Monday, May 7, 2012

Understanding Cisco Prefix-List

A = 10.0.0.0/8
B = 172.16.0.0/16
C = 192.168.1.0/24

############################################################
0    = 00000000
126    = 01111110

The first bit match


ip prefix-list Incoming seq 5 deny 0.0.0.0/1 ge 8 le 8

############################################################
128 = 10000000
191 = 10111111

The first 2 bits match

ip prefix-list Incoming seq 5 deny 128.0.0.0/2 ge 16 le 16

############################################################
192 = 11000000
223 = 11011111

The first 3 bits match

ip prefix-list Incoing seq 5 deny 192.0.0.0/3 ge 24 le 24
###########################################################

10.0.0.0-10.255.255.255

00001010.00000000.00000000.00000000  = 10.0.0.0    = 10.0.0.0/8
00001010.11111111.11111111.11111111  = 10.255.255.255


172.16.0.0-172.31.255.255
10101100.00010000.00000000.00000000 = 172.16.255.255    = 172.16.0.0/12
10101100.00011111.11111111.11111111 = 172.31.255.255

192.168.0.0-192.168.255.255
11000000.10101000.00000000.00000000 = 192.168.0.0    = 192.168.0.0/16
11000000.10101000.11111111.11111111 = 192.168.255.255


193.0.0.0 – 193.255.255.255 =
11000001.00000000.00000000.00000000 = 193.0.0.0
11000001.11111111.11111111.11111111 = 193.255.255.255

128.0.0.0 – 191.255.255.255 =
10000000.00000000.00000000.00000000

10111111.11111111.11111111.11111111

0.0.0.0 – 63.255.255.255
00000000.00000000.00000000.00000000
00111111.11111111.11111111.11111111


****************************************************************************************************************
•    In address range 193.0.0.0 – 193.255.255.255, do not accept prefixes with subnet masks longer than /20.
•    In address range 128.0.0.0 – 191.255.255.255, do not accept prefixes with subnet masks longer than /18.
•    In address range 0.0.0.0 – 63.255.255.255, do not accept prefixes with subnet masks longer than /12.
•    Never accept prefixes longer than /24.
***************************************************************************************************************


ip prefix-list Incoming seq 5 deny 10.0.0.0/8 le 32
ip prefix-list Incoming seq 10 deny 172.16.0.0/12 le 32
ip prefix-list Incoming seq 15 deny 192.168.0.0/16 le 32
ip prefix-list Incoming seq 20 deny 193.0.0.0/8 ge 21
ip prefix-list Incoming seq 25 deny 128.0.0.0/2 ge 19
ip prefix-list Incoming seq 30 deny 0.0.0.0/2 ge 13
ip prefix-list Incoming seq 35 permit 0.0.0.0/0 le 24
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)