D is correct.
In the context of CoPP, ACLs are not used to permit or deny traffic, only identify it for policing. Traffic "denied" by the ACL will simply not be considered in the Class Map, i.e. not policed.
Ref: https://www.cisco.com/en/US/docs/general/Test/dwerblo/broken_guide/copp.html
This example shows how to allow full access for Telnet to the switch from a host in a specific subnet and police the rest of the subnet:
Router(config)# access-list 121 deny tcp host 10.86.183.3 any eq telnet
Router(config)# access-list 121 permit tcp 10.86.183.0 0.0.0.255 any eq telnet
This example shows how to allow full access for Telnet to the switch from a host in a specific subnet and police the rest of the subnet:
Router(config)# access-list 121 deny tcp host 10.86.183.3 any eq telnet
Router(config)# access-list 121 permit tcp 10.86.183.0 0.0.0.255 any eq telnet
Source : https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/copp.pdf
A class map is referencing the ACL, the ACL is being used to match traffic, not to filter traffic.
All traffic that matches access-list 100 entries (permit, or deny statements) will be policed by class map telnet_Copp. Traffic that matches entry 10 of ACL 100 will be allowed if it doesn't exceed a given rate (8000 bps.) Traffic that exceeds this rate will be dropped "exceeded drop"
Although the exhibit shows that no traffic was dropped, under "exceeded" we have a "drop" statement. This means only traffic that conforms to the configured CIR rate (8000 bps) will be permitted.
Apologies, the answer is D. Only traffic permitted by the ACL will be considered as a match for class-map "telnet_copp." If no match is found after processing all classes, packets automatically match the always-defined class, class default. "Class-default" permits all traffic by default unless a policy is explicitly configured to deny it.
I think A.
telnet_copp matches 33 packets, entry 10 20 30 =33packets.
so 10 and 30 allows drop, they have no chance to be policed by CoPP,
20 always allowed.
40 allowed with a limited CIR.
D means that the host is always allowed, therefore not even being policed in the first place.
The CIR would only apply to those hosts that are undergoing policing.
Looks to me to be C
The CoPP configuration applies a rate limit to Telnet traffic match ACL 100, allowing it to be transmitted, but with a limited CIR of 8000. (Committed Information Rate)
A. Traffic that matches entry 10 of ACL 100 is always dropped.
Correct. The access-list 100 denies traffic from host 10.0.0.5 to any destination on port 22. The CoPP configuration polices this traffic with a CIR and drops the packets exceeding the limit.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Mistwalker
Highly Voted 10 months, 2 weeks agodspdassanayake
Most Recent 3 days, 10 hours agoAbdullahMohammad251
2 months agoAbdullahMohammad251
2 months agoAbdullahMohammad251
2 months agoAbdullahMohammad251
2 months agochiacche
2 months, 3 weeks ago[Removed]
6 months agoCCIEPASS99
6 months, 2 weeks ago[Removed]
6 months, 2 weeks ago[Removed]
6 months agoa197cbf
6 months agoRickAO76
7 months, 3 weeks agoClaudiu1
9 months, 1 week agoteems5uk
10 months, 3 weeks ago