12
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 172.16.0.0 0.0.3.255

EIGRP is configured so all networks are advertised.

R1#show ip route eigrp 
     172.16.0.0/24 is subnetted, 4 subnets
D       172.16.0.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.1.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.2.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D       172.16.3.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0

If we look at the routing table of R1 we can see all those networks on the loopback interfaces as it should be. Now we’ll see if we can do some filtering. Let’s start with a simple prefix-list that filters 172.16.1.0 /24 but permits everything else:

R1(config)#ip prefix-list FILTERTHIS seq 5 deny 172.16.1.0/24
R1(config)#ip prefix-list FILTERTHIS seq 10 permit 0.0.0.0/0 le 32

By using the ip prefix-list command you can create prefix lists. As you can see it looks a bit similar as my access-list but instead of typing wildcards we just specify the number of bits. The first line denies 172.16.1.0/24 and the second line permits 0.0.0.0/0 (all networks) if they have a subnet mask of /32 or smaller…in other words “everything”. This line is the equivalent of “permit ip any any”.

Let’s enable it on R1 to see what the result is:

R1(config)#router eigrp 12
R1(config-router)#distribute-list prefix FILTERTHIS in

And we’ll enable the new prefix-list.

R1#show ip route eigrp 
     172.16.0.0/24 is subnetted, 3 subnets
D       172.16.0.0 [90/156160] via 192.168.12.2, 00:01:54, FastEthernet0/0
D       172.16.2.0 [90/156160] via 192.168.12.2, 00:01:54, FastEthernet0/0
D       172.16.3.0 [90/156160] via 192.168.12.2, 00:01:54, FastEthernet0/0

As you can see  172.16.1.0/24 has been filtered and all the other networks are permitted.

The true power of the prefix list is in the ge (Greater than or Equal to) and le (less than or equal to) operators. Let’s look at some examples:

R1(config)#ip prefix-list RENETEST permit 10.0.0.0/8 le 19

In this example I’m using the le operator. This prefix-list statement says that all networks that fall within the 10.0.0.0/8 range AND that have a subnet mask of /19 or less are permitted.

If I have a network with 10.0.0.0 /21 it will be denied by this prefix list. It falls within the 10.0.0.0 /8 range but it has a subnet mask of /21. I’m using the le operator which says that the subnet mask should be /19 or smaller.

Let’s say I have another network with 10.0.0.0 /17 then it will be permitted by this prefix-list. It falls within the 10.0.0.0/8 range and has a subnet mask that is smaller than /19.

Are you following me here? Let me give you an example on our routers:

R2(config)#interface loopback 10 
R2(config-if)#ip address 10.1.1.1 255.255.0.0
R2(config-if)#interface loopback 11
R2(config-if)#ip address 10.2.2.2 255.255.128.0
R2(config-if)#interface loopback 12
R2(config-if)#ip address 10.3.3.3 255.255.192.0
R2(config-if)#interface loopback 13
R2(config-if)#ip address 10.4.4.4 255.255.224.0
R2(config-if)#interface loopback 14
R2(config-if)#ip address 10.5.5.5 255.255.240.0
R2(config-if)#interface loopback 15
R2(config-if)#ip address 10.6.6.6 255.255.248.0

First we’ll add a couple of loopback interfaces on R2. If you look closely you can see I’m using different subnetmasks.

R2(config)#router eigrp 12
R2(config-router)#network 10.0.0.0

And I’ll advertise them in EIGRP.

R1(config)#router eigrp 12
R1(config-router)#no distribute-list prefix FILTERTHIS in

Let’s get rid of the prefix-list on R1…

R1#show ip route eigrp 
     172.16.0.0/24 is subnetted, 4 subnets
D       172.16.0.0 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
D       172.16.1.0 [90/156160] via 192.168.12.2, 00:00:35, FastEthernet0/0
D       172.16.2.0 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
D       172.16.3.0 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
     10.0.0.0/8 is variably subnetted, 6 subnets, 6 masks
D       10.2.0.0/17 [90/156160] via 192.168.12.2, 00:02:22, FastEthernet0/0
D       10.3.0.0/18 [90/156160] via 192.168.12.2, 01:14:57, FastEthernet0/0
D       10.1.0.0/16 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
D       10.6.0.0/21 [90/156160] via 192.168.12.2, 01:02:35, FastEthernet0/0
D       10.4.0.0/19 [90/156160] via 192.168.12.2, 01:14:46, FastEthernet0/0
D       10.5.0.0/20 [90/156160] via 192.168.12.2, 01:02:35, FastEthernet0/0

Now we see all the networks that fall within the 172.16.0.0/16 and 10.0.0.0/8 range. Time to enable that prefix-list I just created.

R1(config)#router eigrp 12
R1(config-router)#distribute-list prefix RENETEST in

This is how we activate it and this is what we end up with:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

501 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,


Forum Replies

  1. Ok, Hi everyone just joined the site.

    I want to make sure that my brain understands this. It’s like you slice and dice and hopefully everything comes out right. So say I have this already as my prefix list:

    10.0.12.0/24 le 32

    Now say I want to include another network. So I want the following two networks in one prefix-list.

    10.0.12.0/24 and 10.0.13.0/24, I want these covered by one prefix list.

    So I figure that this will fit within the scope of these two networks.

    2 will be size of subnets:

    0, 2, 4, 6, 8, 10
    12 and 13 — this fits just right.
    14, 16, 18 et

    ... Continue reading in our forum

  2. I was so confused by this at first. I know its simple but its also a brain teaser for some reason.
    first I pulled up my boson subnet tool its free tool by the way on the Boson.com (just need to create an account) website. At first I was thinking that first two bits mean the first two spots _ _ thinking it could be anything from 0 to 192 that it did not matter if it was a zero or a one. However after putting into the subnet calculator it helped me to see.

    The next really helpful thing for me was when I went ahead and enabled the command with distribute-

    ... Continue reading in our forum

  3. Rene,

    I currently have set up R2 connected to R4.
    R4 is advertising in EIGRP:
    192.168.0.1/24
    192.168.1.1/30 (255.255.255.252)
    192.168.2.1/29 (255.255.255.248
    192.168.3.1/28 (255.255.255.240)

    I’m simply just practicing with prefix-list and wanted to filter out the /30 /29 /28 routes, and only advertise the /24

    On R4 I have done:

    R4(config#) ip prefix-list test deny 192.168.0.0/16 ge 28 le 30
    R4(config#) ip prefix-list test permit 0.0.0.0/0 le 32
    
    R4(config-router#) distribute-list test out serial0/0/0
    

    However, R2 is still showing all of the above mentioned rout

    ... Continue reading in our forum

  4. I have been going crazy trying to figure this out the past 24 hours. Finally figured out that I was leaving out the keyword ‘prefix’ in my “distribute-list” command syntax. Basically the distribute-list was looking for an ACL (that never existed) because I didn’t specify ‘prefix’ in the command. A little more tricky since leaving out ‘prefix’ is an acceptable command. It’s working as it should now :grinning:

  5. Hello Minali

    In the first case, the 0.0.0.0/1 subnet is all addresses from 0.0.0.0 to 127.255.255.255. This is the class A range of addresses. The le 27 keywords indicate that each subnet matched by the prefix will have a subnet mask less than or equal to 27. So this prefix list matches things like 10.10.10.32/27, 86.52.14.64/26 and 100.100.128.128/25 and any other class A subnet with a prefix less than or equal to /27.

    On the other hand, the second prefix list is 128.0.0.0/2 which contains all addresses from 128.0.0.0 to 191.255.255.255, which are class B

    ... Continue reading in our forum

52 more replies! Ask a question or join the discussion by visiting our Community Forum