Using an extended ACL as a prefix-list

This will be a short post.

I’ve mentioned it before, but let’s say you have a task which requires you to filters updates through a route-map. For some reason the task states you’re only allowed to use an ACL, not a prefix-list.

You are able to use an extended ACL as a prefix list.

Let’s use this simple topology:

R1 has a bunch of loopbacks. R1 and R2 are running EIGRP with each other. I’ve configured R1 to redistribute all connected routes into EIGRP.

R1’s loopbacks:

interface Loopback2
 ip address 2.2.2.2 255.255.255.0
!
interface Loopback3
 ip address 3.3.3.3 255.255.255.248
!
interface Loopback4
 ip address 4.4.4.4 255.255.255.0
!
interface Loopback5
 ip address 5.5.5.5 255.255.255.255
!
interface Loopback6
 ip address 5.5.5.50 255.255.255.248

R2 sees all of these EIGRP routes in it’s RIB:

R2#show ip route eigrp
     2.0.0.0/24 is subnetted, 1 subnets
D EX    2.2.2.0 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
     3.0.0.0/29 is subnetted, 1 subnets
D EX    3.3.3.0 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
     4.0.0.0/24 is subnetted, 1 subnets
D EX    4.4.4.0 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
     5.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D EX    5.5.5.5/32 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0
D EX    5.5.5.48/29 [170/2560002816] via 1.1.1.1, 00:00:06, FastEthernet0/0

Now the task states that I need to ensure 5.5.5.48/29 is redistributed, but not 5.5.5.5/32 – I’m not allowed to use a prefix-list and I’m not allowd to use a route-map that matches an interface.

If we then use a regular ACL, we’ll end up redistributing 5.5.5.5/32 as well if we’re not careful. What actually happens if the tasks says we need to redistribute all subnets that are /29 only. This would be 3.3.3.3/29 and 5.5.5.5.48/29

The simple answer is the extended list. Let’s do all /29s:

access-list 150 permit ip host 3.3.3.0 host 255.255.255.248
access-list 150 permit ip host 5.5.5.48 host 255.255.255.248
!
route-map SLASH29 permit 10
 match ip address 150
!
router eigrp 1
 redistribute connected metric 1 1 1 1 1 route-map SLASH29

Basically the ‘source’ becomes the IP address and the ‘destination’ becomes the subnet mask.

Does it work? Let’s take a look:
R2:

R2#sh ip route eigrp
     3.0.0.0/29 is subnetted, 1 subnets
D EX    3.3.3.0 [170/2560002816] via 1.1.1.1, 00:02:12, FastEthernet0/0
     5.0.0.0/29 is subnetted, 1 subnets
D EX    5.5.5.48 [170/2560002816] via 1.1.1.1, 00:01:30, FastEthernet0/0

So yes it works just fine. But really in the real world you would be using the far more powerful prefix-list…

© 2009-2020 Darren O'Connor All Rights Reserved -- Copyright notice by Blog Copyright