请教一下350-401，Q106

诺_pzj

Which configuration restricts the amount of SSH that a router accepts 100 kbps?

C. class-map match-all CoPP_SSH

match access-group name CoPP_SSH

!

Policy-map CoPP_SSH

class CoPP_SSH

police cir 100000

exceed-action drop

Control-plane

service-policy input CoPP_SSH

!

Ip access-list extended CoPP_SSH

deny tcp any any eq 22

!

D. class-map match-all CoPP_SSH

match access-group name CoPP_SSH

!

Policy-map CoPP_SSH

class CoPP_SSH

police cir 100000 exceed-action drop

!

Control-plane transit

service-policy input CoPP_SSH

!

Ip access-list extended CoPP_SSH

permit tcp any any eq 22

这题，答案说是选C，为什么不是D呢，acl里面不是应该匹配eq22的流量吗，为什么是deny呢？

AnonyKwan

Correct answer should be D
According to the OCG,
ACLs matching traffic identified by EPC and network documentation. Notice that these ACLs do not restrict access and are open, allowing any- one to send traffic matching the protocols.

诺_pzj

AnonyKwan 发表于 2020-7-12 10:15
Correct answer should be D
According to the OCG,
ACLs matching traffic identified by EPC and netwo ...

thanks for your help

yuypei

感谢大佬的答案