networker050184 wrote: » For example say you had a 10/8 range and you wanted to filter out everything in the 10.1/16 range that was longer than a /24. How many lines would that take with an ACL? How many with a prefix-list?
mattau wrote: » the thing with an acl is, its not desgined to filter actual prefixes (although there is a hack on it) just like networker said, imagine having the enormous range of 10.1.0.0/16 and only wanting to deny the prefixes that were only in the range of 10.1.0.0/16 but had /24 masks. this means every acl would have to be like this deny 10.1.0.0 0.0.0.255 deny 10.1.1.0 0.0.0.255 deny 10.1.2.0 0.0.0.255 " " " deny 10.1.255.0 0.0.0.255 you cant really go like this for an acl shortcut deny 10.1.0.0 0.0.255.255 because this is implying you want to deny everything that is in the 10.1.0.0/16 range regardless of the mask. with the prefix list you can skip all that and just say deny 10.1.0.0/16 ge 24 which means I want to deny prefixes that are in the range of 10.1.0.0/16 ( 10.1.255.255 ) BUT only if these prefixes have a mask of ge (greater than or equal to ) 24
