Resources
    How do prefix-lists work?
    26 December 07

    How do prefix-lists work?

    Posted byBrian McGahan
    facebooktwitterlinkedin
    news-featured

    <p>Prefix-lists are used to match on prefix and prefix-length pairs. Normal prefix-list syntax is as follows:</p>

    <p><!--more--></p>

    <pre>

    ip prefix-list LIST permit w.x.y.z/len

    </pre>

    <p>Where w.x.y.z is your exact prefix<br/> And where len is your exact prefix-length</p>

    <p>"ip prefix-list LIST permit 1.2.3.0/24" would be an exact match for the prefix 1.2.3.0 with a subnet mask of 255.255.255.0. This does not match 1.2.0.0/24, nor does it match 1.2.3.4/32, nor anything in between.</p>

    <p>When you add the keywords "GE" and "LE" to the prefix-list, the "len" value changes its meaning. When using GE and LE, the len value specifies how many bits of the prefix you are checking, starting with the most significant bit.</p>

    <pre>

    ip prefix-list LIST permit 1.2.3.0/24 le 32

    </pre>

    <p>This means:<br/> Check the first 24 bits of the prefix 1.2.3.0<br/> The subnet mask must be less than or equal to 32</p>

    <p>This equates to the access-list syntax:</p>

    <pre>access-list 1 permit 1.2.3.0 0.0.0.255</pre>

    <pre>ip prefix-list LIST permit 0.0.0.0/0 le 32</pre>

    <p>This means:<br/> Check the first 0 bits of the prefix 0.0.0.0<br/> The subnet mask must be less than or equal to 32<br/> This equates to anything</p>

    <pre>ip prefix-list LIST permit 0.0.0.0/0</pre>

    <p>This means:<br/> The exact prefix 0.0.0.0, with the exact prefix-length 0.<br/> This is matching a default route.</p>

    <pre>ip prefix-list LIST permit 10.0.0.0/8 ge 21 le 29</pre>

    <p>This means:<br/> Check the first 8 bits of the prefix 10.0.0.0<br/> The subnet mask must be greater than or equal to 21, and less than or<br/> equal to 29.</p>

    <pre>ip prefix-list CLASS_A permit 0.0.0.0/1 ge 8 le 8</pre>

    <p>This matches all class A addresses with classful masks. It means:<br/> Check the first bit of the prefix, it must be a 0.<br/> The subnet mask must be greater than or equal to 8, and less than or equal to 8. ( It is exactly 8 )</p>

    <p>When using the GE and LE values, you must satisfy the condition:</p>

    <p>Len &lt; GE &lt;= LE</p>

    <p>Therefore "ip prefix-list LIST permit 1.2.3.0/24 ge 8" is not a valid list.</p>

    <p>What you can not do with the prefix-list is match on arbitrary bits like you can in an access-list. Prefix-lists cannot be used to check if a number is even or odd, nor check if a number is divisible by 15, etc... Bit checking in a prefix-list is sequential, starting with the most significant (leftmost) bit.</p>

    © 2024 INE. All Rights Reserved. All logos, trademarks and registered trademarks are the property of their respective owners.
    Terms of servicePrivacy policy
    instagram Logofacebook Logotwitter Logolinkedin Logoyoutube Logo