Ip prefix-list知多少？

Exercises: 1. Construct a prefix list that permits only the 192.168.1.0/24 network. ip prefix-list test1 seq 5 permit 192.168.1.0/24 2. Construct a prefix list that denies network 119.0.0.0, and permits all other prefixes (including all su

Exercises:

1. Construct a prefix list that permits only the 192.168.1.0/24 network.

ip prefix-list test1 seq 5 permit 192.168.1.0/24

2. Construct a prefix list that denies network 119.0.0.0, and permits all other prefixes (including all subnets of 119.0.0.0).

ip prefix-list test2 seq 5 deny 119.0.0.0/8
ip prefix-list test2 seq 10 permit 0.0.0.0/0 le 32

3. Construct a prefix list that permits only the default route.

ip prefix-list test3 seq 5 permit 0.0.0.0/0

4. Construct a prefix list the permits everything except the default route.

ip prefix-list test4 seq 5 deny 0.0.0.0/0
ip prefix-list test4 seq 10 permit 0.0.0.0/0 le 32

5. Construct a prefix list that permits network 172.16.0.0 and any of its subnets, and denies all other prefixes.

ip prefix-list test5 seq 5 permit 172.16.0.0/16 le 32

6. Construct a prefix list that permits only the following prefixes:
10.2.8.32/27
10.2.8.32/28
10.2.8.32/29
10.2.8.32/30

ip prefix-list test6 seq 5 permit 10.2.8.32/27 le 30

7. Construct a prefix list that:

Permits 197.25.94.128/25
Denies 197.25.94.192/26
Permits 197.25.94.224/27
Denies 197.25.94.240/28
Permits 197.25.94.248/29
Denies 197.25.94.252/30
Permits all other prefixes, except for 198.82.0.0/16

ip prefix-list test7 seq 5 deny 197.25.94.192/26
ip prefix-list test7 seq 10 deny 197.25.94.240/28
ip prefix-list test7 seq 15 deny 197.25.94.252/30
ip prefix-list test7 seq 20 deny 198.82.0.0/16
ip prefix-list test7 seq 25 permit 0.0.0.0/0 le 32

8. Construct a prefix list that permits any prefix matching the first 20 bits of 175.29.64.0 which has a mask of at least /26 but not exceeding /29, and denies all other prefixes.

ip prefix-list test8 seq 5 permit 175.29.64.0/20 ge 26 le 29

9. Construct a prefix list that denies any prefix matching the first 19 bits of 15.26.96.0 with any mask up to and including /32, and permits any other prefix.

ip prefix-list test9 seq 5 deny 15.26.96.0/19 le 32
ip prefix-list test9 seq 10 permit 0.0.0.0/0 le 32

10. Construct a prefix list that denies the RFC 1918 private networks and any of their subnets, and permits everything else.

ip prefix-list test10 seq 5 deny 10.0.0.0/8 le 32
ip prefix-list test10 seq 10 deny 172.16.0.0/12 le 32
ip prefix-list test10 seq 15 deny 192.168.0.0/16 le 32
ip prefix-list test10 seq 20 permit 0.0.0.0/0 le 32

11. Construct a prefix list that permits any subnet of network 15.0.0.0 (but not the network), and denies everything else. Your router lies within AS 65011. Place the prefix list in service in the inbound direction with BGP neighbor 1.2.3.4.

ip prefix-list test11 seq 5 permit 15.0.0.0/8 ge 9

To place it in service:
router bgp 65011
neighbor 1.2.3.4 prefix-list test11 in

12. Construct a prefix list that denies 162.56.0.0/16 and all of its subnets (with the exception of 162.56.209.208/29, which is permitted), and permits all other prefixes. Your router lies within AS 65012. Place the prefix list in service in the outbound direction with its BGP neighbor having address 5.6.7.8.

ip prefix-list test12 seq 5 permit 162.56.209.208/29
ip prefix-list test12 seq 10 deny 162.56.0.0/16 le 32
ip prefix-list test12 seq 15 permit 0.0.0.0/0 le 32

To place it in service:
router bgp 65012
neighbor 5.6.7.8 prefix-list test12 out

13. Construct a prefix list that permits the CIDR block containing the thirty-two class C networks beginning with 200.202.160.0/24, and denies everything else. Your router is within AS 65013. Place the prefix list in service in the inbound direction with BGP peer-group "Lucky_13".

ip prefix-list test13 seq 5 permit 200.202.160.0/19

To place it in service:
router bgp 65013
neighbor Lucky_13 prefix-list test13 in

14. Construct a prefix list that denies any prefix for which the most-significant four bits are "0110", and permits everything else.

ip prefix-list test14 seq 5 deny 96.0.0.0/4 le 32
ip prefix-list test14 seq 10 permit 0.0.0.0/0 le 32

15. Construct a prefix list that permits the host address of "CatSpace", and denies everything else.

ip prefix-list test15 seq 5 permit 64.82.100.67/32

16. Construct a prefix list that permits only classful networks, and denies everything else.

ip prefix-list test16 seq 5 permit 0.0.0.0/1 ge 8 le 32
ip prefix-list test16 seq 10 permit 128.0.0.0/2 ge 16 le 32
ip prefix-list test16 seq 15 permit 192.0.0.0/3 ge 24 le 32

17. Construct a prefix list that denies only supernets, and permits everything else.

ip prefix-list test17 seq 5 deny 0.0.0.0/1 le 7
ip prefix-list test17 seq 10 deny 128.0.0.0/2 le 15
ip prefix-list test17 seq 15 deny 192.0.0.0/3 le 23
ip prefix-list test17 seq 20 permit 0.0.0.0/0 le 32

18. Construct a prefix list that permits only subnets, and denies everything else.

ip prefix-list test18 seq 5 permit 0.0.0.0/1 ge 9
ip prefix-list test18 seq 10 permit 128.0.0.0/2 ge 17
ip prefix-list test18 seq 15 permit 192.0.0.0/3 ge 25

19. Construct a prefix list that permits only CIDR blocks encompassing at least 32 class-C equivalents.

ip prefix-list test19 seq 5 deny 0.0.0.0/0
ip prefix-list test19 seq 10 permit 0.0.0.0/0 le 19

20. Construct a prefix list that permits only the RFC 1918 private networks and their subnets, and configure RIP to use this prefix list for outbound routing advertisements.

ip prefix-list test20 seq 5 permit 10.0.0.0/8 le 32
ip prefix-list test20 seq 10 permit 172.16.0.0/12 le 32
ip prefix-list test20 seq 15 permit 192.168.0.0/16 le 32

To place it in effect for outbound RIP updates:
router rip
distribute-list prefix test20 out

--------------

在进行路由过滤和地址限制方面，Prefix-list占用CPU的资源比采用access-list要少很多，它提供更快的访问列表装入速度，目前IOS版本11.1CC(17)，11.3(3)和12.0都提供该项特性。
Prefix-list保存了access-list的多项重要特性：
1、Permit和Deny;
2、最先匹配法则；
3、基于Prefix长度的过滤（精确匹配或range匹配）
然而，与Route-map搭配使用的Prefix-list不支持包过滤。
Sequence Number 用于内部正确标识“真正”的match（以最小的Sequence Num为准）。
解释如下：
1、Prefix-list可以采用增量方式从新定义，这也就是说，它里面的条目可以单独增加或删除，而无需象access-list一样，一删就得将整个access-list删掉重写。
2、To_DCC_Routes 是这个prefix-list增量表的名字。
3、Seq 10用于内部正确标识“真正”的match（以最小的Sequence Num为准）。
4、Match的工作原理与Access-list十分类似。
空的Prefix-list允许所有的前缀；
当Prefix-list中的任何一条都不满足的话，就认为隐含拒绝；
当Prefix-list中的多项条目均满足时，以最小的Sequence Num的那条作为匹配。
这里有一个例子。
如果有以下这样的Prefix-list:
ip prefix-list abc deny 10.0.0.0/8 le 32
ip prefix-list abc permit 0.0.0.0/0 le 32
则10.1.0.0/16满足上述两条，但该Prefix会被拒绝，因为第一条才是真正的匹配。