Is there a reason to not use the existing MQC vs adding an ACL to the interface?
SolutionGuide shows a new ACL being applied to the interface. This seems to be the SG tendancy for blocking "Private Addresses".
For me, it seems cumbersome to have so many things on a single interface. The only issue I see, was that it was necessary to reorder the policy-map so that the DROP statement comes before ICMP rate-limit (task 6.1).
I think that both ways are correct. I just want to be sure that there is not a special reason for using the ACL (vs MQC). Thanks.
Here is my config for this task:
Policy Map FROM_BB1
Class FROM_PRIVATE_ADDRESSES
drop
Class ICMP
police cir 8000 bc 1000
conform-action transmit
exceed-action drop
ip access-list extended FROM_PRIVATE_ADDRESSES
permit ip 192.168.0.0 0.0.255.255 any
permit ip 172.16.0.0 0.15.255.255 any
permit ip 10.0.0.0 0.255.255.255 any