Access Control Lists (ACLs) | 87
If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list
filter to permit all routes (
permit 0.0.0.0/0 le 32). The “permit all” filter must be the last filter in your prefix
list. To permit the default route only, enter
permit 0.0.0.0/0.
Figure 5-15 shows how the
seq command orders the filters according to the sequence number assigned. In
the example, filter 20 was configured before filter 15 and 12, but the
show config command displays the
filters in the correct order.
Figure 5-15. Command Example: seq
Note the last line in the prefix list “juba” contains a “permit all” statement. By including this line in a
prefix list, you specify that all routes not matching any criteria in the prefix list are forwarded.
To delete a filter, use the
no seq sequence-number command in PREFIX LIST mode.
If you are creating a standard prefix list with only one or two filters, you can let FTOS assign a sequence
number based on the order in which the filters are configured. FTOS assigns filters in multiples of five.
To configure a filter without a specified sequence number, follow these steps, starting in
CONFIGURATION mode:
Step Command Syntax Command Mode Purpose
1
ip prefix-list prefix-name
CONFIGURATION Create a prefix list and assign it a unique
name.
2
{deny | permit} ip-prefix [ge
min-prefix-length] le
max-prefix-length]
CONFIG-NPREFIXL Create a prefix list filter with a deny or
permit action. The optional parameters are:
• ge min-prefix-length: is the minimum
prefix length to be matched (0 to 32).
• le max-prefix-length: is the maximum
prefix length to be matched (0 to 32).
FTOS(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32
FTOS(conf-nprefixl)#seq 12 deny 134.23.0.0 /16
FTOS(conf-nprefixl)#seq 15 deny 120.23.14.0 /8 le 16
FTOS(conf-nprefixl)#show config
!
ip prefix-list juba
seq 12 deny 134.23.0.0/16
seq 15 deny 120.0.0.0/8 le 16
seq 20 permit 0.0.0.0/0 le 32
FTOS(conf-nprefixl)#
To Next Page
Loading...
