ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 160 discussion

Actual exam question from Cisco's 300-410
Question #: 160
Topic #: 1
[All 300-410 Questions]

The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23
!
class-map CoPP-TELNET
match access-group 101
!
policy-map PM-CoPP
class CoPP-TELNET
police 100000 conform transmit exceed drop
!
control-plane
service-policy input PM-CoPP
The network administrator is not getting the desired results.
Which set of configurations resolves this issue?

  • A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any
  • B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP
  • C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP
  • D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by WAKIDI at July 6, 2022, 11:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
deech
1 month, 2 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
[Removed]
9 months, 2 weeks ago
Selected Answer: A
A is correct
upvoted 1 times
...
mgiuseppe86
1 year, 7 months ago
Selected Answer: A
a better fitting answer would be “access-list 101 permit tcp any any eq 23” in order to police all telnet traffic, which is what the questions asks. Otherwise, all traffic is being policed here.
upvoted 3 times
...
guy276465281819372
1 year, 8 months ago
permit ip any any eq 23 would be nice to have
upvoted 1 times
...
David98898998
1 year, 10 months ago
This is a stupid question because the "permit ip any any" is going to police all traffic except for two particular hosts Telnet traffic. It will not do as desired. Still, A is best answer.
upvoted 2 times
...
Xerath
2 years, 2 months ago
Selected Answer: A
The given answer is correct.
upvoted 2 times
...
Ghadir2023
2 years, 2 months ago
packets that match a deny rule are excluded from that class and cascade to the next class (if one exists) for classification. Therefore, if we don’t want to CoPP traffic from 10.1.1.1/32 and 172.16.1.1/32, we must “deny” them in the ACL.
upvoted 4 times
...
[Removed]
2 years, 9 months ago
What’s missing here is the definition of ACL 101. A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any This syntax flushes any previous ACL 101 statement denies any Telnet traffic from 10.1.1.1/32 and 172.16.1.1/32 permits any other IP traffic Correct answer. B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP Wrong answer. C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP CoPP policy PM-COPP is already assigned to the control plane context. Wrong answer. D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP Wrong answer.
upvoted 1 times
...
WAKIDI
2 years, 10 months ago
A is the correct answer. reference : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/control_plane_policing_copp.pdf Page 8. This example shows how to allow full access for Telnet to the switch from a host in a specific subnet and police the rest of the subnet: Router(config)# access-list 121 deny tcp host 10.86.183.3 any eq telnet Router(config)# access-list 121 permit tcp 10.86.183.0 0.0.0.255 any eq telnet
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago