Note that though it captures traffic like ACLs, it cannot be combined with an access-group command to block access like ACLs.
In the following example, we can see the prefix length is gradually increasing.
192.168.0000 0001.|0000 0000 - 192.168.1.0/24
192.168.0000 0010.0|000 0000 - 192.168.2.0/25
192.168.0000 0011.00|00 0000 - 192.168.3.0/26
192.168.0000 0101.000|0 0000 - 192.168.4.0/27
Let's say we want to block above routes which has the prefix length greater than /25.
It is easier because of the following operators.
ge - greator than or equal to
le - less than or equal to
Let's see how to meet the requirement and understand the behavior.
R1(config)#ip prefix-list TEST seq 20 permit 0.0.0.0/0 le 32
'192.168.0.0/16 ge 25' means it will capture the routes which starts from 192.168.0.0 and has the prefix length greater than or equal to /25.
The last line 'permit 0.0.0.0/0 le 32' is equal to the 'permit any' in access lists.
Because of the sequence number, we can easily put entries later to update the prefix list.
If we wanted to capture only one specific route with prefix lists, we can use the command without 'ge' or 'le' operators.
As an example;
R1(config)#ip prefix-list TEST seq 10 deny 192.168.3.0/25
No comments:
Post a Comment