"Over Configuration" and the lab

My understanding is that there is no penalty for over configuration in the lab and I'd like someone to confirm.

Here's an example that I was wondering about while working on VOL2 - (Lab 5, Task 6.2).

We need to block ICMP from Network behind BB3 to R1 and/R6.

We are not permitted to make the configuration change on R1 or R6.

Considering this, we create a VACL and apply it on the switch.

In my case, because R1 and R6 are mentioned specifically, I will match the host addresses in the VACL.

Also, there are multiple switches where the VACL could be applied, I went with applying it closest to the source (which is SW2 connected to BB2 in this case).

 

The solution presented achieves the same thing but doesn't adhere to the strict wording mentioning the specific routers - it blocks ICMP from BB2 to the entire subnet.

 

In my eyes, both solutions are valid but at the lab is this the case?

I would consider the option where we block ICMP to the subnet as "over configuration".

At grading time, I guess they will just try to ping to the hosts so both should work and be valid solutions?

 

EDIT: too many tags open, should have been posted in techical I guess. Can't move it now :-)

 

Comments

  • Script is doing the grading.

    Achieve desired result and get the points. So the script as you say would try to ping and depending on output you would get the points. To summarize:

    Solve task

    Don't break restrictions

    Get the points

     

    To score the points you must be very good on the verification. So practice, practice, practice verification when doing your labs.

  • Got it! Thankyou sir [Y]

  • peetypeety ✭✭✭

    Simple: think like a proctor.  Go through a mock exam or similar sometime for the purpose of grading it, and write out all of the commands you'd use to grade it.  Make sure you write commands to check that you didn't violate any rules, and of course check to make sure the network is doing what the question asks of you.

    Now take the exam, and grade yourself.  Did you satisfy the script?  If so, points.  If not, NO POINTS.

    Reading what you wrote, the task says to block ICMP from network.  Bzzzt...two hosts != network, you fail.

    If you're supposed to block a network, block the network.  The question told you to block a network.

    (I was guilty of over/mis-configuration too many times.  Eventually it'll sink in that you just answer the question...)

    Read this: http://ieoc.com/forums/t/25027.aspx

Sign In or Register to comment.