Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

October 3rd, 2018 in Lab Sim, LabSim Go to comments


Answer and Explanation

1) Configure ASW1

Enable AAA on the switch:
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)

Note: In fact, there is an implicit “deny all” command at the end of each VLAN access-map so we don’t need to deny other networks. Therefore there is no problem if you don’t enter the “vlan access-map MYACCMAP 20” above.

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then instead of using the following commands:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)

We only need to use one command to configure number ACL:

DSW1(config)#access-list 10 permit

The “” is the range of RADIUS servers for authentication and it does not need to be in the same range of host devices (surely DSW1 must have a route to RADIUS servers

Other lab-sims in this site:

LACP with STP Sim
VTP Lab 2
Spanning Tree Lab Sim

Comment pages
1 74 75 76 41
  1. @2$
    July 31st, 2019

    so any updates on which dumps better ?

    August 1st, 2019

    For valid July 2019 dump, contact me: cisco4career @ gmail . com

  3. Anonymous
    August 10th, 2019

    Hi IP Helper, Pls email me July 2019 dump on syedmr4 at yahoo.co.uk

  4. Scofield
    August 14th, 2019

    Hi IP Helper, Pls email me valid July 2019 with vce file at mikescofield791ATgmail.com

  5. yugoos
    August 15th, 2019

    hi IP Helper, please email me July 2019 dump on yugoosATgmail.com
    thanx, yuri

  6. Roger
    September 8th, 2019

    Hi Everyone,

    This is for clarification, I saw many of you are confused by using 40. or 39.

    So here is a simple explanation:

    First it will depend upon the question in the exam, if it says host host, then use 40.
    and if it says host host, then use 39.

    Now some of you use it only at the beginning with:
    radius-server host key rad123 , and then use permit , only because it was written in the ANSWER cheat like this .

    SO if you were one of the people who got host ( then your answer at radius and permit lines will be this:

    radius-server host key rad123

    and if you were one of the lucky ones and get 40,then do as the answer cheat and put (40) for both lines:

    radius-server host key rad123

    AND after all you have passed your CCNA, so a knowledge like different network/subnet must be clear to you. and don’t ever take any answer as a guaranteed one, do your own research if you were confused.


  7. Fabdot
    September 8th, 2019

    Hi, IPHELPER please email me july 2019 dumps at fabio.dit AT inwind.it

  8. Nomi
    September 23rd, 2019

    Hi everyone Please send me the latest dumps of ccnp switch if anyone have please noman334jbATgmail.com

    September 30th, 2019

    for valid and updated dump, please contact me: cisco4career @ gmail . com

  10. Anonymous
    October 3rd, 2019

    hi IP Helper, please email me September 2019 dump to demo19661 (at) freenet dot de
    thank you.


  11. Roger
    October 5th, 2019

    I think I am mistaken, sorry

  12. Burìk
    November 6th, 2019

    Why do we have to enable dot1x authentication on fa0/1 alone? Is there only one PC connected to ASW1 in the actual exam?

  13. JAJA
    November 21st, 2019

    Anyone got the labsim for AAA?.


  14. Darth
    December 14th, 2019

    @JAJA, no but if you configure a c7200 router on GNS3, you will be able to enter most commands, except two lines on ASW1.

    It’s something…

  15. Reiki
    December 20th, 2019

    @Darth ok But these commands has been deprecated on IOS.

    AAA is now based on server-client configuration.

    Are we sure that this solution is correct?

  16. Spiderman
    December 23rd, 2019

    This is still on the test?
    all the comments are on HSRP, VTP3 and STP with LACP.

  17. Batman
    December 31st, 2019

    @ Spiderman, I think you’re right. Last comment I seen on this was back in July but all recent comments are all HSRP, STP with LACP and VTP3

  18. Anonymous
    January 14th, 2020

    Thank u guys i Just Past the CCNP 300-115

  19. Shak
    January 27th, 2020

    Hi Anonymous,
    Congratulations. Could you plz let me know that which dump you have studied for the CCNp 300-115. Is it possible then to email me that dump. Thanks in advance …

  20. Anonymous
    January 28th, 2020

    Hi, Can anyone please send me the dumps for 300-115 at waqa1975@gmail dot com. Regards

  21. Paco
    February 18th, 2020

    Does this sim continue appearing in the examn?

Comment pages
1 74 75 76 41
  1. No trackbacks yet.