Policy Map
Question 1
Refer to the exhibit.
| police cir percent 10 conform-action proceed exceed-action set-mpls-experimental-topmost 6 |
A PE router is configured with a policy map that contains the policer shown. The policy map is configured in the inbound direction of an interface feeing a CE router. If the PE router receives 12Mb/s of traffic with the CoS value set to 7 on a 100-Mb/s interface from the CE router, what value of MPLS EXP is set when this traffic goes through the policer shown?
A. 0
B. 6
C. 7
D. 8
Answer: B
Question 2
Refer to the exhibit.
Which two statements about how the configuration processes Telnet traffic are true? (Choose two)
A. Telnet traffic from 10.1.1.9 to 10.10.10.1 is dropped.
B. All Telnet traffic is dropped.
C. Telnet traffic from 10.10.10.1 to 10.1.1.9 is permitted.
D. Telnet traffic from 10.1.1.9 to 10.10.10.1 is permitted.
E. Telnet traffic is permitted to all IP addresses.
Answer: A C
I do not get the answer to question 2, isn’t it supposed to permit traffic from 10.1.1.9 to 10.10.10.1 as stated in the acl?
Yeah, I don’t understand how the Answer is AC.
If packet header has Source=10.1.1.9, Destination=10.10.10.1, for the telnet protocol, the ACL should pass it. If a packet for the CoPP for any other telnet session comes in, it should be denied.
Correct, the ACL does match S=10.1.1.9, D=10.10.10.1, however you have to see what the Policer is doing. Match the ACL, and whatever conforms DROP, and whatever exceeds, DROP. Everything else matches the class-default and that passes the traffic. Correct answers are A and C
Q2: talk about a tricky question…
Correct Answer is A & C
Correct Answer is A & B – ACL does match S=10.1.1.9, D=10.10.10.1, however you have to see what the Policer is doing. Match the ACL, and whatever conforms DROP, and whatever exceeds, DROP
Also you should see ACL 20 , which drops any other telnet traffic also , so the matches happening in the class-default will be traffic which is not a telnet …. so the answer must be A & B
“Correct Answer is A & B” -> wrong, it’s A and C. ACL 20 doesn’t drop anything, it only says that all telnet traffic except the one from ACL 10 doesn’t match. ACL 20 is only here to make the question tricky, if this statement was not here the ACL behaviour will be the same (because of the implicit deny all): match telnet from 10.1.1.9 to 10.10.10.1, everything else doesn’t match the ACL.