Prefix-list doubt

Have some doubt on Prefix-list :

First,
How Prefix-list differentiate between Network and Host. Does it differentiate like ACL or deal these two in different more suitable manner.
Like in ACL if I am writing permit 10.0.0.0/8 it includes 10.0.0.0 to 10.255.255.255. Is it same in Prefix-list ?

If I want to match 128.0.0.0 only , whould I write 128.0.0.0/1 or 128.0.0.0/8 or 128.0.0.0/32 ?

Second,
As prefix-list says it is exact match.
ip prefix-list test1 permit 10.0.0.0/8
will it allow only a single IP 10.0.0.0 like in ACL HOST 10.0.0.0 command does or it will allow 10.0.0.0 to 10.255.255.255 like ACL 10.0.0.0/8 does.

Third,
ip prefix-list test2 permit 10.0.0.0/16 ge 24
In first condition it matches 1st and 2nd actate, second condition it matches /24, /25 /26 , /27 , /28 , /29 , /30 , /31 , /32 ignoring any value (0-255 ) in fourth octate. How it treats with the value of 3rd octate , does it deny any value between 1-255.

Fourth,
If I want to permit 192.0.0.0 IP only then , will I write 192.0.0.0/2 or 192.0.0.0/8, what is difference between two.
ip prefix-list test5 permit 192.0.0.0/2 ge 23 le 24
ip prefix-list test6 permit 192.0.0.0/8 ge 23 le 24
will these two Prefix-list serves the same output, if not then what are the IPs covered separately in these two

 

Comments

  • peetypeety ✭✭✭

    Have some doubt on Prefix-list :

    First,
    How Prefix-list differentiate between Network and Host. Does it differentiate like ACL or deal these two in different more suitable manner.
    Like in ACL if I am writing permit 10.0.0.0/8 it includes 10.0.0.0 to 10.255.255.255. Is it same in Prefix-list ?

    If I want to match 128.0.0.0 only , whould I write 128.0.0.0/1 or 128.0.0.0/8 or 128.0.0.0/32 ?

    Prefix lists only work on prefixes. If you'd like a meticulous definition, a prefix is a route (network) with a mask. "If I want to match 128.0.0.0 only", you'd use an ACL, as what you've asked for is not a prefix.

    Second,
    As prefix-list says it is exact match.
    ip prefix-list test1 permit 10.0.0.0/8
    will it allow only a single IP 10.0.0.0 like in ACL HOST 10.0.0.0 command does or it will allow 10.0.0.0 to 10.255.255.255 like ACL 10.0.0.0/8 does.

    Again, prefix lists only work on prefixes. They're not usable as a drop-in replacement for an ACL. If you want to allow a single IP address, it sounds to me like you want an ACL.

    Third,
    ip prefix-list test2 permit 10.0.0.0/16 ge 24
    In first condition it matches 1st and 2nd actate, second condition it matches /24, /25 /26 , /27 , /28 , /29 , /30 , /31 , /32 ignoring any value (0-255 ) in fourth octate. How it treats with the value of 3rd octate , does it deny any value between 1-255.

    Again, prefix lists only work on prefixes. This prefix list starts off by matching the prefix 10.0.0.0/16, which means it matches a prefix whose network component is 10.0.0.0 and whose mask component is /16. There's only one possible match here, 10.0.0.0/16. When you then add the ge 24 onto the end, the prefix list now matches all networks in the 10.0.0.0/16 space (10.0.x.x) whose masks are /24 or longer, so 10.0.0.0/16 no longer matches, but now matches 10.0.0.0/24, 10.0.255.0/24, 10.0.37.0/25, 10.0.195.0/28, 10.0.22.16/28, etc.

    Fourth,
    If I want to permit 192.0.0.0 IP only then , will I write 192.0.0.0/2 or 192.0.0.0/8, what is difference between two.
    ip prefix-list test5 permit 192.0.0.0/2 ge 23 le 24
    ip prefix-list test6 permit 192.0.0.0/8 ge 23 le 24
    will these two Prefix-list serves the same output, if not then what are the IPs covered separately in these two

    Again, prefix lists don't filter packets, they filter prefixes. 192.0.0.0/2 ge 23 le 24 matches anything in 192.0.0.0/2 whose mask is /23-24, so [192-255].[0-255].[0-255].0/[23-24].

  • I have no doubts that this service https://write-mypapers.org is the best for a young student. try it out!

Sign In or Register to comment.