WLAN AC V200R010C00 Command Reference
ip ip-prefix
Function
The ip ip-prefix command configures a new IP prefix list or one entry in an existing IP prefix list.
The undo ip ip-prefix command deletes an IP prefix list or one entry from the IP prefix list.
By default, no IP prefix list is configured.
Format
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ipv4-address mask-length [ match-network ] [ greater-equal greater-equal-value ] [ less-equal less-equal-value ]
undo ip ip-prefix ip-prefix-name [ index index-number ]
ip ip-prefix ip-prefix-name description text
undo ip ip-prefix ip-prefix-name description [ text ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| ip-prefix-name | Specifies the name of the IP prefix list. | The name is a string of 1 to 169 case-sensitive characters, with spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string. |
| index index-number | Specifies the sequence number of the entry in the IP prefix list. | The value is an integer that ranges from 1 to 4294967295. By default, the sequence number increases with a step of 10 according to the configuration order, and the first number is 10. NOTE:
A maximum of 65535 entries can be configured in an IP prefix list. |
| permit | Specifies the matching mode of the IP prefix list as permit. In permit mode, if the IP address to be filtered is in the defined prefix range, the IP address matches the IP prefix list and does not continue to match the next entry. Otherwise, the IP address continues to match the next entry. | - |
| deny | Specifies the matching mode of the IP prefix list as deny. In deny mode, if the IP address to be filtered is in the defined prefix range, the IP address fails to match the IP prefix list and cannot match the next entry. Otherwise, the IP address continues to match the next entry. | - |
| ipv4-address | Specifies the IP address. | - |
| mask-length | Specifies the mask length. | - |
| match-network | Specifies to match the network address. match-network is used to filter routes to a specified IP address and can be configured only when ipv4-address is 0.0.0.0. For example, the ip ip-prefix prefix1 permit 0.0.0.0 8 command filters all routes with mask length 8, while the ip ip-prefix prefix1 permit 0.0.0.0 8 match-network command filters all routes to the IP address range from 0.0.0.1 to 0.255.255.255. | - |
| greater-equal greater-equal-value | Specifies the minimum value of the mask length range. | The value of greater-equal-value is subject to the following rule: mask-length <= greater-equal-value <= less-equal-value <= 32 |
| less-equal less-equal-value | Specifies the maximum value of the mask length range. | The value of less-equal-value is subject to the following rule: mask-length <= greater-equal-value <= less-equal-value <= 32. If the value of less-equal-value is 0, routes of any mask length match the filtering. |
| description text | Specifies the description information of the IP prefix list. | It is a string of 1 to 80 characters case-sensitive characters, with spaces not supported. |
Each entry in an IP prefix list has a sequence number specified by index-number. If no index-number is configured when a new entry is created, a default index-number is used based on the following rules:
- The default value is the index-number of the previously created entry plus 10, and the value of a subsequent entry increases by 10 based on that of its previously created entry.
- When the index-number of an entry reaches 4294967286, the default value of the new entry without index-number configured is the previously created entry in the same prefix list plus 1 because the index-number cannot exceed 4294967295. Then, the value of a subsequent entry increases by 1 based on that of its previously created entry. If the index-number of an entry increases by 1 and reaches 4294967295, you must manually specify the index-number of a new entry. If you do not specify the value for the new entry, the configuration will fail.
When an IPv4 route to be filtered matches the IPv4 prefix of an entry, the route meets the matching conditions only when the mask length is the same as the specified one or within the specified mask length range.
- If greater-equal and less-equal are not specified, an IPv4 route meets the matching conditions only when the mask length is the same as that specified by mask-length.
- If only greater-equal is specified, an IPv4 route meets the matching conditions only when the mask length is within [greater-equal-value, 32].
- If only less-equal is specified, an IPv4 route meets the matching conditions only when the mask length is within [mask-length, less-equal-value].
- If both greater-equal and less-equal are specified, an IPv4 route meets the matching conditions only when the mask length is within [greater-equal-value, less-equal-value].
Usage Guidelines
Usage Scenario
An IP prefix list can be used as a filter or as matching conditions of a routing policy when it is used together with the if-match command.
Each entry in an IP prefix list can be used as a filtering rule. When a route to be filtered matches an entry, whether the route matches the IP prefix list is determined by the matching mode. A route to be filtered matches an entry or entries based on the following rules:
Sequential matching: The route has to match the entries in the IP prefix list in ascending order of their index-number values. Therefore, specifying index-number in a required sequence is recommended.
One-time matching: If a route matches one entry, the route matches the IP prefix list and will not be matched against the next entry.
Matching failure by default: If a route fails to match any of the entries, it fails to match the IP prefix list.
Case |
Commands |
Matching result |
Note |
|---|---|---|---|
1 |
ip ip-prefix aa index 10 permit 10.1.1.1 24 |
Only the route 10.1.1.1/24 is permitted, and the other routes are denied. |
This is a single-node accurate matching case, which indicates that only the route whose destination IP address and mask are the same as those specified by the entry meets the matching conditions. In addition, permit is configured as the matching mode. Therefore, the route 10.1.1.1/24 is permitted, and other routes are denied because they fail to meet the matching conditions. |
2 |
ip ip-prefix aa index 10 deny 10.1.1.1 24 |
All routes are denied. |
This is also a single-node accurate matching case. deny is configured as the matching mode. Therefore, the route 10.1.1.1/24 is denied, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. |
3 |
ip ip-prefix aa index 10 permit 10.1.1.1 24 less-equal 32 |
The routes 10.1.1.1/24, 10.1.1.1/32, and 10.1.1.1/26 are permitted, and the other routes are denied. |
This is also a single-node accurate matching case. permit is configured as the matching mode, and less-equal is set to 32. Therefore, the routes with 10.1.1.0 as the prefix and the mask ranging from 24 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. |
4 |
ip ip-prefix aa index 10 permit 10.1.1.0 24 greater-equal 24 less-equal 32 |
The routes 10.1.1.1/24, 10.1.1.1/32, and 10.1.1.1/26 are permitted, and the other routes are denied. |
This is also a single-node accurate matching case. permit is configured as the matching mode, greater-equal is set to 24, and less-equal is set to 32. Therefore, the routes with 10.1.1.0 as the prefix and the mask ranging from 24 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. This case is similar to case 3 in terms of the matching result. |
5 |
ip ip-prefix aa index 10 permit 10.1.1.1 24 greater-equal 26 |
The routes 10.1.1.1/32 and 10.1.1.1/26 are permitted, and the other routes are denied. |
This is also a single-node accurate matching case. permit is configured as the matching mode, and greater-equal is set to 26. Therefore, the routes with 10.1.1.0 as the prefix and the mask ranging from 26 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. |
6 |
ip ip-prefix aa index 10 permit 10.1.1.1 24 greater-equal 26 less-equal 32 |
The routes 10.1.1.1/32 and 10.1.1.1/26 are permitted, and the other routes are denied. |
This is also a single-node accurate matching case. permit is configured as the matching mode, greater-equal is set to 26, and less-equal is set to 32. Therefore, the routes with 10.1.1.0 as the prefix and the mask ranging from 26 to 32 can be permitted, and the other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. This case is similar to case 5 in terms of the matching result. |
7 |
ip ip-prefix aa index 10 deny 10.1.1.1 24 ip ip-prefix aa index 20 permit 10.1.1.1 32 |
The route 10.1.1.1/32 is permitted, and the other routes are denied. |
This is a multi-node accurate matching case. deny is configured as the matching mode of the matching entry indexed 10, and therefore the route 10.1.1.1/24 is denied by the matching entry indexed 10 based on the rule of one-time matching. The route 10.1.1.1/32 fails to match the matching conditions, and it is then matched against the entry indexed 20 for which permit is configured as the matching mode. Consequently, the route 10.1.1.1/32 matches the matching conditions of the entry indexed 20. The other routes are denied based on the rule of matching failure by default because they fail to meet the matching conditions. |
8 |
ip ip-prefix aa index 10 permit 0.0.0.0 8 less-equal 32 |
The routes 10.1.1.1/24, 10.1.1.1/32, 10.1.1.1/26, 10.2.2.2/24, and 10.1.1.2/16 are all permitted. |
If the IP prefix is 0.0.0.0 and you specify a mask and a mask length range after this IP prefix, all routes with the mask length within the specified mask length range are denied or permitted, regardless of the mask. The mask length range is from 8 to 32, 0.0.0.0 is specified as the IP address, and permit is configured as the matching mode. Therefore, all routes with the mask length within the range are permitted. |
9 |
ip ip-prefix aa index 10 deny 0.0.0.0 24 less-equal 32 ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32 |
The route 10.1.1.2/16 is permitted, and the other routes are denied. |
Note: For the entry indexed 10, the mask length range is from 24 to 32, 0.0.0.0 is specified as the IP address, and deny is configured as the matching mode. Therefore, all routes with the mask length within the range are denied, and the route 10.1.1.2/16 that fails to match its matching conditions is then matched against the entry indexed 20. For the entry indexed 20, the mask length range is from 0 to 32, 0.0.0.0 is specified as the IP address, and permit is configured as the matching mode. Therefore, the route 10.1.1.2/16 is permitted by the entry indexed 20. |
9 |
ip ip-prefix aa index 10 deny 10.2.2.2 24 ip ip-prefix aa index 20 permit 0.0.0.0 0 less-equal 32 |
All routes except the route 10.2.2.2/24 are permitted. |
For the entry indexed 10, deny is configured as the matching mode. Therefore, the route 10.2.2.2/24 that matches its matching conditions is denied, and the other routes that fail to match the matching conditions are then matched against the entry indexed 20. For the entry indexed 20, the mask length range is from 0 to 32, 0.0.0.0 is specified as the IP address, and permit is configured as the matching mode. Therefore, all routes except the route 10.2.2.2/24 are permitted by the entry indexed 20. |
Configuration Impact
If you create an entry whose index-number has existed in the same IP prefix list but has different filtering rules, the new entry overwrites the existing one.
Before you run the undo ip ip-prefix command to delete an IP prefix list that is referenced by another command, delete the reference configuration.
Precautions
Because of the matching failure by default, if one or more than one entry with deny as the matching mode is created, create an entry using the ip ip-prefix ip-prefix-name [ index index-number ] permit 0.0.0.0 0 less-equal 32 command so that all IPv4 routes may match the IP prefix list.
If ipv4-address mask-length is specified as 0.0.0.0 0, only default routes are matched.
If ipv4-address mask-length is set to 0.0.0.0 0 less-equal 32, all routes are matched.
After a configuration is delivered, the device checks the validity of the parameters in the configuration and processes these parameters. After the processing, the generated configuration is the result of the AND calculation between the specified ipv4-address and mask-length. For example, if the specified ipv4-address and mask-length are 10.1.1.1 and 24, respectively, the generated configuration is 10.1.1.0 24.
If the ipv4-address in the generated configuration is 0.0.0.0, the configuration matches all IPv4 addresses. In this case, routes are filtered based on the following rules.
Whether greater-equal and less-equal Exist in the Post-Processing Configuration |
Condition |
Matching Result |
Example |
|---|---|---|---|
Neither greater-equal nor less-equal exists. |
The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively. | Matches all routes with the mask length of X. |
Pre-processing: ip ip-prefix aa index 10 permit 0.0.1.1 16 Post-processing: ip ip-prefix aa index 10 permit 0.0.0.0 16 Matching result: The routes with the mask length of 16 are permitted. |
greater-equal exists, but less-equal does not. |
The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively. | Matches all the routes whose mask length is within the range from greater-equal to 32. |
Pre-processing: ip ip-prefix aa index 10 permit 0.0.1.1 16 greater-equal 20 Post-processing: ip ip-prefix aa index 10 permit 0.0.0.0 16 greater-equal 20 less-equal 32 Matching result: The routes whose mask length is within the range from 20 to 32 are permitted. |
greater-equal does not exist, but less-equal does. |
The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively. | Matches all the routes whose mask length is within the range from X to less-equal. |
Pre-processing: ip ip-prefix aa index 10 permit 0.0.1.1 16 less-equal 30 Post-processing: ip ip-prefix aa index 10 permit 0.0.0.0 16 greater-equal 16 less-equal 30 Matching result: The routes whose mask length is within the range from 16 to 30 are permitted. |
Both greater-equal and less-equal exist. |
The post-processing ipv4-address and mask-length are 0.0.0.0 and X (non-0 value), respectively. | Matches all the routes whose mask length is within the range from greater-equal to less-equal. |
Pre-processing: ip ip-prefix aa index 10 permit 0.0.1.1 16 greater-equal 20 less-equal 30 Post-processing: ip ip-prefix aa index 10 permit 0.0.0.0 16 greater-equal 20 less-equal 30 Matching result: The routes whose mask length is within the range from 20 to 30 are permitted. |
Follow-up Procedure
In a scenario in which a routing policy is being modified, after an IP prefix is configured, the RM module notifies protocols of applying the changed routing policy immediately by default. However, in some cases, multiple commands need to be run to modify a routing policy. If other commands need to be run after an IP prefix is configured, protocols may apply the routing policy whose modification is not complete yet. To solve this problem, run the route-policy-change notify-delay command to configure a delay for protocols to apply the changed routing policy.
Example
# Configure an IP prefix list named p1, permitting only the routes with the mask length being 17 or 18 and on network segment 10.0.192.0/8.
<AC6605> system-view
[AC6605] ip ip-prefix p1 permit 10.0.192.0 8 greater-equal 17 less-equal 18
# Configure the IP prefix list named p2 to permit only the routes with the mask length ranging from 17 to 18.
<AC6605> system-view
[AC6605] ip ip-prefix p2 permit 0.0.0.0 0 greater-equal 17 less-equal 18
<AC6605> system-view
[AC6605] ip ip-prefix p3 index 10 deny 0.0.0.0 8 match-network
[AC6605] ip ip-prefix p3 index 20 permit 0.0.0.0 0 less-equal 32