Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

March 3rd, 2017 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 41 42 43 41
  1. STUDENT
    April 2nd, 2018

    i need ao add to the access list deny any any ?

  2. Confuse guy
    April 4th, 2018

    Hello, do we have any command to verify post configuration?

    @STUDENT, no need. We only permit the subnet we wanted into the ACL and put it into access map. Thats all. The deny part will be done on access map

  3. Anonymous
    April 8th, 2018

    can we use “?” in sim qns?

  4. mimikongag
    April 18th, 2018

    latest valid CCNP Exam questions
    dumps
    pro
    dot
    com

  5. ROB
    April 28th, 2018

    Hi my friends, i need your help

    How do you know that the server is 172.120.39.46 and not 172.120.40.46?
    where do they mention the server’s address or how do they reach that conclusion?

  6. Kongo_boy
    April 30th, 2018

    when i type a comand:
    “radius-server host 172.120.40.46 key rad123”

    Warning: The CLI will be deprecated soon
    ‘radius-server host 172.120.40.46 key rad123’
    Please move to ‘radius server ‘ CLI.
    Who knows what is it?

  7. Anonymous
    May 1st, 2018

    Hi, 28 April, Pass 8xx, some new cuestions, Lab LACP y AAA, HSRP. Thanks for all. CCNP Route next.

  8. Znet
    May 9th, 2018

    Hi fasfasf,

    the link is not accessible.

  9. dimsum
    May 17th, 2018

    VACL has an implicit deny all at the end anyways, what’s the point of this?

    DSW1(config)#vlan access-map MYACCMAP 20
    DSW1(config-access-map)#action drop (drop other networks)
    DSW1(config-access-map)#exit

    This is redundant and I’m wondering if you’ll loose points for something like that.

  10. Anonymous
    May 25th, 2018

    Hi every1. I just passed CCNP 300-115. On a GODLY grace: 798. passed. I cannot tell you to use my dump, For it was just a few Objectives that came out from it. Sim: AAA; LACP & STP; VTP V3.
    Pls choose your own dump. No dump is guarantee. Study and know it very well.

  11. NetworNinja
    May 28th, 2018

    @Kongo_boy

    For the command – “radius-server host 172.120.40.46 key rad123”
    Cisco is now recommending using groups to define radius servers, should you have mutiple.

    aaa server group radius <>
    server <>

    aaa dot1x authentication default group <>

    Hope this helps =) Good Luck !

  12. Anonymous
    May 30th, 2018

    Hello Team !
    Thanks to God. I pass the exam just few minutes.
    All questions were from the dumps
    My email : coopersaphir @ gmail . com
    Contact me to get the dumps !
    Good luck Team

  13. caza00
    May 30th, 2018

    Can anyone explain to me why only fastEthernet 0/1 is activated to use 802.1x and fa0/2-3 are not?

    Thank you

  14. A_IP
    June 8th, 2018

    Hi All,
    Could you please comment on this question?
    Which three settings are part of a default LLDP configuration? (Choose three.)
    A. The LLDP hold time is 120 seconds.
    B. The LLDP global state is disabled.
    C. The LLDP reinitialisation delay is 5 seconds.
    D. The LLDP interface state is enabled.
    E. The LLDP timer is 60 seconds.
    Correct Answer: ABD
    I checked the documentation related to Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. on Cisco Catalyst 2960. Based on that the correct Answers are: A and D

  15. 2/3 CCNP
    June 8th, 2018

    Just passed with an 881. This SIM is still 100% accurate.

  16. Jo
    June 11th, 2018

    What Labs, Simlets, DND are actual in the exam? Which questions do you remember out of the exam?

  17. China
    June 13th, 2018

    @ A_IP

    I can confirm B is correct. Tested on a 2960, 3560, 4500-X, 3750 & 3750-X

  18. ccnp
    June 15th, 2018

    @ A_IP answer A, B and C

  19. Anonymous
    June 19th, 2018

    does anyone have diagram and question to the above sim?

Comment pages
1 41 42 43 41
  1. No trackbacks yet.