"Over Configuration" and the lab
My understanding is that there is no penalty for over configuration in the lab and I'd like someone to confirm.
Here's an example that I was wondering about while working on VOL2 - (Lab 5, Task 6.2).
We need to block ICMP from Network behind BB3 to R1 and/R6.
We are not permitted to make the configuration change on R1 or R6.
Considering this, we create a VACL and apply it on the switch.
In my case, because R1 and R6 are mentioned specifically, I will match the host addresses in the VACL.
Also, there are multiple switches where the VACL could be applied, I went with applying it closest to the source (which is SW2 connected to BB2 in this case).
The solution presented achieves the same thing but doesn't adhere to the strict wording mentioning the specific routers - it blocks ICMP from BB2 to the entire subnet.
In my eyes, both solutions are valid but at the lab is this the case?
I would consider the option where we block ICMP to the subnet as "over configuration".
At grading time, I guess they will just try to ping to the hosts so both should work and be valid solutions?
EDIT: too many tags open, should have been posted in techical I guess. Can't move it now :-)