Question 1,390 of 2,152
SNMP TroubleshootingmediumMultiple ChoiceObjective-mapped

SNMP Traps Not Received: ACL Direction Misconfiguration

This 300-410 practice question tests your understanding of snmp troubleshooting. The scenario asks you to isolate a root cause — eliminate options that address a different problem before choosing. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

An engineer is troubleshooting why the NMS is not receiving SNMP traps from router R2. The configuration includes 'snmp-server enable traps', 'snmp-server host 10.1.1.100 version 2c public', and an extended ACL 100 that permits UDP port 162 from 10.1.1.100. The NMS can ping R2. What is the most likely cause?

Clue words in this question

Noticing these words before you look at the options changes how you read each choice.

  • Clue: "most likely"

    Why it matters: Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

Quick Answer

The answer is an ACL direction misconfiguration: the extended ACL 100 is applied inbound on the interface, but it must be applied outbound to allow SNMP traps to leave the router. SNMP traps are unsolicited messages sent from the router’s source port 162 to the NMS’s destination port 162, so the ACL must permit this outbound traffic from the router’s own IP to the NMS. The described ACL only permits incoming UDP 162 from the NMS, which blocks the trap transmission. On the Cisco CCNP ENARSI 300-410 exam, this tests your understanding that ACL direction is relative to the router’s perspective—traffic leaving the router requires an outbound ACL, even if the NMS is the ultimate destination. A common trap is assuming the ACL should mirror the NMS’s receive direction. Remember the memory tip: “Traps go out, so ACL points out.”

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The ACL is applied inbound on the interface, but it should be applied outbound to allow trap packets to leave the router.

The most likely cause is that the ACL is applied inbound on the interface, but it should be applied outbound to allow trap packets to leave the router. SNMP traps are UDP packets sourced from the router (typically from a random high port) and destined to the NMS at UDP port 162. An inbound ACL filters traffic entering the interface, not leaving it, so it would not affect outgoing trap packets. Applying the ACL outbound would permit the trap traffic to exit the router and reach the NMS.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The ACL is applied inbound on the interface, but it should be applied outbound to allow trap packets to leave the router.

    Why this is correct

    Correct because traps are sent from the router; the ACL must permit outbound UDP port 162 to the NMS, not inbound.

    Clue confirmation

    The clue word "most likely" in the question point toward this answer.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The 'snmp-server host' command is missing the 'trap' keyword, causing the router to send informs instead.

    Why it's wrong here

    Incorrect because 'snmp-server host' defaults to traps; no keyword is needed.

  • The community string 'public' is case-sensitive; the NMS is using 'Public' with a capital P.

    Why it's wrong here

    Incorrect because case sensitivity would cause authentication failure, but the NMS can ping, and the issue is likely ACL-related.

  • The router needs the 'snmp-server trap-source' command to specify the source interface for traps.

    Why it's wrong here

    Incorrect because while trap-source can help, it is not required; the default source IP is the outgoing interface IP.

Common exam traps

Common exam trap: answer the scenario, not the keyword

Cisco often tests the distinction between inbound and outbound ACL application, and candidates mistakenly think an inbound ACL can filter locally generated traffic like SNMP traps, when in fact only outbound ACLs affect traffic leaving the router.

Trap categories for this question

  • Keyword trap

    Incorrect because 'snmp-server host' defaults to traps; no keyword is needed.

Detailed technical explanation

How to think about this question

SNMP traps are UDP datagrams sent from the agent (router) to the manager (NMS) on UDP port 162. When an extended ACL is applied inbound on an interface, it filters packets arriving at that interface; outbound ACLs filter packets leaving. Since traps are generated by the router itself, they are subject to outbound ACLs on the exit interface. A common real-world scenario is applying an ACL inbound on the management interface to restrict incoming traffic, inadvertently leaving traps unblocked, but if the ACL is applied inbound, it has no effect on outgoing traps.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security administrator must allow nursing staff to reach a patient records server while blocking access from the guest Wi-Fi VLAN. After applying an extended ACL, traffic is still blocked from nursing workstations. The ACL was applied outbound instead of inbound on the wrong interface. Questions like this test ACL direction and placement rules.

Visual reference

Source Router + ACL permit 10.0.0.0/8 deny any Server 10.0.0.5 ✓ 192.168.1.1 ✗ dropped ACLs evaluate top-down; first match wins — implicit deny all at end

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related 300-410 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free 300-410 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this 300-410 question test?

SNMP Troubleshooting — This question tests SNMP Troubleshooting — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: The ACL is applied inbound on the interface, but it should be applied outbound to allow trap packets to leave the router. — The most likely cause is that the ACL is applied inbound on the interface, but it should be applied outbound to allow trap packets to leave the router. SNMP traps are UDP packets sourced from the router (typically from a random high port) and destined to the NMS at UDP port 162. An inbound ACL filters traffic entering the interface, not leaving it, so it would not affect outgoing trap packets. Applying the ACL outbound would permit the trap traffic to exit the router and reach the NMS.

What should I do if I get this 300-410 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Are there clue words in this question I should notice?

Yes — watch for: "most likely". Probability qualifier — the question wants the most probable cause or outcome, not a guaranteed one. Eliminate low-probability options.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More 300-410 practice questions

Last reviewed: Jul 4, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This 300-410 practice question is part of Courseiva's free Cisco certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the 300-410 exam.