sorry, hit send inadvertently..What I meant to show was this: Prakash, That is what I was thinking and trying to confirm via OSL.
R4(config)#do sh ip pref ip prefix-list 1: 3 entries seq 5 deny 0.0.0.0/0 le 32====this is all routes seq 10 permit 1.0.0.0/8 seq 15 permit 2.0.0.0/8 then the acl R4(config)#access-list 1 deny 0.0.0.0 255.255.255.255 R4(config)#access-list 1 permit 1.0.0.0 % Access rule can't be configured at higher sequence num as it is part of the existing rule at sequence num 10===just confirms for me that the documentation on cisco.com is messed up. I don't foresee having to look something like this up in the lab, but this is the 3rd or 4th mistake I have found on docCD/product support page. -Rob ________________________________ From: prakash patel <[email protected]> To: [email protected]; [email protected] Sent: Tuesday, May 26, 2009 11:17:26 AM Subject: RE: [OSL | CCIE_RS] Cisco Documentation Question on Distribute-list/Prefix-list Hello I think Order is meshed up. Please verify "show ip prefix ??" to learn more ( sequence #s also important) and let us know the results. For reference only : Here is the list I used. a) ip prefix-list A permit 0.0.0.0/0 ge 32b) ip prefix-list B permit 128.0.0.0/2 ge 17c) ip prefix-list C permit 0.0.0.0/0 le 32d) ip prefix-list D permit 0.0.0.0/0e) a) All host routes b) Any subnet in class B address space c) All routes d) Just the default route e) Any prefix in class A address space covering at least 256addresses ip prefix-list E permit 0.0.0.0/1 le 24 ________________________________ Date: Tue, 26 May 2009 10:58:56 -0700 From: [email protected] To: [email protected] Subject: [OSL | CCIE_RS] Cisco Documentation Question on Distribute-list/Prefix-list Can someone help me understand if I am reading this correctly or not? My understanding for any access-list/prefix-list etc. that entries are read top-down until a match is made and this is absolute. For example, if I wanted to write a distribute-list to deny the route 1.0.0.0/8 from R1-R2 and allow all others, I could do this: access-list 1 deny 1.0.0.0 0.0.0.255 access-list 1 permit any ! router bgp 200 neighbor 10.1.12.1 distribute-list in In the cisco documentation Cisco IOS IP Routing Protocols Command Reference http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_bgp2.html#wp1014625 I see the following descriptions. I understand they are showing bgp process level distribute/prefix lists and not neighbor specific, but aren't the entries out of order meaning the deny all should come last? Examples In the following example, a prefix list and distribute list are defined to configure the BGP routing process to accept traffic from only network 192.168.1.0 and network 10.108.0.0. An inbound route refresh is initiated to activate the distribute-list. Router(config)# ip prefix-list RED deny 0.0.0.0/0 le 32 --- WOULDN'T THIS DENY ALL ROUTES? Default seq would be 5,10,15 and so on. Router(config)# ip prefix-1ist RED permit 10.108.0.0/16 Router(config)# ip prefix-list RED permit 192.168.1.0/24 Router(config)# router bgp 50000 Router(config-router)# network 10.108.0.0 Router(config-router)# distribute-list prefix RED in In the following example, an access list and distribute list are defined to configure the BGP routing process to accept traffic from only network 192.168.1.0 and network 10.108.0.0. An inbound route refresh is initiated to activate the distribute-list. Router(config)# access-list 1 deny 0.0.0.0 255.255.255.255 --AGAIN, SAME QUESTION THIS IS EFFECTIVELY DENY ANY Router(config)# access-list 1 permit 192.168.1.0 Router(config)# access-list 1 permit 10.108.0.0 Router(config)# router bgp 50000 Router(config-router)# network 10.108.0.0 Router(config-router)# distribute-list 1 in Thanks in advance, Rob Routt ________________________________ Insert movie times and more without leaving Hotmail®. See how.
