Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Filtering Routes on the Basis of Prefixes Overview

    To filter routes on the basis of the prefix, you can perform one of the following actions:

    • Define an access list with the access-list or ipv6 access-list command, and apply the list to routes received from or passed to a neighbor with the neighbor distribute-list command.
    • Define a prefix list with the ip prefix-list command, and apply the list to routes received from or passed to a neighbor with the neighbor prefix-list command.
    • Define a prefix tree with the ip prefix-tree command, and apply the list to routes received from or passed to a neighbor with the neighbor prefix-tree command.

    The router compares each route's prefix against the conditions in the list or tree, one by one. If the first match is for a permit condition, the route is accepted or passed. If the first match is for a deny condition, the route is rejected or blocked. The order of conditions is critical because testing stops with the first match. If no conditions match, the router rejects or blocks the address; that is, the last action of any list is an implicit deny condition for all routes. The implicit rule is displayed by show access-list and show config commands.

    You cannot selectively place conditions in or remove conditions from an access list, prefix list, or prefix tree. You can insert a new condition only at the end of a list or tree.

    The following example shows how the implicit deny condition appears:

    host1(config)#access-list 1 permit 10.10.10.1 0.0.0.255 host1(config)#access-list 2 permit 10.25.25.1 0.0.0.255 host1(config)#access-list 3 permit any any host1(config)#show access-list IP Access List 1:permit ip 10.10.10.1 0.0.0.255 anydeny ip any anyIP Access List 2:permit ip 10.25.25.1 0.0.0.255 anydeny ip any anyIP Access List 3:permit ip any any

    The implicit deny rule does not appear in the display for access list 3 because any prefix matches access list 3.

    Published: 2014-08-12