Implementing Cisco Enterprise Advanced Routing and Services (ENARSI) — Question 394

The network administrator configured CoPP so that all SNMP traffic from Cisco Prime located at 192.168.1.11 toward the router CPU is limited to 1000 kbps. Any traffic that exceeds this limit must be dropped.

access-list 100 permit udp any any eq 161
!
class-map CM-SNMP
match access-group 100
!
policy-map PM-COPP
class CM-SNMP
police 1000 conform-action transmit
!
control-plane
service-policy input PM-COPP

The network administrator is not getting the desired result for the SNMP traffic and SNMP traffic is getting dropped frequently. Which set of configurations resolves the issue?

Answer options

• A. no access-list 100 access-list 100 permit tcp host 192.168.1.11 any eq 161
• B. no access-list 100 access-list 100 permit udp host 192.168.1.11 any eq 161 ! policy-map PM-COPP class CM-SNMP no police 1000 conform-action transmit police 1000000 conform-action transmit ! control-plane no service-policy input PM-COPP ! interface E 0/0 service-policy input PM-COPP ! interface E 0/1 service-policy input PM-COPP
• C. no access-list 100 access-list 100 permit udp host 192.168.1.11 any eq 161 ! policy-map PM-COPP class CM-SNMP no police 1000 conform-action transmit police 1000000 conform-action transmit
• D. policy-map PM-COPP class CM-SNMP no police 1000 conform-action transmit police 1000000 conform-action transmit

Correct answer: C

Explanation

Option C is correct because it modifies the access-list to allow UDP traffic specifically from 192.168.1.11 and increases the policing rate to 1000000 kbps, which resolves the dropping issue. Option A is incorrect as it changes the protocol to TCP, which is not suitable for SNMP. Option B is incorrect due to unnecessary modifications to the service-policy input configurations, and option D fails to update the access-list, which is essential for allowing the correct traffic.