Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

October 3rd, 2018 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Note: In fact, there is an implicit “deny all” command at the end of each VLAN access-map so we don’t need to deny other networks. Therefore there is no problem if you don’t enter the “vlan access-map MYACCMAP 20” above.

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 43 44 45 41
  1. Anonymous
    April 1st, 2019

    @Neil and Osya kindly please forward valid 300-115 switching dump, i had an invalid dump it cost me money R4021 and a low score of 480. tebogoleshaba900atgmaildotcom, CCNA expires on 25 April

  2. mostafa
    April 9th, 2019

    Hi Neil,

    Kindly share CCNP SWITCH 300-115 dump premium file to (( mosty2562002 @ gmail . com )). I have my exam next week. Thanks

  3. mostafa
    April 9th, 2019

    Hi Osya,

    Kindly share CCNP SWITCH 300-115 dump premium file to (( mosty2562002 @ gmail . com )). I have my exam next week. Thanks

  4. Yeah
    April 9th, 2019

    Why was it 172.120.39.46 instead of 172.120.40.46?

  5. Vitynejo
    April 9th, 2019

    Pass on 09th April with 914 score. My lab is HRSP, VTP and AAA dot1q (not permit named ACLs in my lab). Few new question (6 of 47)

    Dump valid IPHelper. Thanks certprepare!

  6. Need Help
    April 11th, 2019

    OK I am really confused on the AAA lab. I took the test on 4/9/19 and failed because of the AAA lab. My lab said NO NAME ACCESS-LIST. So we can’t use “DSW1(config)# ip access-list standard 10” Also I don’t remember if the radius server address was 172.120.39.46 or 172.120.40.46 on the test. If I can’t use a name access-list then configuration listed above is NOT correct. Any help would be great, my cert expires in 7 days.

  7. Need Help
    April 11th, 2019

    OK this will work for the AAA SIM question and NOT using a named ACL. ip access-list standard {acl-name | acl-num} so ip access-list standard 10 is correct. Next, why are they changing the radius host address from the instruction? Am I missing a simple reason? The instruction says – Radius server host: 172.120.40.46 but in the configs we are showing radius-server host 172.120.39.46 key rad123.
    Thanks in advance

  8. zd
    April 19th, 2019

    Hi everyone,

    Please, if you can send valid 300-115 dumps (({email not allowed}))

  9. zd
    April 19th, 2019

    Hi everyone,

    Please, if you can send valid 300-115 dumps to (( zdarsadze @ gmail . com ))

  10. Need Help
    April 19th, 2019

    WOW this place is dead.. Anyway passed this week. AAA Lab, HSRP Lap questions, alot of SPAN, couple of drag and drops.

    Good luck everyone.

  11. Anonymous
    April 22nd, 2019

    I think that both of below conf are correct:

    DSW1(config)#ip access-list standard 10 ——- {No ACL here not named one}
    DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
    DSW1(config-std-nacl)#exit
    or
    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

    also, Did you made the configuration at all interfaces F 0/1, F 0/2, F 0/3 or just F 0/1

  12. Anonymous
    April 22nd, 2019

    This sim is Valid. I sat for 300-115 Today and there are many questions that are covered by Certprepare.com

  13. fadi
    April 23rd, 2019

    Dear can any one send me full configuration of aaa lab with no acl name

  14. XXX
    April 26th, 2019

    This is correct:

    1) Configure ASW1

    ASW1(config)#aaa new-model
    ASW1(config)#radius-server host 172.120.39.46 key rad123
    ASW1(config)#aaa authentication dot1x default group radius
    ASW1(config)#dot1x system-auth-control

    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#switchport mode access
    ASW1(config-if)#switchport access vlan 20
    ASW1(config-if)#dot1x port-control auto

    2) Configure DSW1:

    DSW1(config)#ip access-list 10 permit 172.120.40.0 0.0.0.255

    DSW1(config)#vlan access-map ccnp 10
    DSW1(config-access-map)#match ip address 10
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit

    DSW1(config)#vlan access-map ccnp 20
    DSW1(config-access-map)#action drop
    DSW1(config-access-map)#exit

    DSW1(config)#vlan filter ccnp vlan-list 20

    DSW1#copy running-config startup-config

  15. XXX
    April 26th, 2019

    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255 (Not with ip)

  16. share please
    April 28th, 2019

    Hi Anyone who has
    Could you share link to dl 300-115_IPHelper_March_2019
    or email to ai m 4 sk ie s @ h otm ail . co m

  17. Sushi
    April 28th, 2019

    @Neil
    Hi Neil,
    Would you please share the dump with me please? (soroushkahn2001 @ gmail . com)
    Thank you so much!

  18. thatNZgirl
    April 30th, 2019

    Can anyone tell me where can i practise the LABs? My exam is literally in 2 days:(
    Any help would be appreciated :)

  19. DC
    May 1st, 2019

    Valid 1st of may 2019

  20. Bazraman
    May 5th, 2019

    Who is the Radius server as I don’t see any config for that
    Is DSW1 acting as the server something else.

  21. MikeTheMan
    May 11th, 2019

    This is correct:

    1) Configure ASW1

    ASW1(config)#aaa new-model
    ASW1(config)#radius-server host 172.120.39.46 key rad123
    ASW1(config)#aaa authentication dot1x default group radius
    ASW1(config)#dot1x system-auth-control

    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#switchport mode access
    ASW1(config-if)#switchport access vlan 20
    ASW1(config-if)#dot1x port-control auto

    2) Configure DSW1:

    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

    DSW1(config)#vlan access-map ccnp 10
    DSW1(config-access-map)#match ip address 10
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit

    DSW1(config)#vlan access-map ccnp 20
    DSW1(config-access-map)#action drop
    DSW1(config-access-map)#exit

    DSW1(config)#vlan filter ccnp vlan-list 20

    DSW1#copy running-config startup-config

  22. Osya
    May 16th, 2019

    Updated IPhelper May 2019. Contact me at: cisco4career(at)gmail(dot)com

  23. Anonymous
    May 18th, 2019

    Valid Sim. Had this on my Exam Today. I passed Switch, now on to Route!

Comment pages
1 43 44 45 41
  1. No trackbacks yet.