One very powerful too for any network engineer when it comes to twicking routes advertisements on any IGP.
A good reading I got from one of the great networkers around below:
By Brian McGahan, CCIE #8593
Prefix-lists are used to match on prefix and prefix-length pairs. Normal prefix-list syntax is as follows:
ip prefix-list LIST permit w.x.y.z/len
Where w.x.y.z is your exact prefix
And where len is your exact prefix-length
“ip prefix-list LIST permit 1.2.3.0/24! would be an exact match for the prefix 1.2.3.0
with a subnet mask of 255.255.255.0. This does not match 1.2.0.0/24, nor does it match 1.2.3.4/32, nor anything in between.
When you add the keywords “GE” and “LE” to the prefix-list, the “len” value changes its meaning. When using GE and LE, the len value specifies how many bits of the prefix you are checking, starting with the most significant bit.
ip prefix-list LIST permit 1.2.3.0/24 le 32
This means:
Check the first 24 bits of the prefix 1.2.3.0.The subnet mask must be less than or equal to 32.This equates to the access-list syntax:
access-list 1 permit 1.2.3.0 0.0.0.255
ip prefix-list LIST permit 0.0.0.0/0 le 32
This means:
-Check the first 0 bits of the prefix 0.0.0.0
-The subnet mask must be less than or equal to 32
This equates to anything ip prefix-list LIST permit 0.0.0.0/0.This means:
the exact prefix 0.0.0.0, with the exact prefix-length 0.
This is matching a default route.
ip prefix-list LIST permit 10.0.0.0/8 ge 21 le 29
This means: Check the first 8 bits of the prefix 10.0.0.0
The subnet mask must be greater than or equal to 21, and less than or
equal to 29.
ip prefix-list CLASS_A permit 0.0.0.0/1 ge 8 le 8
This matches all class A addresses with classful masks. It means:Check the first bit of the prefix, it must be a 0.
The subnet mask must be greater than or equal to 8, and less than or equal to 8. ( It is exactly 8 )
When using the GE and LE values, you must satisfy the condition: Len < GE <= LE
Therefore “ip prefix-list LIST permit 1.2.3.0/24 ge 8! is not a valid list.What you can not do with the prefix-list is match on arbitrary bits like you can in an access-list. Prefix-lists cannot be used to check if a number is even or odd, nor check if a number is divisible by 15, etc…
Bit checking in a prefix-list is sequential, starting with the most significant (leftmost) bit.The way prefix lists work are you can specify a network and mask or a network and a range of masks. Specifying a network and mask is fairly simple:
ip prefix-list mylist seq 10 permit 172.16.25.0/24
This will allow (match) the exact network 172.16.25.0/24 to pass the list.
However prefix lists can also specify a network with a range of masks. For
example:
ip prefix-list mylist seq 10 permit 172.16.0.0/16 ge 24 le 26
This will take the entire class B network 172.16.0.0 (172.16.0.0/16) and
pass only subnets with a /24, /25 or /26 mask (ge 24 le 26). So the exact
network 172.16.0.0/16 would actually fail the list because it does not have a mask of /24, /25 or /26.
By default if you only specify "ge" then any subnet with a mask greater than or equal to the ge value will pass. That is, ge all the way up to /32. For example:
ip prefix-list mylist seq 10 permit 10.10.10.0/24 ge 28
This list specifies any subnet within the 10.10.10.0/24 range that has a
mask of /28 or greater (255.255.255.240 to 255.255.255.255). Again, the
exact subnet 10.10.10.0/24 would fail because it does not have a mask of /28 or greater.
By default if you only specify "le" then any subnet with a mask less than or equal to the le value but greater than or equal to the mask specified will pass. That is, le all the way down to the mask listed. For example:
ip prefix-list mylist seq 10 permit 10.64.0.0/16 le 23
This list specifies any subnet within the 10.64.0.0/16 range that has a
mask between /16 and /23, inclusive (255.255.0.0 to 255.255.254.0). In this case the exact subnet 10.64.0.0/16 would pass because it has a mask in the range /16 to /23.
The "permit any any" in a prefix list is:
ip prefix-list mylist seq 200 permit 0.0.0.0/0 le 32
The CCIE journey 