Question 2,043 of 2,152
Control Plane Policing (CoPP)hardMultiple ChoiceObjective-mapped

Quick Answer

The answer is a CoPP BGP police rate that is too low, causing intermittent BGP session resets. When the Control Plane Policing (CoPP) policy limits BGP traffic to only 8000 bps, as shown in the configuration, the combined rate of BGP updates and keepalive packets can easily exceed this threshold. The router then drops the excess packets—including critical keepalives—triggering the BGP hold timer to expire and forcing the session to reset, which explains the brief uptime of just over two minutes on R2. On the Cisco CCNP ENARSI 300-410 exam, this scenario tests your understanding of how CoPP interacts with routing protocol stability; a common trap is to overlook that policing applies to all matched traffic, not just updates, so keepalives get dropped too. Remember the memory tip: “Police the updates, not the pulse”—always ensure your BGP police rate accommodates both routing table bursts and steady-state keepalives to avoid flapping.

300-410 Control Plane Policing (CoPP) Practice Question

This 300-410 practice question tests your understanding of control plane policing (copp). Examine the command output carefully: the correct answer depends on what the output actually shows, not on general recall alone. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

A large enterprise network is experiencing intermittent BGP session resets between R1 and R2. R1 has the following relevant configuration: ! R1 control-plane service-policy input CoPP !

access-list 100 permit tcp any any eq bgp

class-map match-all BGP-CLASS match access-group 100 ! policy-map CoPP

class BGP-CLASS

police 8000 conform-action transmit exceed-action drop

class class-default

police 1000000 conform-action transmit exceed-action drop ! R2 shows:

R2#show ip bgp summary

BGP router identifier 2.2.2.2, local AS number 65002 BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        65001   12345   12345        0    0    0 00:02:34        0

What is the root cause?

Question 1hardmultiple choice
Open the full BGP breakdown →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The BGP session is flapping because the CoPP policy drops BGP keepalive packets when the police rate is exceeded.

The CoPP policy is policing BGP traffic to 8000 bps. If the BGP session carries a full routing table, the update messages can exceed this rate, causing drops. The router drops packets, leading to BGP hold timer expiry and session resets. The fix is to increase the police rate for BGP traffic or use a more specific match to avoid policing keepalives.

Key principle: OSPF neighbour adjacency depends on matching area, hello/dead timers, network type, and authentication — IP reachability alone is not enough.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The BGP session is flapping because the CoPP policy drops BGP keepalive packets when the police rate is exceeded.

    Why this is correct

    BGP keepalives are small, but if the overall BGP traffic (including updates) exceeds 8000 bps, the policer drops packets, causing keepalive loss and hold timer expiry.

    Related concept

    OSPF neighbours must agree on key parameters.

  • The access-list 100 is misconfigured; it should match TCP port 179 specifically.

    Why it's wrong here

    The ACL matches any TCP traffic, which is too broad, but the issue is primarily rate-limiting, not misclassification.

  • The class-default police rate is too low, causing all traffic to be dropped, including BGP.

    Why it's wrong here

    The class-default rate is 1 Mbps, which is likely sufficient for other traffic; the problem is specifically the BGP class.

  • The CoPP policy should be applied to the control-plane input direction, but the service-policy is missing the 'control-plane' keyword.

    Why it's wrong here

    The configuration shows 'control-plane' and 'service-policy input CoPP', which is correct.

Common exam traps

Common exam trap: OSPF can fail even when IP connectivity looks correct

OSPF neighbour formation depends on matching areas, timers, network type, authentication and passive-interface behaviour. Do not choose an answer only because the devices can ping.

Trap categories for this question

  • Command / output trap

    The configuration shows 'control-plane' and 'service-policy input CoPP', which is correct.

Detailed technical explanation

How to think about this question

OSPF questions usually test the details that control adjacency and route selection. Read the neighbour state, area, router ID and interface configuration before deciding what is wrong.

KKey Concepts to Remember

  • OSPF neighbours must agree on key parameters.
  • Router ID selection can affect neighbour relationships and LSDB output.
  • OSPF cost influences the preferred path.
  • A route can appear in OSPF information but not become the installed route.

TExam Day Tips

  • Check area mismatch first when OSPF adjacency fails.
  • Review passive interfaces when a network is advertised but no neighbour forms.
  • Use show ip ospf neighbor and show ip route clues carefully.

Key takeaway

OSPF neighbour adjacency depends on matching area, hello/dead timers, network type, and authentication — IP reachability alone is not enough.

Real-world example

How this comes up in practice

A network engineer at a university connects two campus buildings via a fibre link. Both routers run OSPF, but no adjacency forms — even though both routers can ping each other. The engineer finds one router is in area 0 and the other in area 1. OSPF adjacency requires matching area numbers, hello/dead timers, and network type. IP reachability alone is not enough.

What to study next

Got this wrong? Here's your next step.

Review OSPF neighbour requirements — matching area type, hello and dead timers, network type, stub flags, and authentication. Study show ip ospf neighbor states (INIT, 2-WAY, FULL). Then practise related 300-410 OSPF questions on adjacency and route selection.

Related practice questions

Related 300-410 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 300-410 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 300-410 question test?

Control Plane Policing (CoPP) — This question tests Control Plane Policing (CoPP) — OSPF neighbours must agree on key parameters..

What is the correct answer to this question?

The correct answer is: The BGP session is flapping because the CoPP policy drops BGP keepalive packets when the police rate is exceeded. — The CoPP policy is policing BGP traffic to 8000 bps. If the BGP session carries a full routing table, the update messages can exceed this rate, causing drops. The router drops packets, leading to BGP hold timer expiry and session resets. The fix is to increase the police rate for BGP traffic or use a more specific match to avoid policing keepalives.

What should I do if I get this 300-410 question wrong?

Review OSPF neighbour requirements — matching area type, hello and dead timers, network type, stub flags, and authentication. Study show ip ospf neighbor states (INIT, 2-WAY, FULL). Then practise related 300-410 OSPF questions on adjacency and route selection.

What is the key concept behind this question?

OSPF neighbours must agree on key parameters.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

1 more ways this is tested on 300-410

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. A network engineer notices that BGP sessions between two directly connected routers are flapping every few minutes. The routers are running IOS-XE 17.3 and have CoPP enabled. The engineer checks the CoPP policy and sees a class-map matching BGP packets with a police rate of 8000 bps. The BGP session uses MD5 authentication and the routers exchange a full BGP table with 500,000 prefixes. What is the most likely cause of the BGP session flapping?

hard
  • A.The BGP MD5 authentication is causing excessive CPU utilization, triggering CoPP drops.
  • B.The CoPP police rate of 8000 bps is too low for the BGP keepalive and update traffic, causing packet drops.
  • C.The CoPP class-map is not matching BGP packets correctly because it uses a wrong access-list.
  • D.The BGP hold timer is set too low, causing the session to reset before CoPP drops are noticed.

Why B: The CoPP policy is policing BGP control plane packets at a rate of 8000 bps, which is insufficient for the BGP keepalive and update traffic. BGP keepalives are sent every 60 seconds by default, but with 500,000 prefixes, the initial BGP update traffic can easily exceed 8000 bps, causing packets to be dropped and the session to flap.

Last reviewed: Jun 18, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 300-410 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 300-410 exam.