ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 362 discussion

Actual exam question from Cisco's 300-410
Question #: 362
Topic #: 1
[All 300-410 Questions]

A CoPP policy is applied for receiving SSH traffic from the WAN interface on a Cisco ISR4321 router. However, the SSH response from the router is abnormal and stuck during the high link utilization. The problem is identified as SSH traffic does not match in the ACL. Which action resolves the issue?

  • A. Apply CoPP on the control plane interface.
  • B. Apply CoPP on the WAN interface inbound direction.
  • C. Rate-limit SSH traffic to ensure dedicated bandwidth.
  • D. Increase the IP precedence value of SSH traffic to 6.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by inteldarvid at July 17, 2023, 8:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
5f44e95
1 month, 2 weeks ago
Selected Answer: C
If SSH traffic is not matched, it will definitely go into the class default and the only way to rectify the problem will be to rate-limit the class default.
upvoted 2 times
...
bk989
11 months, 3 weeks ago
SSH traffic ISN't matched. Increasing precedence value or rate limiting doesn't help. However we do not know where COPP is applied. If COPP is applied on an interface then it gets everything going through the router, to ohter routers as well. it is catching more traffic, hence could be the reason for SSH rate limiting in the default class (if there is a drop). So if we apply it to the control plane this will fix it for sure, as there is less traffic being rate limited. COPP applied to a physical interface = traffic going THROUGH the router, including traffic not destined to the router itself = rate limiting more traffic. COPP applied to control plane = traffic going to control plane.
upvoted 3 times
...
Commando1664
1 year, 4 months ago
Selected Answer: A
I read the quesiton as the CoPP Policy has been applied to the WAN interface, if that's the case then it's A... Stupid quesiton
upvoted 4 times
...
Testerchill
1 year, 4 months ago
Strange question. Can be understood in so many ways. CoPP is applied(doesnt say on which interface but says for recieving traffic from WAN. Its then stated the issue is "SSH traffic is not matched" implying all else is good. i.e CoPP is applied on control plane probably. This removes A and B possibly leaving us with C and D. Increasing the precedence most likely wont make the ssh traffic be matched. But rate limiting the ssh traffic so it has dedicated bandwidth would require ssh traffic to be matched for sure i think. So C makes more sense for me.
upvoted 2 times
...
Tim303
1 year, 5 months ago
The purpose of CoPP is controlling the traffic to the router to protect the CPU, and mostly it controls the inbound traffic, there is no such thing as the CoPP interface, hence A is wrong
upvoted 1 times
...
Pietjeplukgeluk
1 year, 6 months ago
Selected Answer: D
Sometimes these questions are just stupid. CoPP will reduce CPU cycles for specific protocols that will be handled by networking device it's CPU. The question somehow states "high link utilization" if you would apply CoPP you would not solve any issues. A full link will be full regardless of the use of this technology. If any would be a solution is changing QOS behavior. Limiting CPU cycles does not protect you from dropping traffic at link level.
upvoted 1 times
bk989
1 year ago
answer is A - here's my reasoning: SSH traffic ISN't matched. Increasing precedence value or rate limiting doesn't help. However we do not know where COPP is applied. If COPP is applied on an interface then it gets everything going through the router, to ohter routers as well. it is catching more traffic, hence could be the reason for SSH rate limiting in the default class (if there is a drop). So if we apply it to the control plane this will fix it for sure.
upvoted 1 times
...
...
[Removed]
1 year, 11 months ago
Selected Answer: A
There is only one control plane interface.
upvoted 2 times
...
inteldarvid
2 years ago
Selected Answer: A
option A correct: The problem is “SSH traffic does not match in the ACL” and “CoPP policy is applied for receiving SSH traffic from the WAN interface” so we should apply CoPP on the control plane interface instead.
upvoted 3 times
bk989
1 year, 5 months ago
An interface policy will target all packets that ingress or egress the interface (depending on policy direction - as you note). This could be traffic that's transiting the device or to/from the device itself. When it was applied to interface it was targeting everything going through router and high cpu. No in service-policy it only targeting destined to router: "The CoPP policy targets packets directed to the device, from all sources. This is somewhat similar to how a policy on a SVI would target packets from all its VLAN and trunk ports. " https://community.cisco.com/t5/routing/what-is-difference-when-service-policy-under-interface-and/td-p/2613689#:~:text=The%20service%20policy%20under%20the,are%20destined%20toward%20the%20device.
upvoted 1 times
bk989
1 year, 5 months ago
When it was applied to interface it was targeting everything going through router and high cpu. Now when applied in service-policy it only targeting packets destined to router: "The CoPP policy targets packets directed to the device, from all sources. This is somewhat similar to how a policy on a SVI would target packets from all its VLAN and trunk ports. " https://community.cisco.com/t5/routing/what-is-difference-when-service-policy-under-interface-and/td-p/2613689#:~:text=The%20service%20policy%20under%20the,are%20destined%20toward%20the%20device.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel