Filtering Routes on the Basis of Prefixes Overview

To filter routes on the basis of the prefix, you can perform one of the following actions:

The router compares each route's prefix against the conditions in the list or tree, one by one. If the first match is for a permit condition, the route is accepted or passed. If the first match is for a deny condition, the route is rejected or blocked. The order of conditions is critical because testing stops with the first match. If no conditions match, the router rejects or blocks the address; that is, the last action of any list is an implicit deny condition for all routes. The implicit rule is displayed by show access-list and show config commands.

You cannot selectively place conditions in or remove conditions from an access list, prefix list, or prefix tree. You can insert a new condition only at the end of a list or tree.

The following example shows how the implicit deny condition appears:

host1(config)#access-list 1 permit host1(config)#access-list 2 permit host1(config)#access-list 3 permit any any host1(config)#show access-list IP Access List 1:permit ip anydeny ip any anyIP Access List 2:permit ip anydeny ip any anyIP Access List 3:permit ip any any

The implicit deny rule does not appear in the display for access list 3 because any prefix matches access list 3.

Related Documentation