Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

March 3rd, 2017 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 40 41 42 41
  1. Uncle Jembo
    January 4th, 2018

    Look I understand how to config most labs with my eyes closed but have tripped up on questions built to trip you up and resit the exam can some nice person out there share the latest Dump with me I can Not afford to fail this exam again, Please

    s a s a g e h e a d @ g m a i l . c o m

    T H A N K Y O U

  2. sholy
    January 7th, 2018

    Hi Everyone, did the switch 300-115 exam and studied all the material including the labs on this site https://www.certprepare.com , passed on Saturday. $12 well spent, certpreapre is 100% valid.with 902 marks. On the exam questions content was the same and the labs that came up were HSRP sim, LACP with STP, AAAdot1x (not to use named ACLs). I think as long as you understand the concepts and have NOT just memorized the material you will be just fine. Now gonna get ready for the Tshoot. Finally. I will see on the other side.

    AAAdot1x (not to use named ACLs)

    ASW1:
    ======
    ASW1>enable
    ASW1#configure terminal
    ASW1(config)#aaa new-model
    ASW1(config)#radius-server host 172.120.40.46 key rad123
    ASW1(config)#aaa authentication dot1x default group radius
    ASW1(config)#dot1x system-auth-control
    ASW1(config)#interface fa0/1
    ASW1(config-if)#switchport mode access
    ASW1(config-if)#switchport access vlan 20
    ASW1(config-if)#dot1x port-control auto
    ASW1(config-if)#exit
    ASW1#copy running-config startup-config
    DSW1:
    =====
    DSW1>enable
    DSW1#configure terminal
    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255
    DSW1(config)#vlan access-map CCNP 10
    DSW1(config-access-map)#match ip address 10
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit
    DSW1(config)#vlan access-map CCNP 20
    DSW1(config-access-map)#action drop
    DSW1(config-access-map)#exit
    DSW1(config)#vlan filter CCNP vlan-list 20
    DSW1(config)#end
    DSW1#copy running-config startup-config
    Good luck Everyone!

  3. 3omda
    January 8th, 2018

    dear all,

    i need help , how can i know that my lap AAA is ok , what the test that i can do also i don’t find the figure so please advise as soon as possible

  4. 3omda
    January 8th, 2018

    is there is a packet tracer for this Lap ?

  5. moon
    January 13th, 2018

    hello,
    I checket this on my lab and working only when I add acl dany any
    Define an access-list:
    DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
    DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
    DSW1(config-std-nacl)#exit

    DSW1(config)#ip access-list standard 20 (syntax: ip access-list {standard | extended} acl-name)
    DSW1(config-std-nacl)#deny any
    DSW1(config-std-nacl)#exit

    Define an access-map which uses the access-list above:
    DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
    DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit

    DSW1(config)#vlan access-map MYACCMAP 20
    DSW1(config)#match ip address 20
    DSW1(config-access-map)#action drop (drop other networks)
    DSW1(config-access-map)#exit
    DSW1(config)#vlan filter MYACCMAP vlan-list 20

  6. moon
    January 13th, 2018

    can someone correct me if I’m wrong??

  7. ali
    January 14th, 2018

    today i take exam 300-115
    aaadot1x (number acclist only ) and lacp labs and vtp 3
    there is some new question
    drag n drop from certprepare are veiled
    labs solution for certprepare is 100% veiled but add number access list in AAA Dot1x lab

  8. ssh
    January 16th, 2018

    @ali, did you use iphelper 563q from the “Share your SWITCH 2.0 experience” section?

    https://www.dropbox.com/s/eqscmnitd6yamk6/300-115_IPHelper_Jan_2018.vce?dl=0

  9. osama
    January 18th, 2018

    hi guys
    why
    vlan access-map CCNP 10 . commands doesn’t work in packet tracer or gns 3 ?

  10. Svajo
    January 19th, 2018

    Guys im currently writing the CCNP Switching exam this month in January. Can somebody please send me the latest vce exam

    sganqa09 @ gmail.com

  11. GreenBanana
    January 20th, 2018

    Hi guys, im planning to take ccnp switch in this month, so could you please share to me your most recent dumps which i can use as a supplement to my review. You can send to my email dark.horse47 at yahoo dot com thank you! ;)

  12. ccie-dump
    January 22nd, 2018

    dumps latest

    free
    cisco
    dumps
    dot com

  13. Fissi
    January 23rd, 2018

    Passed CCNP 300-115 !

    Sims: VTPv3
    Drag & Drop: Switch Port Priorities, STP Components, PortFast/BPDU Guard/BPDU Filter & LLDP-MED TLVs
    Labs: AAA dot1x & LACP with STP

    DUMPS:
    https://docs.google.com/document/d/1qVsdJLMDOohmmkP4Je59PE35eFHVzUxGddD35QsZ3mY/edit?usp=sharing

  14. Qmark
    January 23rd, 2018

    Hey guys, the lab says , authentication should be implemented as close to the host as possible, does it justify the 172.120.39.46 or it should be 172.120.40.46 ?

  15. ali
    January 25th, 2018

    Today I pass The Exam 888
    Labs
    LACP,aadot1x,vtpv3
    the valid file is following
    https://www.dropbox.com/s/eqscmnitd6yamk6/300-115_IPHelper_Jan_2018.vce?dl=0

  16. Gwapito
    January 25th, 2018

    Thanks ali! Tomorrow i will take this exam as well.

  17. dumpspro
    January 26th, 2018

    latest dumps ccnp

    dumpspro.com/ccnp-dumps

  18. TheOne
    January 28th, 2018

    172.120.39.46 or it should be 172.120.40.46 ?

  19. ToninhoCarai
    January 30th, 2018

    Took the exam today and passed. All questions are in the “300-115_IPHelper_Jan_2018-PDF”, labs were dot1x authentication, LACP with STP and VTPv3. Thanks!

  20. Peltrech
    February 1st, 2018

    I was recently suspended in 300-115. Indicate that this simm touched me. Only Cisco made a change: requested that “access-list” not be used

  21. khagga
    February 3rd, 2018

    today passed exam with 916. valid dumps. 300-115 ip helper feb 2018.
    AAA with no named ACL
    LACP with configuration on real interface.
    VTPv3

  22. Anonymous
    February 7th, 2018

    send me the dumps please

  23. Mamusa
    February 7th, 2018

    Could we use “?” on the CLI?

  24. Farhan
    February 13th, 2018

    Appeared in exam today and failed, got 33% marks in security section which definitely means problem with this lab,

    Can anybody tell me if it is necessary to do the configuration

    DSW1(config)#vlan access-map MYACCMAP 20
    DSW1(config-access-map)#action drop (drop other networks)
    DSW1(config-access-map)#exit

    or it will be implicitly denied. Even if it is implicitly denied, putting this configuration shouldnt impact the scopre, Right ?

  25. Anonymous
    February 13th, 2018

    I also only got below 40% on this lab….something must be wrong with this lab….maybe we need a deny ACL or we dont need the MYACCMAP 20?

  26. Teste
    February 14th, 2018

    Passed today! 916 score.

    Every questions are here. Labs VTP/AAA No named ACL / LACP physical.

    I have added the Deny in the AAA lab, even it is implicity and score 92% on Security Topic.

    So I guess that Cisco’s want we add this configuration.

    DSW1(config)#vlan access-map CCNP 20
    DSW1(config-access-map)#action drop
    DSW1(config-access-map)#exit
    DSW1(config)#vlan filter CCNP vlan-list 20
    DSW1(config)#end

  27. MistaDabid
    February 15th, 2018

    I’m beginning to think we need to add an implicit deny to both IP access-list standard and the vlan access-map. I cleared the exam yesterday but got 58% in the security section. Way to go Cisco with requiring an extra step nobody would do in the real world..

    Anyway, good luck folks!

  28. CCNP15
    February 16th, 2018

    HEARE Instant DOWNLOAD
    20 US$ only
    D&D – PortFast / BPDU Guard / BPDU Filter (Official)
    D&D – Port Cost / Switch Port Priority / Port Priority
    D&D – STP Components (Official)
    D&D – LLDP-MED TLVs

    vtp simplet
    AAA Dot1x numbered ACL
    LACP-STP on physical interface

    Copy below link
    ITS INSTANT DOWNLOAD
    http://docs.google.com/document/d/1uNus4y1-rXi7PC78hOzp8HX8rC-f_TyjoNhSe9JlC5Q/edit?usp=sharing

  29. Anonymous
    February 17th, 2018

    @ CCNP15

    Nobody is going to pay $20 for your garbage information. It’s all available for free on this site!

  30. Wood
    February 18th, 2018

    can I have AAA-dot1x LAB in packet tracer.

  31. Wood
    February 18th, 2018

    I have exam in next week,,, Thanks for your quick support for AAA-dot1x lab in packet tracer.

Comment pages
1 40 41 42 41
  1. No trackbacks yet.