There is a bit of reverse psychology going on in this question. The Access list matches SSH traffic that isn't 10.0.0.5 and the policy map then drops that match traffic. But 10.0.0.5 was never matched and therefore never dropped.
Therefore the answer must be A.
The ACL's actually have nothing to do with controlling flows within CoPP:
1. “Any Access List ACL entries prefixed with a ‘deny’ or ‘permit’ actually instruct the CoPP Policy to ignore the identified traffic“
2. "Traffic "denied" by the ACL will simply not be considered in the Class Map, i.e. not policed."
3. (bonus) “CoPP supports inbound and outbound policies; however, outbound policies are not commonly used”
The "provides unlimited SSH access" requirement effectively states no rate limiting, so "A" as "C" has a rate limit statement.
hth
I love this question, the correct answer is A, because all packets that do not match aforementioned host are dropped….You would logically expect the deny clause matching packets to be dropped , but they are just filtered out, so they wouldn’t be dropped by policy
Explanation:
Access List:
access-list 100 permit tcp host 10.0.0.5 any eq 22: This line allows SSH traffic from the specific host 10.0.0.5.
access-list 100 deny tcp any any eq 22: This line denies SSH traffic from all other sources.
Class-map:
class-map match-all telnet_copp: This class-map matches the traffic defined by access list 100.
Policy-map:
The policy-map CoPP defines how to handle the traffic. The police 8000 command allows traffic at a rate of 8000 Kbps, which essentially provides unlimited bandwidth for the matched traffic.
The Answer should be "D" not A or C ----the question asks to "ALLOW" from 10.0.0.5
"A" would Deny 10.0.0.5, and allow everything else, which completely reversed. the Answer in right format is "D"
disregard. the Deny statement is "A" deny's it from being used by the Policy Map, thus "allowing" it. ----then the permit statement, will allow the policy-map to Drop everything else.
1. Create an ACL to permit SSH traffic from 10.0.0.5, deny all other SSHs.
- permit tcp host 10.0.0.5 any eq 22
- deny tcp any any eq 22
2. Create a class-map
3. Create a policy-map
- police 8000 = 8000 bits per second (bps)
- should not drop
4. Apply the policy-map
Acceso SSH ilimitado:
Significa que no hay restricciones para establecer conexiones SSH desde un cliente específico (en este caso, 10.0.0.5).
No implica automáticamente que el tráfico sea ilimitado en términos de velocidad o ancho de banda. Simplemente asegura que el cliente tiene acceso completo a la sesión SSH, sin bloqueos.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
wemustpass
Highly Voted 3 months, 2 weeks agoNetworkJanitor
Most Recent 1 month, 1 week agoa67c04a
1 month, 4 weeks agozbeugene7
2 months, 2 weeks agoandrpercud
2 months, 2 weeks agoKdom07
3 months agoKdom07
3 months agochiacche
3 months, 3 weeks agoShri_Fcb10
3 months, 2 weeks agochiacche
3 months, 3 weeks agoRichardIzarra
1 month, 2 weeks agoRfvaz
3 months, 3 weeks ago