Examice

Exam 350-401 All QuestionsBrowse all questions from this exam

Go to Exam

Question 895

Refer to the exhibit. Which result is achieved by the CoPP configuration?

Traffic that matches entry 10 of ACL 100 is always dropped.

Class-default is dropped.

Traffic that matches entry 10 of ACL 100 is always allowed with a limited CIR.

Traffic that matches entry 10 of ACL 100 is always allowed.

Correct Answer: A

Traffic that matches entry 10 of ACL 100 is always dropped. In the provided CoPP configuration, the ACL entry 10 explicitly denies traffic from host 10.0.0.5 to any destination on port 22, and this traffic is subsequently matched by the class-map 'telnet_copp' as part of the service-policy input 'CoPP.' The CoPP configuration applies policing with a CIR (Committed Information Rate) of 8000 bps, but since the traffic is denied at the ACL level, it is effectively always dropped and not allowed to be transmitted.

Discussion

MistwalkerOption: D

D is correct. In the context of CoPP, ACLs are not used to permit or deny traffic, only identify it for policing. Traffic "denied" by the ACL will simply not be considered in the Class Map, i.e. not policed. Ref: https://www.cisco.com/en/US/docs/general/Test/dwerblo/broken_guide/copp.html This example shows how to allow full access for Telnet to the switch from a host in a specific subnet and police the rest of the subnet: Router(config)# access-list 121 deny tcp host 10.86.183.3 any eq telnet Router(config)# access-list 121 permit tcp 10.86.183.0 0.0.0.255 any eq telnet

teems5ukOption: A

A. Traffic that matches entry 10 of ACL 100 is always dropped. Correct. The access-list 100 denies traffic from host 10.0.0.5 to any destination on port 22. The CoPP configuration polices this traffic with a CIR and drops the packets exceeding the limit.

RickAO76Option: C

Looks to me to be C The CoPP configuration applies a rate limit to Telnet traffic match ACL 100, allowing it to be transmitted, but with a limited CIR of 8000. (Committed Information Rate)

CCIEPASS99Option: A

I think A. telnet_copp matches 33 packets, entry 10 20 30 =33packets. so 10 and 30 allows drop, they have no chance to be policed by CoPP, 20 always allowed. 40 allowed with a limited CIR.

Claudiu1Option: D

------

SeMo0o0oOption: D

D is correct

SeMo0o0oOption: C

people who choosed D, don't you see the cir 8000 ?! C is correct

SeMo0o0o

sorry i misread it, D is correct

a197cbf

D means that the host is always allowed, therefore not even being policed in the first place. The CIR would only apply to those hosts that are undergoing policing.