Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

March 3rd, 2017 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 37 38 39 41
  1. Anonymous
    June 25th, 2017

    So is this true? AAA: Radius server is 172.120.40.46 and NOT “172.120.39.46
    Also is the rest supposed to be identical in the real exam? thx in advance

  2. Bob_Man
    June 25th, 2017

    Hi, has anyone got 376q in PDF form? I’m not using a windows machine so can’t use VCE. Cheers :-)

  3. Jack
    June 25th, 2017

    @Evil-God the link you provided for VCE player download still has the old version, can you provide the latest version.

  4. Evil-God
    June 25th, 2017

    use the old version for the 376q it will open forget about the version

  5. Jack
    June 25th, 2017

    tried the old version and added the crack but still asking or password.

  6. Jack
    June 25th, 2017

    my bad …. working

  7. Bob_Man
    June 25th, 2017

    Hey guys, any idea what kind of drag & drops are showing up?

  8. Evil-God
    June 26th, 2017

    just Note! for Drag n Drop, CDP and STP must be among the 3 Drag n Drops that should show up.

    but also quick read this link below to get the extra DnD and have more security…

    http://vceguide.com/drag-and-drop-question-33/

  9. Evil-God
    June 26th, 2017

    All 8 Drag n Drops: link below

    https://yadi.sk/d/UdB-6SDf3KSnZB

  10. Bob_Man
    June 26th, 2017

    Thanks man :-)

  11. CCNPExam
    June 26th, 2017

    failed the exam on 24/06/2017 I got 718.
    There was new 4 or 5 D&D quetions, I am planning to do the exam again on Saturday. anyone who has a valid dump please share.

  12. Anonymous
    June 26th, 2017

    ccnpexam hangi dumplara çalışıp sınavı geçemedin. kaç farklı soru vardı senin sınavında yazabilir misin. 376 soru valid değil mi

  13. PortFast
    June 26th, 2017

    ccnpexam hangi dumplara çalışıp sınavı geçemedin. kaç farklı soru vardı senin sınavında yazabilir misin. 376 soru valid değil mi

  14. PortFast
    June 26th, 2017

    CCNpexam which dumplara worked and you did not pass the exam. How many different questions could you write on your exam. 376 questions not valid

  15. CCNPExam
    June 26th, 2017

    PortFast I have worked certprepare Premium Member Quetions.
    LAP AAAdox1,LACP with STP and HSRP was valid but there was new D&D quetion which I can’t remember top of my head. I will give go and retry again but if you have any dumps plz share.
    Many Thanks

  16. abcd
    June 26th, 2017

    @CCNPExam Are there new D&D questions apart from the 8 questions given in the dumps?

  17. Evil-God
    June 26th, 2017

    376q link below:

    https://www.dropbox.com/s/8tjr7ewuhu7stmi/RatedR_Cisco_300-115.vce?dl=0

    all Drag n Drop link below: ready from quest 67 – 100 (all DnD)

    http://vceguide.com/drag-and-drop-question-33/

  18. yote
    June 29th, 2017

    I just failed ccnp 300-115 switch test, used the 262 dump, had lots of new questions and drag and drops, need the new dump 376q in pdf please!!!

  19. DaZ
    June 30th, 2017

    Passed yday! Sims still relevant, 376 good for this

  20. shibe
    June 30th, 2017

    Evil-God’s 376q link is not opening. Any working links to 376q dump?

  21. Anonymous
    July 1st, 2017

    Passed this morning! 376Q and DnD Sims still relevant. gl

  22. San
    July 1st, 2017

    @evil-god The 376q link is not working. Please update it. Thanks

  23. John
    July 3rd, 2017

    Please anyone share the latest dumps i will really appreciate or email me itmann at outlook dot com.
    Regards,
    John

  24. Netman
    July 3rd, 2017

    Failed – Lots of questions related to SPAN. Understand port mirroring correctly.
    The SIMs are as stated here (AAA and LACP with VTP).
    Know STP protocols and differences. 802.1w,s,d etc.
    One lab on FHRP, quite simple, working out decrements and priorities.
    Some random CDP questions and LLDP MED.
    Typical Cisco passable, however many questions not related to what I studied or even the Video course I did (CCNP Switch – Chris Bryant). I did no dumps, this time and paid the price, however felt I learned more rather than memorized questions.
    Good luck.

  25. Anonymous
    July 3rd, 2017

    dot1x and access lists isn’t even on the topic list for 300-115, https://learningnetwork.cisco.com/community/certifications/ccnp/switch_v2/exam-topics

  26. StillLearning
    July 3rd, 2017

    Can someone please post a link to VCE or PDF of 376Q dump. Failed recently – many new Q, need to retest this week. Thanks

  27. DDowner
    July 3rd, 2017

    Anyone know if you have to create the access list as an IP access-list vs standard?

  28. DDowner
    July 3rd, 2017

    nvrmnd on the previous question … I’ve been at this too long =/

  29. mrbean
    July 4th, 2017

    Hi all, Evil God has posted the questions and Drag and drop… I will post them again for you from my dropbox…
    Here you find the 376q, drag&drops (vce and word) and also the software to open the VCE files.

    http ://bit. ly/2uHgpgo

    hope it helps… Some questions of the 376q may be wrong or not complete.. but I focused more on the last 120q of the dump and it helped a lot.. from the D&D only 1 was slightly different wording in the exam… the one with the medim access time etc…
    good luck all

    @DDowner, in the exam question there will be written “no named access list permitted”… so you have to use the standard way.. access-list 10 permit 172……
    but always! read what is written there… it may change

  30. Anonymous
    July 5th, 2017

    has any one got a packet tracer aaadot1x Lab ?

  31. Anonymous
    July 5th, 2017

    or GNS3 ?

  32. Anonymous
    July 6th, 2017

    Can someone send me 401q pdf to debmatt87 at mail.com

  33. Anonymous
    July 11th, 2017

    please i want 401q if anyone can send

  34. Mr Caan
    July 16th, 2017

    hi guys can u confirm me in security lab are you allowed to use ”TAB” or ”?” ??

  35. NoName
    July 18th, 2017

    Hi all,

    You should learn about STP more deeply to pass CCNP Switch…

    sample Q. which frames can you see when you enable PVST+ and change native vlan to x from 1?
    1. BPDU for VLAN 1 which is tagged with 1 on VLAN 1
    2. BPDU for VLAN 1 which is tagged with 1 on VLAN x
    3. BPDU for VLAN 1 which is untagged on VLAN 1
    4. BPDU for VLAN 1 which is untagged on VLAN x
    5. BPDU for VLAN x which is tagged with x on VLAN 1
    6. BPDU for VLAN x which is tagged with x on VLAN x
    7. BPDU for VLAN x which is untagged on VLAN 1
    8. BPDU for VLAN x which is untagged on VLAN x

    – 1,8 are true because PVST+ makes Spanning Tree for each VLAN communicating by PVSTP+ BPDU frame on each VLAN.
    – 3,7 are true because PVST+ has compatible with STP so they also communicate by **standard STP BPDU frame on VLAN 1 which is untagged even if VLAN 1 is not native VLAN**.

    See more: https://supportforums.cisco.com/discussion/11147006/how-bpdu-transmitted-native-vlan-pvst-and-mstp

    The question and answers may be a little more complex in the examination but I believe this comment MUST help you!!!

  36. Amon
    July 21st, 2017

    So the answer for the below question on the dumps is wrong ?

    QUESTION 365
    A question about the behaviour of VLAN 1 BPDUs in a situation where the Native VLAN configured as VLAN 99 and the Native VLAN is Tagged
    A. VLAN 1 STP BPDU tagged through VLAN 1
    B. VLAN 1 STP BPDU untagged through VLAN 1
    C. VLAN 1 STP BPDU tagged through VLAN 99
    D. VLAN 1 STP BPDU untagged through VLAN 99
    E. VLAN 1 STP BPDU tagged through VLAN 1 and 99
    F. VLAN 1 STP BPDU untagged through VLAN 1 and 99
    Correct Answer: BD

  37. GJ
    July 28th, 2017

    Failed 779, all done correctly

    No standard access-list to be configured

  38. Tobby
    July 29th, 2017

    GJ, so sorry
    did you configure a named ACLs or configure number ACL?

  39. GJ
    July 31st, 2017

    Configure named access list and later see the message in bold letters “You are not allowed to configure named access list”

    Removed the named access list & reconfigure, but it seems they have not given the marks

  40. Tobby
    July 31st, 2017

    @GJ ooohhh really?? f*ck :|
    Did you erased the named access list, configured ACL and failed on infrastructure security?? WTF?? so sorry for you :'(

  41. ADIL
    August 2nd, 2017

    is there is anyway we can simulate AAA lab in packet tracer or gns3 . how can i practice AAA lab for exam ?

  42. GJ
    August 4th, 2017

    Passed with 860 on the second attempt.

    Thanks to Certprepare.

  43. John
    August 4th, 2017

    Dear GJ which dump you use for this success. please share your experience
    Regards,
    John

  44. MM
    August 7th, 2017

    @GJ and to everyone.

    Is it safe to use #access-list 10 permit 172.120.40.0 0.0.0.255 instead of the named access-list?

  45. dav
    August 7th, 2017

    Pls can someone explain named and number Acl for me, am confuse really. I will need an example.
    I know in the AAA dump, we got:
    DSW1 (Config)# vlan access-map MYACCMAP 10
    How can i change this named Access to number config.

  46. DJ
    August 8th, 2017

    GJ please share your experience. which dumps useful for succession of exam.

  47. BL
    August 8th, 2017

    Just passed the exam. This simulation come out in exam today.

  48. Anonymous
    August 9th, 2017

    i want donwloaded the AAAdot1x Lab Sim

  49. Shk
    August 10th, 2017

    Please can you explain this?
    Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

    Does that mean we dont enter the following ?
    DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
    DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
    DSW1(config-std-nacl)#exit

  50. nick
    August 15th, 2017

    Looks like 401q is no longer valid. Passleader 418q just released from today if anyone can provide us a full copy of the pdf.

Comment pages
1 37 38 39 41
  1. No trackbacks yet.