The matching is similar to that of the access-list—more specifically:
• An empty prefix list permits all prefixes.
• An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
• When multiple entries of a prefix list match a given prefix, the one with the smallest sequence is considered as the "real" match. In short, the first match wins!
Here is an example to illustrate the first match rule. Supposed that a prefix list is configured as follows:
ip prefix-list abc deny 10.0.0.0/8 le 32 ip prefix-list abc permit 0.0.0.0/0 le 32
Then the given prefix 10.1.0.0/16 would match both entries. However, the prefix will be denied because the first entry is the real match.
Consider this second example. Suppose that a prefix list is configured as follows:
ip prefix-list abc deny 0.0.0.0/0 le 32 ip prefix-list abc permit 10.0.0.0/8
The first line in the prefix list matches all prefixes, so all prefixes will be blocked in the prefix list's application, even though there is a following line permitting 10.0.0.0/8. Prefix lists are order sensitive when there is more than one possible match—the first match wins.
Was this article helpful?