Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) — Question 187

The network administrator configured R1 for Control Plane Policing so that the inbound Telnet traffic is policed to 100 kbps. This policy must not apply to traffic coming in from 10.1.1.1/32 and 172.16.1.1/32. The administrator has configured this: access-list 101 permit tcp host 10.1.1.1 any eq 23 access-list 101 permit tcp host 172.16.1.1 any eq 23
!
class-map CoPP-TELNET
match access-group 101
!
policy-map PM-CoPP
class CoPP-TELNET
police 100000 conform transmit exceed drop
!
control-plane
service-policy input PM-CoPP
The network administrator is not getting the desired results.
Which set of configurations resolves this issue?

Answer options

• A. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any
• B. control-plane no service-policy input PM-CoPP ! interface Ethernet 0/0 service-policy input PM-CoPP
• C. no access-list 101 access-list 101 deny tcp host 10.1.1.1 any eq 23 access-list 101 deny tcp host 172.16.1.1 any eq 23 access-list 101 permit ip any any ! Interface E 0/0 service-policy input PM-CoPP
• D. control-plane no service-policy input PM-CoPP service-policy input PM-CoPP

Correct answer: A

Explanation

Option A is correct because it properly denies the Telnet traffic from the specified hosts and permits all other IP traffic, allowing the policy to work as intended. The other options either misconfigure the access-list or service-policy settings, which do not resolve the issue of Telnet traffic being policed incorrectly.