Information Technology Reference
In-Depth Information
With the basic form of the prefix list, an exact match of both prefix number and prefix length
is assumed. In Example 4-4, the prefix list matches only the prefix 172.16.1.0/24. The
prefixes 172.16.1.128/25 and 172.16.1.0/25, for example, are not matched.
To match a range of prefixes and lengths, additional optional keywords are needed. When
a range ends at /32, the greater-than-or-equal-to (
ge
) can be specified. The value of
ge
must
be greater than the length value specified by prefix/length and not greater than 32. The
range is assumed to be from the
ge
value to 32 if only the
ge
attribute is specified. If the
range does not end at 32, another keyword,
le
, must be specified. The use of
le
is discussed
later in this section.
A prefix consists of a prefix number and a prefix length. When a range is specified for
a prefix list, the prefixes are matched for a range of prefix numbers and prefix lengths. For
example, if a prefix list is
172.16.1.0/24 ge 25
, the matched range of the prefix numbers
is 172.16.1.0 255.255.255.0 (representing a network mask in this case). The range of
the matched prefix lengths falls between 25 and 32, inclusive. Thus, prefixes such as
172.16.1.128/25 and 172.16.1.0/30 are included. As another example, if the prefix list is
172.16.1.0/24 ge 27
, the matched range of the prefix numbers is still the same—that is,
172.16.1.0 255.255.255.0. The difference between the two is the range of the matched
prefix lengths is smaller in the second example.
NOTE
Example 4-5 shows an example of matching a portion of 172.16.0.0/16. Notice that the
range is between /17 and /32, inclusive. Thus, the network 172.16.0.0/16 is excluded from
the match. The legacy extended ACL version is also included for comparison.
Matching a Portion of 172.16.0.0 255.255.0.0
Example 4-5
ip prefix-list range-1 permit 172.16.0.0/16 ge 17
!
access-list 100 permit ip 172.16.0.0 0.0.255.255 255.255.128.0 0.0.127.255
Standard ACLs do not consider prefix lengths. To filter classless routing updates, you can
use extended ACLs. The source address, together with wildcard bits, specifies the prefix
number. The field of destination address in an extended ACL is used to represent the actual
netmask, and the field of destination wildcard bits is used to denote how the netmask should
be interpreted. In other words, the fields of destination address and wildcard masks indicate
the range's prefix lengths. The following are some examples.
NOTE
