Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

March 3rd, 2017 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 40 41 42 41
  1. Uncle Jembo
    January 4th, 2018

    Look I understand how to config most labs with my eyes closed but have tripped up on questions built to trip you up and resit the exam can some nice person out there share the latest Dump with me I can Not afford to fail this exam again, Please

    s a s a g e h e a d @ g m a i l . c o m

    T H A N K Y O U

  2. sholy
    January 7th, 2018

    Hi Everyone, did the switch 300-115 exam and studied all the material including the labs on this site https://www.certprepare.com , passed on Saturday. $12 well spent, certpreapre is 100% valid.with 902 marks. On the exam questions content was the same and the labs that came up were HSRP sim, LACP with STP, AAAdot1x (not to use named ACLs). I think as long as you understand the concepts and have NOT just memorized the material you will be just fine. Now gonna get ready for the Tshoot. Finally. I will see on the other side.

    AAAdot1x (not to use named ACLs)

    ASW1:
    ======
    ASW1>enable
    ASW1#configure terminal
    ASW1(config)#aaa new-model
    ASW1(config)#radius-server host 172.120.40.46 key rad123
    ASW1(config)#aaa authentication dot1x default group radius
    ASW1(config)#dot1x system-auth-control
    ASW1(config)#interface fa0/1
    ASW1(config-if)#switchport mode access
    ASW1(config-if)#switchport access vlan 20
    ASW1(config-if)#dot1x port-control auto
    ASW1(config-if)#exit
    ASW1#copy running-config startup-config
    DSW1:
    =====
    DSW1>enable
    DSW1#configure terminal
    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255
    DSW1(config)#vlan access-map CCNP 10
    DSW1(config-access-map)#match ip address 10
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit
    DSW1(config)#vlan access-map CCNP 20
    DSW1(config-access-map)#action drop
    DSW1(config-access-map)#exit
    DSW1(config)#vlan filter CCNP vlan-list 20
    DSW1(config)#end
    DSW1#copy running-config startup-config
    Good luck Everyone!

  3. 3omda
    January 8th, 2018

    dear all,

    i need help , how can i know that my lap AAA is ok , what the test that i can do also i don’t find the figure so please advise as soon as possible

  4. 3omda
    January 8th, 2018

    is there is a packet tracer for this Lap ?

  5. moon
    January 13th, 2018

    hello,
    I checket this on my lab and working only when I add acl dany any
    Define an access-list:
    DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
    DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
    DSW1(config-std-nacl)#exit

    DSW1(config)#ip access-list standard 20 (syntax: ip access-list {standard | extended} acl-name)
    DSW1(config-std-nacl)#deny any
    DSW1(config-std-nacl)#exit

    Define an access-map which uses the access-list above:
    DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
    DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit

    DSW1(config)#vlan access-map MYACCMAP 20
    DSW1(config)#match ip address 20
    DSW1(config-access-map)#action drop (drop other networks)
    DSW1(config-access-map)#exit
    DSW1(config)#vlan filter MYACCMAP vlan-list 20

  6. moon
    January 13th, 2018

    can someone correct me if I’m wrong??

  7. ali
    January 14th, 2018

    today i take exam 300-115
    aaadot1x (number acclist only ) and lacp labs and vtp 3
    there is some new question
    drag n drop from certprepare are veiled
    labs solution for certprepare is 100% veiled but add number access list in AAA Dot1x lab

  8. ssh
    January 16th, 2018

    @ali, did you use iphelper 563q from the “Share your SWITCH 2.0 experience” section?

    https://www.dropbox.com/s/eqscmnitd6yamk6/300-115_IPHelper_Jan_2018.vce?dl=0

Comment pages
1 40 41 42 41
  1. No trackbacks yet.