AAAdot1x Lab Sim

i just want thank u all. the simulations are eigrp, stp with lacp, hsrp, &aaa authe. passed with 912

Anyone with packet tracer AAAdot1x Lab Sim, kindly send to me via address shikamoore@gmail.com

i taking switch on 20.04.2013

i am giving paper on 28 april 2013

can any one send me CCNP switching latest dumps on nikunj_ec09@yahoo.com

Hey’ Shikamoore,
Did anyone send Packet Tracer lab for the AAAdot1x Lab Sim? If yes, can you send to mepls.
I’ve been working with GNS and emulated 3560′s. The config works for DSW1, but not the ACL commands for ASW1….

Taking Exam next week!
Please assist here=
ccna_ccnp_1000@rocketmail.com

can any one share lab for me.. I will be doing my exam on 25/04/2013

can any one share lab for me.. I will be doing my exam on 25/04/2013.. anadde7@gmail.com

I’ll be doing my exam 23/04/2013 if anyone have this sim @ pakettracer plz send to Zero.Code2K13@gmail.com

This is the “Sh run” output of the SWs in the AAAdot1x Lab as it is presented to you when you first log into them:

Sh run (ASW1)

!!!Output omitted!!!
!
hostname ASW1
!
!
no aaa new-model
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
description access port for vlan 20
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
!
!!!Output omitted!!!

Sh run (DSW1)

!!!Output omitted!!!
!
hostname DSW1
!
!
no aaa new-model
Switch 1 provision ws-c3750g-24t
!
ip subnet-zero
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface GigabitEthernet1/0/1
description trunk line to ASW1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
!
interface GigabitEthernet1/0/2
shutdown
!
interface GigabitEthernet1/0/3
shutdown
!
interface GigabitEthernet1/0/4
shutdown
!
interface GigabitEthernet1/0/5
shutdown
!
interface GigabitEthernet1/0/6
shutdown
!
interface GigabitEthernet1/0/7
shutdown
!
interface GigabitEthernet1/0/8
shutdown
!
interface GigabitEthernet1/0/9
description trunk line to the server farm
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
speed 100
duplex full
!
interface GigabitEthernet1/0/10
shutdown
!
interface GigabitEthernet1/0/11
shutdown
!
interface GigabitEthernet1/0/12
shutdown
!
interface GigabitEthernet1/0/13
shutdown
!
interface GigabitEthernet1/0/14
shutdown
!
!!!Output omitted!!!

===========
Considerations
===========
This Lab can not be simulated in Packet Tracer and only the 802.1x part can be simulated in GNS3.
Some people reported the following error with the exam simulation so pay special attention before hitting enter and make sure the commands are properly typed:
-The exam simulation engine will not let you update the SW config after you saved it to the startup file.
-The exam simulation engine will not let you go back to the SW once you exit it.
-The exam simulation engine will not let you modify a command after it was entered.
In the exam simulation the “?” sign and “TAB” key work as in normal SWs but the commands displayed are only the ones valid for this particular simulation.
Remember that some commands in normal SWs are not needed if they are already present in the “sh run” output but this is a simulation and may be required, it will not harm to enter them.
Authentication should be Implemented as close to the host device as possible in this case “ASW1″. VLAN filtering should be Implemented as close to the server farm as possible in this case “DSW1″.
Before starting with the config issue a “Sh run” to see how the SW is configured.
This scenario in particular mentions that there is a new VLAN 40 added to the network, however, it does not tell you to configure anything using VLAN 40 so you can ignore it.
Only ports on VLAN 20 are required to be secured using dot1x authentication and the only port configured on VLAN 20 is fa0/1 (this is why ports Fa0/2 and Fa0/3 are not configured with authentication).
Even when the exam states that the RADIUS server is not installed yet you must configure “dot1x port-control auto” in the interface, have in mind that the exam does not tells you that the port must be active now or that is something already connected to it, it only says that the users must authenticate using dot1x and that the RADIUS server will be installed in the future, so the statae of the port after enabling it is not important in this case. In a normal production SW if no RADIUS server exists and the auto option is configured the port will go to up down state and no user data will be forwarded.
The simulation also requests that packets coming from devices in with IPs on subnet 172.120.40.0/24 should be passed on VLAN 20 and packets from devices in any other address range should be dropped on VLAN 20. This suggests that vlan 20 is the only vlan where you need to set the access-map on. The command syntax is “vlan filter {map-name} vlan-list {vlan-list}

VACLs and VLAN accesss-map
•VACLs use standard and extended Cisco IOS IP and MAC layer-named ACLs and VLAN access maps.
•VLAN access maps can be applied to VLANs for VACL capture.
•The action clause in a VACL can be forward, drop, capture, or redirect. Traffic can also be logged. You can specify only one match clause and one action clause per map sequence. If you do not specify the map sequence number, a number is automatically assigned.
•The forward vlan action implements Policy-Based Forwarding (PBF), bridging between VLANs.
•Each VLAN access map can consist of one or more map sequences; each sequence has a match clause and an action clause. The match clause specifies IP or MAC ACLs for traffic filtering and the action clause specifies the action to be taken when a match occurs. When a flow matches a permit ACL entry, the associated action is taken and the flow is not checked against the remaining sequences. When a flow matches a deny ACL entry, it will be checked against the next ACL in the same sequence or the next sequence. If a flow does not match any ACL entry and at least one ACL is configured for that packet type, the packet is denied.
Note: VACLs have an implicit deny at the end of the map; a packet is denied if it does not match any ACL entry, and at least one ACL is configured for the packet type. If an empty or undefined ACL is specified in a VACL, any packets will match the ACL, and the associated action is taken. In this example, IP traffic matching the VLAN ACL named “VLAN_ACL” is forwarded and all other IP packets are dropped (As you can see there is no need to explicitly define a new access-map line to drop the remaining traffic):
SW1(config)# vlan access-map mordred 10
SW1(config-access-map)# match ip address VLAN_ACL
SW1(config-access-map)# action forward
SW1(config-access-map)# exit
SW1(config)# vlan filter mordred vlan-list 2

===========
Configurations
===========

Switsh ASW1 configuration:

ASW1#conf ter
ASW1(config)#aaa new-model———————————————->Enable AAA authentication on the SW
ASW1(config)#radius-server host 172.120.39.46 key rad123 —>Adds RADIUS server “172.120.39.46″ and encryption key “rad123″
ASW1(config)#aaa authentication dot1x default group radius —>AAA will use dot1x as the default authentication method and will use all the RADIUS servers configured in this SW.
ASW1(config)#dot1x system-auth-control ——————————>Enables dot1x Authentication

ASW1(config)#int fastEthernet 0/1
ASW1(config-if)#switchport mode access ——————————>Entering this command in normal SWs is not necessary if it is already present in the “sh run” output but remember: this is a simulation and may be required, it will not harm to enter it.
ASW1(config-If)#switchport access vlan 20 —————————->Entering this command in normal SWs is not necessary if it is already present in the “sh run” output but remember: this is a simulation and may be required, it will not harm to enter it.
ASW1(config-If)#dot1x port-control auto ———————————>This enables 802.1X authentication on the interface. In auto mode no client connected to that port will be allowed to pass user traffic until the port has been authorized by the authorization server.
ASW1(config-If)#no shut
ASW1(config-If)#exit
ASW1(config)#exit
ASW1#sh run ———————————————————————->To check the config before writing it to the startup config.
ASW1#copy run start————————————————————>If this command does not work you can try using the “?” sign to search for he enabled save commands.
ASW1#exit

Switsh DSW1 configuration:

DSW1#conf ter
DSW1(config)#ip access-list standard 10 —————–>”10″ is the access-list number used to identify the ACL (can be a number ranging from 1 to 99).
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

DSW1(config)#vlan access-map MAP 1 ———————————>”1″ is the line number 1 of the access-map named “MAP”
DSW1(config-access-map)#match ip address 10 ——————–>”10″ is the access-list number used to identify the ACL (can be a number ranging from 1 to 99).
DSW1(config-access-map)#action forward —————————–>This is the action that will be applied to the traffic matched on ACL “10″ (Specified in the line above)
DSW1(config-access-map)#exit
DSW1(config)# vlan access-map MAP 2———————————>You can enter this command if you want, it will not affect the grade but is not required because VLAN access-maps have an implicit “deny any” at the end.
DSW1(config-access-map)# action drop———————————->You can enter this command if you want, it will not affect the grade but is not required because VLAN access-maps have an implicit “deny any” at the end.
DSW1(config-access-map)# exit———————————————>You can enter this command if you want, it will not affect the grade but is not required because VLAN access-maps have an implicit “deny any” at the end.
DSW1(config)#vlan filter MAP vlan-list 20 ——————————->Applies the VLAN access-map named “MAP” to vlan 20
DSW1(config)#exit
ASW1#sh run ———————————————————————->To check the config before writing it to the startup config.
DSW1#copy run start————————————————————>If this command does not work you can try using the “?” sign to search for he enabled save commands.
ASW1#exit

gave ma ccnp switching exam yest. got a score of 967/1000

The lab which came in the exam are:-
AAAdot1x lab
LACP with STP
Eigrp
hotspot :- HSRP

there is slight changes in the stp lab

we need to remove the switchport access command on interface fa0/3 – 4

answer :-

interface range fastethernet 0/3 – 4
no switchport mode access
no switchport access vlan 98

——————

Give switchport mode trunk command on the fa0/3 – 4
——————

change the spanning tree mode to rapid-pvst on switch B
——————-

make switch B transparent mode…

guys!! copy run start command wont work in any of the labs..its fn.. u will get 100% without dat command.soo dnt worry

In eigrp lab..d question asked was for eigrp 65010.

The HSRP which came for hotspot..there was one new question which was been added
its question no. 6!! dnt remb the quest, but the answer is 150…ol d best for ur exam peepss..do well..god bless

also we need to use etherchannel
commad are as follows

interface portchannel 1
switchport trunk allowed vlan 1,21-23

Verification:- show interface trunk

Hello sp,

I understand from this discussion thread that AAA SIM cannot create in packet tracer. So, is there any other way I can practice this SIM? I don’t have physical switch unfortunately to practice. Appreciate, any help.

d only way is to study the commands and understand it..you can evn take help from cisco doc.
U cant operate the lab evn in GNS3

Pass the exam today. Exactly what you see here is what the exam entails. Just do it as is then you’ll get a good passing mark i forgot to apply the last stement “vlan filter MYACCMAP vlan-list 20″. realized after i submited and for that i lost 50%. however i passed with 890.
Good luck all. i’m now going to do Route. Cheers!

Hello,
could anyone send me labs in eigrp, stp with lacp, hsrp, &aaa?
I will have the exam in two weeks.My email aglaglait@gmail.com

Thanks you

Thanks sp and JakyMix. I’ll follow your suggestion too. Will seat this exam next week. Wish me luck. Thanks

just passed yesterday with score of 1000

100% valid for boomish
labs are:
1. eigrp hotspot
2. aaa dot1x
3. lacp switcha & switchb
4. eigrp & layer 3 config

Hello Buko,

Please which hotspot is eigrp? or did you mean to say HSRP? Really want to know because I’m preparing to write on Monday.

Thanks.

Today i gave switching exam…got failed..co.figuration does not saved on systm..copy running- config startup-config was not get enabing while in exam…so be carefull..

I got vtp,eigrp mls and vlan map labs.total 43 questions and including 3 labs.

Prakadh.M

tomarrow i will be appear in the exam..hope for the best

passed today…got 890

labs are:
1. eigrp hotspot
2. aaa dot1x
3. lacp switcha & switchb
4. eigrp & layer 3 config

@buko from ph- could u please send to my mail the latest dumps, labs, mcqs, drag and drop, just everything u used for the exam.. My mail is fgba80@yahoo.com. pls i need to write my exam soonest. tnx

@NM
Thank you so much for the AAA Sim explanation and config. That really helped out.
I will be testing tomorrow
Wish me luck!

This was on the Exam today -

Testing Soon: GOOD LUCK !!!
Dont forget to come back here to tell us how it goes :)

@NM
Hey man I passed it today and sure enough this sim was on it. The Radius server IP Address was different and int fa0/1 was already mode access and in vlan 20.
Other than that the rest was exactly the same. LACP and EIGRP were my other 2 labs.
Thank you so much for the help!!!!

Somebody could tell me what’s the HSRP lab in the exam? Thanks in advance.

My mail is paraelrestodelascosas@gmail.com

should we assign fa0/1 to vlan 20?

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#switchport access vlan 20

today on the exam. Exactly the same!

Thanks!

Hi,
@certprepare, @ ghost thanks u all
@all
In vtp lab 1,
I think ghost left some command, to think ourselves to work this lab correctly.
Even we configure like this, it will not work because although both switches are set to server and client, they did not synchronize vtp information.
Because we should check status of trunk interfaces which is connected between switches by using “sh int trunk” command.
You will see nothing on both switches on upper downloaded link pkt file.
Moreover, we will not complete without adding switchport to their respective vlan and making them switchport mode access.
You will not see this in question but you can see this question on the picture.
Even if the question did not state that we should check this by using
“sh vlan” command.
Here is complete command on both switches and work very well.
Use thes command on both switches to check status
“sh vlan”, “sh vtp status”, “sh interfaces trunk”
We are now start to configure
DLSwitch#conf t
DLSwitch(config)#vtp mode server
DLSwitch (config)#vtp domain cisco
DLSwitch (config)#vlan 20
DLSwitch (config-vlan)#ex
DLSwitch (config)#vlan 21
DLSwitch (config-vlan)#ex
DLSwitch (config)#int vlan 20
DLSwitch (config-if)#no shut
DLSwitch (config-if)#ip address 172.16.71.1 255.255.255.0
DLSwitch (config-if)#ex
DLSwitch (config)#int vlan 21
DLSwitch (config-if)#no shut
DLSwitch (config-if)#ip address 172.16.132.1 255.255.255.0
DLSwitch (config-if)#ex
DLSwitch (config)#ip routing
DLSwitch (config)#int fa 0/1(cable between two switches )
DLSwitch (config-if)#no shut
DLSwitch (config-if)#no switchport mode access
DLSwitch (config-if)#switchport trunk encapsulation dpt1q
DLSwitch (config-if)#switchport mode trunk
DLSwitch(config)#copy running-config startup-config

ALSwitch#conf t
ALSwitch(config)#vtp mode client
ALSwitch(config)#vtp domain cisco
ALSwitch(config)#int fa 0/2
ALSwitch(config-if)#switchport mode access
ALSwitch(config-if)#switchport access vlan 20
ALSwitch(config-if)#exit
ALSwitch(config)#int fa 0/3
ALSwitch(config-if)#switchport mode access
ALSwitch(config-if)#switchport access vlan 21
ALSwitch(config-if)#exit
ALSwitch(config)#copy running-config startup-config

Now you can ping between two pcs which will make u a complete lab.

// we don’t need to configure switchport trunk on ALSwitch because it is automatically trunk auto mode. They will negotiate themselves.

I hope this will helpful for u all, good luck in networking environment.
Moreover my command are here because of certprepare website and ghost’s labs. Thanks u too.

hello any one pls clarify this points
Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.

– vlan filter MYACCMAP vlan-list 20 and this command the name is MYACCMAP so is it any thing or same and wat is vlan-list 20 that means vlan 20 or what pls clear this

@Shruthi

Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24. Meaning: only 172.120.40.0/24 network is allowed on Vlan 20, all other networks are not allowed.

vlan filter MYACCMAP vlan-list 20 : We are applying Map name (MYACCMAP) on VLAN 20, on the whole we are only allowing 172.120.40.0/24 network or devices on VLAn 20 rest are not allowed.

Please correct me if i’m wrong.

Why is everybody saying fa0/1, while the image shows fa0/10 is the interface to the other switch?

Hy friends please send me AAAdot1x Lab Sim (packet tracer) coz I am going to attend exam next Monday. My email is staywithpurna@gmail.com

Thanks in advance.

Failed my exam with 726/1000 yesterday. Couple of questions on IP SLA and DHCP that are not on these dumps. Anyone who has the latest questions on them, may you please send me on mthombenims@gmail.com

Friends,
Can someone mind sending me packet tracer file for this lab?

Thanks in Advance.

How to verify this lab once all configs mentioned here are configured?

yes , we need to know how to verify this lab after finishing akk required configuration

- Is there any need to add the below portion of the config of the valn access map even it is required ??? , as it suppose to happen by default and the last statement is deny all by default.

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Download link for updated ccnp switching 642-813 pass4sure dumpwith 60days update http://exammaterials.tophonors.com this website includes video/onlune study materials .

This SIM was on the exam. Same commands, nothing different.

I have the same question of mohamed, it is really necessary add the action “drop” in the last line??

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

hi dearest, i passed my exam which i did on 1st of june. the challenge i faced was on LACP with STP
SW-A(config)#interface range Fa0/3 – 4
SW-A(config-if-range)#no switchport mode access
SW-A(config-if-range)#no switchport access vlan 98 (These two commands must be deleted to form a trunking link)
this is very important to avoid mismatch error
and also ur root primary should not include the native vlan 99( show run u will see it at switchA n B)
also try to configure step by step as instructed to avoid error alerts. thank u and i wish u all yet to write the exam best of luck.

Per the AAA Dot1x (LAB) Top of page..
How you know which interface to place the ‘port-control’ on?
Where to place the PORT-Control?

Configure Fa0/1 to use 802.1x: (Does the Test Question) instruct you to place?
ASW1(config)#interface fastEthernet 0/1
(config-if)dot1x port-control auto.

thanks ALL!

I completed ccnp switching .I prepared exam only with the help of pass4sure 155 questions .Which was really helpful .
http://learn.to/examdump.weebly.co refer this site

When you retake the exam .. it will be the same ??

does it necessary to put the fa0/1 into vlan 20

#switch port mode access vlan 20

THnxx A lot .. All Labs Are Same .. I Cleared My Exam Yesterday With 980 marks :)

just do what sais here i pass today my exam score 1000

Hi, will be taking my certification CCNP Switch next week,, any changes?

Failed my switch exam.. I used Boomish – labs are good, but I did poorly on them. Keep an eye out for new questions that were not on Boomish