A quick touch on prefix lists.
They are for matching, similar to an access list or whatnot, but can match exact subnet mask lengths.
First you just have an IP with slash notation, and you are matching that EXACT prefix. For instance:
#ip prefix-list ListName permit 10.1.0.0/16
would match the first sixteen bits. This will not match 10.1.0.0/18. It must match the subnet length EXACTLY.
But say we are looking to match a bit more than that.
#ip prefix-list ListName permit 10.1.0.0/16 ge 24 le 24
So we need to match the prefix 10.1.0.0 exactly, but we only want to match /24 masks (remember, this is for matching routes, not hosts) So any /24 route that starts with 10.1. will be matched.
So you want a real life example. Say all my loopback addresses start with 10.99.x.x and I want to match them with a filter. Well I know all my loopbacks are a /32 mask, so I can put
#ip prefix-list LoopBackMatch permit 10.99.0.0/16 ge 32 le 32
I matched the 10.99 prefix, then look through those and only match /32 bit masks.
Last example
ge meaning greater than or equal to, le meaning less than or equal to, we can match a range of masks.
Say all my client routes are 10.x.x.x with /22 masks, and all my switch management, wireless APs, security, and other networks are /24 and /25 masks, and my router links are /30.
#ip prefix-list ClientMatchList permit 10.0.0.0/8 ge 22 le 22
#ip prefix-list ManageNetworksList permit 10.0.0.0/8 ge 24 le 25
#ip prefix-list RouterLinksList permit 10.0.0.0/8 ge 30 le 30
Here I matched the /22 in the first line for client networks.
Then I matched greater or equal to /24 and less than or equal to /25 to match the other networks
Lastly I matched /30 subnets for the router links.
As always, let me know if I got something wrong, I am learning!
Try a few examples!
Tuesday, June 14, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment