Prefix-lists can be used to filter prefixes and are far more powerful than simple access-lists.Let’s say I want to filter all prefixes that fall within the 10.0.0.0 range and that have a subnet mask between /24 and /28. Do you think you could do this with an access-list? It will be difficult right…with a prefix-list this is very easy to do!
Most CCNP students find prefix-lists difficult to understand so in this lesson I’ll show you how prefix-lists work by using them as route filters.
I will show you different scenarios and different filters. Here is the topology that we will use:
Above you see two routers called “R1” and “R2”. On R2 we have a couple of loopback interfaces with prefixes that we will advertise in EIGRP. I’m doing this so we have a number of prefixes to play with. Here is the configuration:
R1(config)#router eigrp 12
R1(config-router)#no auto-summary
R1(config-router)#network 192.168.12.0
R2(config)#router eigrp 12
R2(config-router)#no auto-summary
R2(config-router)#network 192.168.12.0
R2(config-router)#network 172.16.0.0 0.0.3.255
EIGRP is configured so all networks are advertised.
R1#show ip route eigrp
172.16.0.0/24 is subnetted, 4 subnets
D 172.16.0.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D 172.16.1.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D 172.16.2.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
D 172.16.3.0 [90/156160] via 192.168.12.2, 00:01:07, FastEthernet0/0
If we look at the routing table of R1 we can see all those networks on the loopback interfaces as it should be. Now we’ll see if we can do some filtering. Let’s start with a simple prefix-list that filters 172.16.1.0 /24 but permits everything else:
R1(config)#ip prefix-list FILTERTHIS seq 5 deny 172.16.1.0/24
R1(config)#ip prefix-list FILTERTHIS seq 10 permit 0.0.0.0/0 le 32
By using the ip prefix-list command you can create prefix lists. As you can see it looks a bit similar as my access-list but instead of typing wildcards we just specify the number of bits. The first line denies 172.16.1.0/24 and the second line permits 0.0.0.0/0 (all networks) if they have a subnet mask of /32 or smaller…in other words “everything”. This line is the equivalent of “permit ip any any”.
Let’s enable it on R1 to see what the result is:
R1(config)#router eigrp 12
R1(config-router)#distribute-list prefix FILTERTHIS in
And we’ll enable the new prefix-list.
R1#show ip route eigrp
172.16.0.0/24 is subnetted, 3 subnets
D 172.16.0.0 [90/156160] via 192.168.12.2, 00:01:54, FastEthernet0/0
D 172.16.2.0 [90/156160] via 192.168.12.2, 00:01:54, FastEthernet0/0
D 172.16.3.0 [90/156160] via 192.168.12.2, 00:01:54, FastEthernet0/0
As you can see 172.16.1.0/24 has been filtered and all the other networks are permitted.
The true power of the prefix list is in the ge (Greater than or Equal to) and le (less than or equal to) operators. Let’s look at some examples:
R1(config)#ip prefix-list RENETEST permit 10.0.0.0/8 le 19
In this example I’m using the le operator. This prefix-list statement says that all networks that fall within the 10.0.0.0/8 range AND that have a subnet mask of /19 or less are permitted.
If I have a network with 10.0.0.0 /21 it will be denied by this prefix list. It falls within the 10.0.0.0 /8 range but it has a subnet mask of /21. I’m using the le operator which says that the subnet mask should be /19 or smaller.
Let’s say I have another network with 10.0.0.0 /17 then it will be permitted by this prefix-list. It falls within the 10.0.0.0/8 range and has a subnet mask that is smaller than /19.
Are you following me here? Let me give you an example on our routers:
R2(config)#interface loopback 10
R2(config-if)#ip address 10.1.1.1 255.255.0.0
R2(config-if)#interface loopback 11
R2(config-if)#ip address 10.2.2.2 255.255.128.0
R2(config-if)#interface loopback 12
R2(config-if)#ip address 10.3.3.3 255.255.192.0
R2(config-if)#interface loopback 13
R2(config-if)#ip address 10.4.4.4 255.255.224.0
R2(config-if)#interface loopback 14
R2(config-if)#ip address 10.5.5.5 255.255.240.0
R2(config-if)#interface loopback 15
R2(config-if)#ip address 10.6.6.6 255.255.248.0
First we’ll add a couple of loopback interfaces on R2. If you look closely you can see I’m using different subnetmasks.
R2(config)#router eigrp 12
R2(config-router)#network 10.0.0.0
And I’ll advertise them in EIGRP.
R1(config)#router eigrp 12
R1(config-router)#no distribute-list prefix FILTERTHIS in
Let’s get rid of the prefix-list on R1…
R1#show ip route eigrp
172.16.0.0/24 is subnetted, 4 subnets
D 172.16.0.0 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
D 172.16.1.0 [90/156160] via 192.168.12.2, 00:00:35, FastEthernet0/0
D 172.16.2.0 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
D 172.16.3.0 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 6 subnets, 6 masks
D 10.2.0.0/17 [90/156160] via 192.168.12.2, 00:02:22, FastEthernet0/0
D 10.3.0.0/18 [90/156160] via 192.168.12.2, 01:14:57, FastEthernet0/0
D 10.1.0.0/16 [90/156160] via 192.168.12.2, 00:06:11, FastEthernet0/0
D 10.6.0.0/21 [90/156160] via 192.168.12.2, 01:02:35, FastEthernet0/0
D 10.4.0.0/19 [90/156160] via 192.168.12.2, 01:14:46, FastEthernet0/0
D 10.5.0.0/20 [90/156160] via 192.168.12.2, 01:02:35, FastEthernet0/0
Now we see all the networks that fall within the 172.16.0.0/16 and 10.0.0.0/8 range. Time to enable that prefix-list I just created.
R1(config)#router eigrp 12
R1(config-router)#distribute-list prefix RENETEST in
This is how we activate it and this is what we end up with:
Ok, Hi everyone just joined the site.
I want to make sure that my brain understands this. It’s like you slice and dice and hopefully everything comes out right. So say I have this already as my prefix list:
10.0.12.0/24 le 32
Now say I want to include another network. So I want the following two networks in one prefix-list.
10.0.12.0/24 and 10.0.13.0/24, I want these covered by one prefix list.
So I figure that this will fit within the scope of these two networks.
2 will be size of subnets:
0, 2, 4, 6, 8, 10
... Continue reading in our forum12 and 13 — this fits just right.
14, 16, 18 et
I was so confused by this at first. I know its simple but its also a brain teaser for some reason.
first I pulled up my boson subnet tool its free tool by the way on the Boson.com (just need to create an account) website. At first I was thinking that first two bits mean the first two spots _ _ thinking it could be anything from 0 to 192 that it did not matter if it was a zero or a one. However after putting into the subnet calculator it helped me to see.
The next really helpful thing for me was when I went ahead and enabled the command with distribute-
... Continue reading in our forumRene,
I currently have set up R2 connected to R4.
R4 is advertising in EIGRP:
192.168.0.1/24
192.168.1.1/30 (255.255.255.252)
192.168.2.1/29 (255.255.255.248
192.168.3.1/28 (255.255.255.240)
I’m simply just practicing with prefix-list and wanted to filter out the /30 /29 /28 routes, and only advertise the /24
On R4 I have done:
However, R2 is still showing all of the above mentioned rout
... Continue reading in our forumI have been going crazy trying to figure this out the past 24 hours. Finally figured out that I was leaving out the keyword ‘prefix’ in my “distribute-list” command syntax. Basically the distribute-list was looking for an ACL (that never existed) because I didn’t specify ‘prefix’ in the command. A little more tricky since leaving out ‘prefix’ is an acceptable command. It’s working as it should now
Hello Minali
In the first case, the 0.0.0.0/1 subnet is all addresses from 0.0.0.0 to 127.255.255.255. This is the class A range of addresses. The
le 27
keywords indicate that each subnet matched by the prefix will have a subnet mask less than or equal to 27. So this prefix list matches things like 10.10.10.32/27, 86.52.14.64/26 and 100.100.128.128/25 and any other class A subnet with a prefix less than or equal to /27.On the other hand, the second prefix list is 128.0.0.0/2 which contains all addresses from 128.0.0.0 to 191.255.255.255, which are class B
... Continue reading in our forum