JM, I believe you're thinking of the 0.0.0.0/0 entry in the context of an access-list in which anything more specific than the entry will match. A prefix-list will *not* match a more specific entry unless the "ge" and/or "le" operators are used.
Go ahead and lab it up. I just did. R1 and R2 are doing EIGRP over Ethernet. R1 has a number of prefixes it is injecting, including 0.0.0.0/0. Here is what I did on R2: R2(config)#do sh ip ro eigrp | i D D 1.0.0.0/8 [90/409600] via 10.1.12.1, 00:02:31, FastEthernet0/0 D 2.2.0.0 [90/409600] via 10.1.12.1, 00:02:31, FastEthernet0/0 D 3.3.32.0 [90/409600] via 10.1.12.1, 00:02:31, FastEthernet0/0 D 4.4.4.0 [90/409600] via 10.1.12.1, 00:02:31, FastEthernet0/0 D 5.5.5.5 [90/409600] via 10.1.12.1, 00:02:31, FastEthernet0/0 D* 0.0.0.0/0 [90/281600] via 10.1.12.1, 00:01:59, FastEthernet0/0 !--- This matches the example prefix-list, even though the second line is redundant with the implicit deny. R2(config)#ip prefix-list TEST permit 0.0.0.0/0 R2(config)#ip prefix-list TEST deny 0.0.0.0/0 le 32 R2(config)#router eigrp 1 R2(config-router)#distribute-list prefix TEST in *Mar 1 00:17:03.375: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.1.12.1 (FastEthernet0/0) is resync: route configuration changed R2(config-router)#do sh ip ro eigrp | i D D* 0.0.0.0/0 [90/281600] via 10.1.12.1, 00:03:11, FastEthernet0/0 R2(config-router)# As you can see, that prefix list allows only the *exact* prefix 0.0.0.0/0, the default route. Other prefixes were not allowed, because none of them matched *exactly* 0.0.0.0 with a prefix length of 0. Hope this helps. When it doubt, lab it. Best, Bob On Wed, Apr 4, 2012 at 9:49 AM, JM NGOK <[email protected]> wrote: > That's my concerns. I think this prefix-list is useless since it allows > the default-route (which includes any route) . > > Marko, > > Do you think this prefix-list is accurate for filtering ? > > Thanks > > Jean-Marie NGOK > Senior Network Engineer > > > > ________________________________ > From: Wilson Tuma <[email protected]> > To: JM NGOK <[email protected]>; "[email protected]" < > [email protected]> > Sent: Wednesday, April 4, 2012 1:22 AM > Subject: Re: [OSL | CCIE_RS] Prefix-list doubt > > > Hi all, > > Prefix List have always been tricky for me. But from my understanding. > > ip prefix-list ROUTES seq 10 permit 0.0.0.0/0 : Will permit only a > default route > > ip prefix-list ROUTES seq 999 deny 0.0.0.0/0 le 32 : Will deny anything. > > Combined it would mean permit default route and deny anything else. > Which is as good as permitting only the default route Since everything > else is denied by the implied deny all at the end of the prefix-list. > > So the final thing should be. > > ip prefix-list ROUTES seq 10 permit 0.0.0.0/0 > > > HTH > > > Thanks. > > Wilson F. Tuma > ==================================== > CCNP, CCNA, MCSE, MCSA > > Box 1784 Douala > Cell : +237 77 753 753 > Email : [email protected] > ==================================== > > > ________________________________ > From: JM NGOK <[email protected]> > To: "[email protected]" <[email protected]> > Sent: Tuesday, April 3, 2012 8:09 PM > Subject: [OSL | CCIE_RS] Prefix-list doubt > > Hi all, > > Please excuse my foolishness but I want to understand which subnets are > allowed under this prefix-list: > > > ip prefix-list ROUTES description INBOUND-ROUTES > ip prefix-list ROUTES seq 10 permit 0.0.0.0/0 > ip prefix-list ROUTES seq 999 deny 0.0.0.0/0 le 32 > > Again excuse me if this is not a CCIE level question. I just have some > doubts. > > Thanks > > Jean-Marie NGOK > Senior Network Engineer > 347 - 559 - 1172 > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
