This may be a tricky CCIE task: create a distribute list filtering a set of routes without using a prefix list. Let’s say that the requirement is to filter out all 172.16.0.0 routes that have the mask /17 or longer.
access-list 100 permit ip 172.16.0.0 0.0.255.255 255.255.128.0 0.0.127.255
So the following conditions need to be true:
- routes need to begin with 172.16
- two last octets can be anything
- mask needs to be at least 17
- mask can be up to 32
172.16.0.0 /17
172.16.1.0/17
172.16.2.0/17
172.16.4.0/18
but these routes won’t match:
172.16.0.0/16
172.17.0.0/17
Of course, a prefix list would be much simpler to write:
ip prefix-list mylist permit 172.16.0.0/16 le 32
