300-410 Control Plane Policing (CoPP) • Complete Question Bank
Complete 300-410 Control Plane Policing (CoPP) question bank — all 0 questions with answers and detailed explanations.
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Class-map: CoPP-SSH (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 110 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Class-map: class-default (match-any) 1250 packets, 75000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: any
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show access-lists 100
Extended IP access list 100
10 permit icmp any any echo
20 permit icmp any any echo-reply
30 permit icmp any any time-exceeded
40 permit icmp any any unreachable
R1# show policy-map control-planeControl Plane
Service-policy input: CoPP-IN
Class-map: CoPP-ICMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-BGP (match-all) 500 packets, 30000 bytes 5 minute offered rate 1000 bps, drop rate 500 bps Match: access-group 120 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 300 packets, 18000 bytes; actions: transmit exceeded 100 packets, 6000 bytes; actions: drop violated 100 packets, 6000 bytes; actions: drop
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-SNMP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 130 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
R1# show access-lists 130
Extended IP access list 130
10 permit udp any any eq snmp
20 permit udp any any eq snmptrapBased on this output, what is the most likely reason that no packets are matching the CoPP-SNMP class?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-OSPF (match-all) 1000 packets, 60000 bytes 5 minute offered rate 2000 bps, drop rate 0000 bps Match: access-group 140 police: cir 64000 bps, bc 12000 bytes, be 12000 bytes conformed 1000 packets, 60000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-DEFAULT (match-any) 5000 packets, 300000 bytes 5 minute offered rate 4000 bps, drop rate 2000 bps Match: any police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 3000 packets, 180000 bytes; actions: transmit exceeded 1000 packets, 60000 bytes; actions: drop violated 1000 packets, 60000 bytes; actions: drop
Based on this output, what is the most likely impact on the router?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-EIGRP (match-all) 200 packets, 12000 bytes 5 minute offered rate 1000 bps, drop rate 0000 bps Match: access-group 150 police: cir 16000 bps, bc 3000 bytes, be 3000 bytes conformed 200 packets, 12000 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
R1# show ip eigrp neighbors
EIGRP-IPv4 neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 10.1.1.2 Gi0/0 13 00:10:00 1 200 0 5
Based on this output, which statement is correct?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-BGP (match-all) 0 packets, 0 bytes 5 minute offered rate 0000 bps, drop rate 0000 bps Match: access-group 120 police: cir 32000 bps, bc 6000 bytes, be 6000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop violated 0 packets, 0 bytes; actions: drop
R1# show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.1.1.2 4 200 10 10 1 0 0 00:05:00 5
Based on this output, what is the most likely problem?
A network engineer runs the following command on Router R1:
R1# show policy-map control-plane
Control Plane
Service-policy input: CoPP-IN
Class-map: CoPP-ICMP (match-all) 100 packets, 6000 bytes 5 minute offered rate 500 bps, drop rate 500 bps Match: access-group 100 police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 50 packets, 3000 bytes; actions: transmit exceeded 25 packets, 1500 bytes; actions: drop violated 25 packets, 1500 bytes; actions: drop
Based on this output, what is the most likely impact on the router?
Examine the following CoPP configuration on a Cisco IOS-XE router:
!--- ACL to match traffic
access-list 100 permit tcp any any eq 22 access-list 100 permit tcp any any eq 23 access-list 100 permit icmp any any echo
! !--- Class-map class-map match-all COPP-MGMT match access-group 100 ! !--- Policy-map policy-map COPP-POLICY
class COPP-MGMT
police 8000 conform-action transmit exceed-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! !--- Apply to control-plane control-plane service-policy input COPP-POLICY
What is the effect of this configuration?
Consider the following CoPP configuration:
class-map match-any COPP-ROUTING match protocol ospf match protocol eigrp match protocol bgp ! policy-map COPP-POLICY
class COPP-ROUTING
police 32000 conform-action transmit exceed-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY
What is a potential issue with this configuration?
Analyze the following partial configuration:
access-list 101 permit tcp any any eq 179 access-list 101 permit udp any any eq 646 access-list 101 permit ospf any any
! class-map match-all COPP-BGP match access-group 101 ! policy-map COPP-POLICY
class COPP-BGP
police 48000 conform-action transmit exceed-action drop
class class-default
police 128000 conform-action transmit exceed-action drop !
interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0
! control-plane service-policy input COPP-POLICY
Which statement is true?
Examine this CoPP configuration:
ip access-list extended COPP-ACL permit tcp any any eq 22 permit tcp any any eq
23
permit icmp any any echo
! class-map match-all COPP-CLASS match access-group name COPP-ACL ! policy-map COPP-POLICY
class COPP-CLASS
police 10000 1500 1500 conform-action transmit exceed-action drop violate-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY
What is the effect of the police command in class COPP-CLASS?
Consider the following CoPP configuration:
access-list 150 permit tcp any any eq 179 access-list 150 permit udp any any eq 646
! class-map match-all COPP-CORE match access-group 150 ! policy-map COPP-POLICY
class COPP-CORE
police 64000 conform-action transmit exceed-action drop
class class-default
police 128000 conform-action transmit exceed-action drop ! control-plane service-policy input COPP-POLICY
What is missing from this configuration to also protect against ICMP-based control-plane attacks?
Examine this CoPP configuration:
ip access-list extended PROTECT-ACL permit tcp any any eq 22 permit tcp any any eq
23
permit tcp any any eq 179
! class-map match-all PROTECT-CLASS match access-group name PROTECT-ACL ! policy-map PROTECT-POLICY
class PROTECT-CLASS
police 16000 conform-action transmit exceed-action drop
class class-default
police 64000 conform-action transmit exceed-action drop ! control-plane service-policy input PROTECT-POLICY
What will happen to SSH traffic that exceeds 16000 bps?
A large enterprise network is experiencing intermittent BGP session resets between R1 and R2. R1 has the following relevant configuration: ! R1 control-plane service-policy input CoPP !
access-list 100 permit tcp any any eq bgp
class-map match-all BGP-CLASS match access-group 100 ! policy-map CoPP
class BGP-CLASS
police 8000 conform-action transmit exceed-action drop
class class-default
police 1000000 conform-action transmit exceed-action drop ! R2 shows:
R2#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 65002 BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 1.1.1.1 4 65001 12345 12345 0 0 0 00:02:34 0
What is the root cause?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show policy-map control-plane input class class-default
Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any police: cir 1000000 bps, bc 31250 bytes, be 31250 bytes conformed 0 packets, 0 bytes; actions: transmit violated 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps, violated 0 bps
What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show ip access-lists CoPP-ACL
Extended IP access list CoPP-ACL
10 permit tcp host 10.1.1.1 any eq bgp (100 matches)
20 permit udp any any eq 67 (50 matches)
30 permit icmp any any echo (200 matches)
40 deny ip any any (500 matches)What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show policy-map control-plane input class CoPP-Class
Class-map: CoPP-Class (match-all) 1500 packets, 120000 bytes 5 minute offered rate 10000 bps, drop rate 5000 bps Match: access-group name CoPP-ACL police: cir 8000 bps, bc 1500 bytes, be 1500 bytes conformed 1000 packets, 80000 bytes; actions: transmit exceeded 500 packets, 40000 bytes; actions: drop conformed 8000 bps, exceed 2000 bps, violated 0 bps
What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# debug ip ospf adj
OSPF adjacency debugging is on R1#
*Mar 1 00:05:23.123: OSPF: Rcv pkt from 10.1.1.2, FastEthernet0/0, area 0.0.0.0, packet type: 1 (Hello) *Mar 1 00:05:23.123: OSPF: 2 Way Communication to 10.1.1.2 on FastEthernet0/0, state 2WAY *Mar 1 00:05:23.124: OSPF: Send immediate hello to nbr 10.1.1.2, src address 10.1.1.1, on FastEthernet0/0 *Mar 1 00:05:23.124: OSPF: Rcv pkt from 10.1.1.2, FastEthernet0/0, area 0.0.0.0, packet type: 2 (DBD) *Mar 1 00:05:23.125: OSPF: Rcv DBD from 10.1.1.2, seq 0x1234, opts 0x2, flag 0x7, mtu 1500 state EXSTART *Mar 1 00:05:23.126: OSPF: Nbr 10.1.1.2 has state FULL
What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show ip route summary IP routing table name: Default-IP-Routing-Table (0x0) IP routing table maximum-paths: 32
Route entry limits: 1000000 active, 2000000 total Number of prefixes: 500 Prefixes with memory: 500 Number of paths: 600 Paths with memory: 600 Number of operations: 1200 Number of deleted entries: 0
What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show bgp ipv4 unicast 10.1.1.0/24
BGP routing table entry for 10.1.1.0/24, version 10 Paths: (1 available, best #1, table default) Advertised to update-groups: 1 Refresh Epoch 1 Local
10.1.1.2 from 10.1.1.2 (10.1.1.2)
Origin IGP, metric 0, localpref 100, valid, external, best Last update: Mon Mar 1 00:05:23 2024
What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show bgp neighbors 10.1.1.2 advertised-routes
BGP table version is 10, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.2.2.0/24 0.0.0.0 0 32768 i
Total number of prefixes 1
What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show bgp neighbors 10.1.1.2 received-routes
BGP table version is 10, local router ID is 10.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path *> 10.3.3.0/24 10.1.1.2 0 100 0 i
Total number of prefixes 1
What does this output indicate?
A network engineer runs the following command to troubleshoot a Control Plane Policing (CoPP) issue:
R1# show ip ospf interface detail
FastEthernet0/0 is up, line protocol is up Internet Address 10.1.1.1/24, Area 0.0.0.0, Attached via Network Statement Process ID 1, Router ID 10.1.1.1, Network Type BROADCAST, Cost: 1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.1.1, Interface address 10.1.1.1 Backup Designated router (ID) 10.1.1.2, Interface address 10.1.1.2 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:03 Supports Link-local Signaling (LLS) Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0) Last flood scan length is 1, maximum is 25 Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 10.1.1.2 (Backup Designated Router) Suppress hello for 0 neighbor(s)
What does this output indicate?