RE: prefix lists .. [7:34312]
Do you mean "gt" and "lt" for "greater than" or "less than" specific port numbers? Use extended access lists with an ACL number of 100 - 199 and a specific protocol (TCP / UDP). Eg: Access-list 101 deny tcp 192.168.100.0 0.0.0.255 host 192.168.200.1 gt 1024 HTH, Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of dk Sent: 04 February 2002 12:07 To: [EMAIL PROTECTED] Subject: prefix lists .. [7:34312] Can anyone help me get a handle on the "ge" and "le" options on prefix lists? I find them totaly confusing. Thanks in advance for any advice offered David Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34313&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: prefix lists .. [7:34312]
Its not related to port ranges but network prefix ranges .. (prefix lists have replaced Distribute lists for Routing policy control )access-lists are no longer used. This is what is says in the book .. the "ge-value" specifies the range of the prefix length to be matched for prefixes which are more secific than the network/prefix length. The range is assumed to be from ge-value to 32 if only the ge-value is specified the "le-value" specifies the range of the prefix length to be matched for prefixes which are more secific than the network/prefix length.The range is assumed to be from prefix length to "le-value" if only the le attribute is specified. .examples ip prefix-list test1 permit 10.10.0.0/16 le 16 or ip prefix-list test2 permit 172.0.0.0/8 ge 18 or ip prefix-list test3 permit 172.0.0.0/8 ge 16 le 24 I think i've made that about as clear as mud ! - Original Message - From: "Scott Riley" To: Sent: Monday, February 04, 2002 12:33 PM Subject: RE: prefix lists .. [7:34312] > Do you mean "gt" and "lt" for "greater than" or "less than" specific > port numbers? > > Use extended access lists with an ACL number of 100 - 199 and a specific > protocol (TCP / UDP). > > Eg: > > Access-list 101 deny tcp 192.168.100.0 0.0.0.255 host 192.168.200.1 gt > 1024 > > HTH, > > Scott > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of > dk > Sent: 04 February 2002 12:07 > To: [EMAIL PROTECTED] > Subject: prefix lists .. [7:34312] > > > Can anyone help me get a handle on the "ge" and "le" options on prefix > lists? I find them totaly confusing. > > Thanks in advance for any advice offered > > David Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34314&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: prefix lists .. [7:34312]
gt = greater than so gt /23 = subnets with a mask of above /23. lt = less than so lt /17 = subnets with a mask less than /17. so using prefix lists can you give me an answer which would do the following:- 1. Deny subnets of class B networks 2. Deny supernets of Class C networks 3. Deny networks starting 193.x.x.x 4. permit all else. For the 1st one ask yourself what makes a class B network a Class B network? From this you will find out what your /x prefix should be. Then what mask = subnets of a class B network gt or lt. and so on -Original Message- From: dk [mailto:[EMAIL PROTECTED]] Sent: 04 February 2002 12:07 To: [EMAIL PROTECTED] Subject: prefix lists .. [7:34312] Can anyone help me get a handle on the "ge" and "le" options on prefix lists? I find them totaly confusing. Thanks in advance for any advice offered David Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34315&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: prefix lists .. [7:34312]
Hi David, here is an example of the le and ge in prefix lists: ip prefix-list greater seq 5 deny 201.1.5.0/24 ge 29 This will deny anything from 201.1.5.0/24 thru 201.1.5.0/29 The advantage of the ge command is that now you need only one entry to allow or deny the entire range. ip prefix-list less seq 10 permit 192.168.5.0/0 le 26 This will allow anything from 192.168.5.0/24 thru 192.168.5.0/26; again, it saves a lot of entries. Hope this helps. Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34317&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: prefix lists .. [7:34312]
More or less like /CIDR: Le to 30 and ge to 27 means all subnets with mask between /27 and /30 included. Constantin Tivig -Original Message- From: Scott Riley [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 2:34 PM To: [EMAIL PROTECTED] Subject: RE: prefix lists .. [7:34312] Do you mean "gt" and "lt" for "greater than" or "less than" specific port numbers? Use extended access lists with an ACL number of 100 - 199 and a specific protocol (TCP / UDP). Eg: Access-list 101 deny tcp 192.168.100.0 0.0.0.255 host 192.168.200.1 gt 1024 HTH, Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of dk Sent: 04 February 2002 12:07 To: [EMAIL PROTECTED] Subject: prefix lists .. [7:34312] Can anyone help me get a handle on the "ge" and "le" options on prefix lists? I find them totaly confusing. Thanks in advance for any advice offered David Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34320&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: prefix lists .. [7:34312]
Thanks for you help Comrades - i was just being dense again Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34339&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: prefix lists .. [7:34312]
Actually, this is not correct. The first prefix list below would filter any prefix whose first three octets are 201.1.5 and has a mask greater than or equal to 29. It would *not* filter 201.1.5.0/24 because the mask is too short. To do what is suggested, it would have to be this: ip prefix-list greater seq 5 deny 201.1.5.0/24 le 29 Maybe I'm being to nitpicky this morning. I need some more coffee! John >>> "Georg Pauwen" 2/4/02 6:45:24 AM >>> Hi David, here is an example of the le and ge in prefix lists: ip prefix-list greater seq 5 deny 201.1.5.0/24 ge 29 This will deny anything from 201.1.5.0/24 thru 201.1.5.0/29 The advantage of the ge command is that now you need only one entry to allow or deny the entire range. ip prefix-list less seq 10 permit 192.168.5.0/0 le 26 This will allow anything from 192.168.5.0/24 thru 192.168.5.0/26; again, it saves a lot of entries. Hope this helps. Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34340&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: prefix lists .. [7:34312]
Think Classless.. Erhan --- "McCallum, Robert" wrote: > gt = greater than so gt /23 = subnets with a mask of > above /23. > lt = less than so lt /17 = subnets with a mask less > than /17. > > so using prefix lists can you give me an answer > which would do the following:- > > 1. Deny subnets of class B networks > 2. Deny supernets of Class C networks > 3. Deny networks starting 193.x.x.x > 4. permit all else. > > For the 1st one ask yourself what makes a class B > network a Class B network? From this you will find > out what your /x prefix should be. Then what mask = > subnets of a class B network gt or lt. > > and so on > > -Original Message- > From: dk [mailto:[EMAIL PROTECTED]] > Sent: 04 February 2002 12:07 > To: [EMAIL PROTECTED] > Subject: prefix lists .. [7:34312] > > > Can anyone help me get a handle on the "ge" and "le" > options on prefix > lists? > I find them totaly confusing. > > Thanks in advance for any advice offered > > David > _ > CCIE Security list: > http://www.groupstudy.com/list/security.html > __ > To unsubscribe from the CCIELAB list, send a message > to > [EMAIL PROTECTED] with the body containing: > unsubscribe ccielab __ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34327&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: prefix lists .. [7:34312]
John, you are absolutely right, my own interpretation of my own example was wrong. I hope I could make the point that the ge and le refer to whatever is less, equal or greater than the number that is configured with it. By the way, coffee sounds good... Regards, Georg Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34350&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: RE: prefix lists .. [7:34312]
Dave, GE means "greater than or equal to", while LE means "less than or equal to." So, a prefix list that has "ge 25" would only match prefixes with masks of /25 or greater. If you had "le 24" it would match prefixes with masks less than or equal to 24. John Get your own "800" number Voicemail, fax, email, and a lot more http://www.ureach.com/reg/tag On Mon, 4 Feb 2002, McCallum, Robert (Robert.McCallum@let- it-be-thus.com) wrote: > gt = greater than so gt /23 = subnets with a mask of above /23. > lt = less than so lt /17 = subnets with a mask less than /17. > > so using prefix lists can you give me an answer which would do the > following:- > > 1. Deny subnets of class B networks > 2. Deny supernets of Class C networks > 3. Deny networks starting 193.x.x.x > 4. permit all else. > > For the 1st one ask yourself what makes a class B network a Class B > network? From this you will find out what your /x prefix should be. > Then what mask = subnets of a class B network gt or lt. > > and so on > > -Original Message- > From: dk [mailto:[EMAIL PROTECTED]] > Sent: 04 February 2002 12:07 > To: [EMAIL PROTECTED] > Subject: prefix lists .. [7:34312] > > > Can anyone help me get a handle on the "ge" and "le" options on prefix > lists? > I find them totaly confusing. > > Thanks in advance for any advice offered > > David > _ > CCIE Security list: http://www.groupstudy.com/list/security.html > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34323&t=34312 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
