Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

October 3rd, 2018 in Lab Sim, LabSim Go to comments


Answer and Explanation


1) Configure ASW1

Enable AAA on the switch:
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)

Note: In fact, there is an implicit “deny all” command at the end of each VLAN access-map so we don’t need to deny other networks. Therefore there is no problem if you don’t enter the “vlan access-map MYACCMAP 20” above.

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit

Other lab-sims in this site:

LACP with STP Sim
VTP Lab 2
Spanning Tree Lab Sim

Comment pages
1 41 42 43 41
    April 2nd, 2018

    i need ao add to the access list deny any any ?

  2. Confuse guy
    April 4th, 2018

    Hello, do we have any command to verify post configuration?

    @STUDENT, no need. We only permit the subnet we wanted into the ACL and put it into access map. Thats all. The deny part will be done on access map

  3. Anonymous
    April 8th, 2018

    can we use “?” in sim qns?

  4. mimikongag
    April 18th, 2018

    latest valid CCNP Exam questions

  5. ROB
    April 28th, 2018

    Hi my friends, i need your help

    How do you know that the server is and not
    where do they mention the server’s address or how do they reach that conclusion?

  6. Kongo_boy
    April 30th, 2018

    when i type a comand:
    “radius-server host key rad123”

    Warning: The CLI will be deprecated soon
    ‘radius-server host key rad123’
    Please move to ‘radius server ‘ CLI.
    Who knows what is it?

  7. Anonymous
    May 1st, 2018

    Hi, 28 April, Pass 8xx, some new cuestions, Lab LACP y AAA, HSRP. Thanks for all. CCNP Route next.

  8. Znet
    May 9th, 2018

    Hi fasfasf,

    the link is not accessible.

  9. dimsum
    May 17th, 2018

    VACL has an implicit deny all at the end anyways, what’s the point of this?

    DSW1(config)#vlan access-map MYACCMAP 20
    DSW1(config-access-map)#action drop (drop other networks)

    This is redundant and I’m wondering if you’ll loose points for something like that.

  10. Anonymous
    May 25th, 2018

    Hi every1. I just passed CCNP 300-115. On a GODLY grace: 798. passed. I cannot tell you to use my dump, For it was just a few Objectives that came out from it. Sim: AAA; LACP & STP; VTP V3.
    Pls choose your own dump. No dump is guarantee. Study and know it very well.

  11. NetworNinja
    May 28th, 2018


    For the command – “radius-server host key rad123”
    Cisco is now recommending using groups to define radius servers, should you have mutiple.

    aaa server group radius <>
    server <>

    aaa dot1x authentication default group <>

    Hope this helps =) Good Luck !

  12. Anonymous
    May 30th, 2018

    Hello Team !
    Thanks to God. I pass the exam just few minutes.
    All questions were from the dumps
    My email : coopersaphir @ gmail . com
    Contact me to get the dumps !
    Good luck Team

  13. caza00
    May 30th, 2018

    Can anyone explain to me why only fastEthernet 0/1 is activated to use 802.1x and fa0/2-3 are not?

    Thank you

  14. A_IP
    June 8th, 2018

    Hi All,
    Could you please comment on this question?
    Which three settings are part of a default LLDP configuration? (Choose three.)
    A. The LLDP hold time is 120 seconds.
    B. The LLDP global state is disabled.
    C. The LLDP reinitialisation delay is 5 seconds.
    D. The LLDP interface state is enabled.
    E. The LLDP timer is 60 seconds.
    Correct Answer: ABD
    I checked the documentation related to Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. on Cisco Catalyst 2960. Based on that the correct Answers are: A and D

  15. 2/3 CCNP
    June 8th, 2018

    Just passed with an 881. This SIM is still 100% accurate.

  16. Jo
    June 11th, 2018

    What Labs, Simlets, DND are actual in the exam? Which questions do you remember out of the exam?

  17. China
    June 13th, 2018

    @ A_IP

    I can confirm B is correct. Tested on a 2960, 3560, 4500-X, 3750 & 3750-X

  18. ccnp
    June 15th, 2018

    @ A_IP answer A, B and C

  19. Anonymous
    June 19th, 2018

    does anyone have diagram and question to the above sim?

  20. ron
    June 25th, 2018

    Got this sim in my exam…still valid…passed on 21st June…

  21. irrsjdas569
    June 27th, 2018

    GOOD LUCK everyone


  22. Dana
    July 1st, 2018

    Hi Guys,
    How can i practice this lab in my GNS3 or EVE-NG simulator??
    any idea?. i it very hard to config radius server in Win or linux


  23. Flesz
    July 7th, 2018

    @dana Yeah, it is difficult to practice it , just memorise the commands

  24. London
    July 12th, 2018

    @ron Thank you very much for your input. Much appreciated!!!

  25. Anonymous
    July 17th, 2018

    Dumps4free is the foremost and valid 300-115 Free Exam Questions Answers provider.

  26. Tarzan
    July 17th, 2018

    what about creating vlan 20 on both switches ???

  27. DAP
    July 23rd, 2018

    This may sound obvious but when we complete this in the exam do you have to run any commands to test it if so what ?

  28. Kush
    August 7th, 2018

    This LAB was in exam yesterday

  29. Anonymous
    August 11th, 2018

    Kush. Did it say “not to use named ACLs”

  30. @LF_
    August 13th, 2018

    To config:
    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#dot1x port-control auto

    at first I had to change interface from L2 to L3:

    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#no switchport

    I’m using a switch C3750 12.2 as lab.

  31. RED1
    August 16th, 2018

    hay everybody

    I passed today successfully
    I had the AAA Dot1X LAB
    it is okay this site is right

  32. RED1
    August 16th, 2018

    sorry, pay attention, I had the radius server ip address:
    in the same subnet as the vlan20

    You have to know that in F0/1 switch access interface, the clan 20 is affected as access:
    switchport access vlan 20
    spanning-tree portfast
    but it doesn’t change anything for the LAB
    Just do it like this site

  33. DMP Cisco
    August 17th, 2018



    Hi RED1,

    Congratulation for clearing the exam. I am little bit confuse for this configuration. different people are expressing their opinion in different way. if you dont mind, can i configure this LAB like above or I do like 2nd line. Please kindly advised me……………………

    ASW1(config)#radius-server host key rad123

    ASW1(config)#radius-server host key rad123

    so, which line is correct…………….

    DMP Cisco

  34. DMP Cisco
    August 17th, 2018

    Hi All,
    Please help me to find the below issue,

    ASW1(config)#radius-server host key rad123

    ASW1(config)#radius-server host key rad123

    How will i configure the host? can i follow the Curtprepare configuration or i do need to use 40.46 network address?

    Please i need an accurate guidance from you all.

    With regards
    DMP Cisco

  35. Pgun
    August 21st, 2018

    It depends on your test, radius server ip address is given in your question.

  36. DMP Cisco
    August 28th, 2018


  37. iceicebabe
    September 10th, 2018

    hello, anyone can help if the sim here are still valid? wish someone can answer me.

  38. Remlin
    October 15th, 2018

    arent this these config belongs in the exam?

    DSW1(config)#vlan access-map MYACCMAP 20
    DSW1(config-access-map)#action drop (drop other networks)

    or this is included?

  39. aaa
    October 18th, 2018

    in AAA Dot1X LAB how to know if it’s a name acl or number acl ?

  40. 123
    October 18th, 2018

    Hello, can someone share dumps or VCE from CCNP switching exam please. Thanks

  41. Anonymous
    October 25th, 2018

    hello guys those who recently passed, are the Labs still valid?

  42. Stanley
    November 5th, 2018

    For dumps you can contact me
    xoomtrack at gmail

    916Qs + Labs

  43. Krish
    November 8th, 2018

    I passed Exam.

    Labs are valid..

    Thank you Certprepare……

  44. Anonymous
    November 9th, 2018

    Hi , I passed the exam the labs are still valid..Thank You

  45. CCNPSoon
    November 9th, 2018

    I have been practicing labs with real equipment.
    X2 3750
    X2 2960

    All went well until I got to the interface config mode of:

    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#dot1x port-control auto (This command is not present on either device)

    I have seen some people say they had to put the interface in Layer 3 mode with a “no switchport” command. However, for me it was the opposite. I had to place either in access or trunk mode and then the command showed up as follows:

    (config-if)#authentication port-control auto
    (config-if)#authentication port-control auto

    So can anyone advise on the actual sim on the test? I am hoping I can remember both ways if needed.


  46. Fahad
    November 12th, 2018

    Hi friends,

    I need CCNP switching dumps,please help me,if anybody have dumps.
    Kindly send my mail id—fahadalabri9696-gmail-com

  47. Anonymous
    November 12th, 2018

    I want to buy the membership for certprepare.com
    But I am not able to pay, as its blocking the payment.
    Please Help

  48. Telccom
    November 12th, 2018

    copy link to your address bar: (remove spacs)
    goo . g l /FkMoqt

    GUARANTEED valid

    Just prepare our package and pass guarantee.

  49. Amoos
    November 13th, 2018

    Hey guys

    is there a site for ccnp security aquestions and dumps???

  50. JMA
    November 14th, 2018


    I’m taking the exam next monday and I was in the same situation.

    SW(config-if)# dot1x port-control auto <——OLD COMMAND
    SW(config-if)# authentication port-control auto <——NEW COMMAND

    The exam simulation is done to use the OLD COMMAND but you should use the tab to check it.


Comment pages
1 41 42 43 41
  1. No trackbacks yet.