Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) — Question 318

The network administrator configured the router for Control Plane Policing so that inbound SSH traffic is policed to 500 kbps. This policy must apply to traffic coming in from 10.10.10.0/24 and 192.168.10.0/24 networks.

access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 23
!
class-map CLASS-SSH
match access-group 100
!
policy-map PM-COPP
class CLASS-SSH
police 500000 conform-action transmit
!
interface E0/0
service-policy input PM-COPP
!
interface E0/1
service-policy input PM-COPP

The Control Plane Policing is not applied to SSH traffic and SSH is open to use any bandwidth available. Which configuration resolves this issue?

Answer options

• A. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22
• B. interface E0/0 no service-policy input PM-COPP ! interface E0/1 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP
• C. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22 ! policy-map PM-COPP class CLASS-SSH no police 500000 conform-action transmit police 500000 conform-action transmit exceed-action drop
• D. no access-list 100 access-list 100 permit tcp 10.10.10.0 0.0.0.255 any eq 22 access-list 100 permit tcp 192.168.10.0 0.0.0.255 any eq 22 ! interface E0/0 no service-policy input PM-COPP ! interface E0/1 no service-policy input PM-COPP ! control-plane service-policy input PM-COPP

Correct answer: D

Explanation

Option D is correct because it ensures that the Control Plane Policing policy is applied to the control plane, allowing SSH traffic to be policed correctly. The other options either do not apply the service policy correctly or fail to address the policing of SSH traffic as intended.