Say we need to filter some subnets from being distributed in or out within a dynamic routing protocol. Let’s say that we need to filter subnet 192.168.x.0/24 from being advertised, announce it in prefix-list and apply it to the distribute-list.
Before creating a prefix-list we need to know that the following rules are applied to ge and le statements which are optionally used in prefix-list syntax:
- ge must be greater than length value. The length value is the value at the end of the prefix i.e. 192.168.0.0/16
- le must be greater or equal than the ge value. Therefore if we have a value of 19 for ge, then the value for le must be 19 or greater (up to 32)
Using the following statement as an example:
192.168.0.0/16 ge 19 le 24
The first part states that the first 16 bits of the prefix must match, that is 192.168. The last 16 bits can be anything.
The ge 19 means that the subnet mask for the prefix must be at least 19 bits or 255.255.224.0
The le 24 means that the subnet mask for the prefix must be at most 24 bits or 255.255.255.0
Therefore the above statement allows prefixes that begin with 192.168 and that have a subnet mask of between 19 and 24 bits.
If we want a prefix that starts with 192.168.x.0 that has only a 24 bit mask. This would be achieved with the following statement:
ip prefix-list LIST deny 192.168.0.0/16 ge 24 le 24
ip prefix-list LIST permit 0.0.0.0/0 le 32