Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

March 3rd, 2017 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 41 42 43 41
  1. STUDENT
    April 2nd, 2018

    i need ao add to the access list deny any any ?

  2. Confuse guy
    April 4th, 2018

    Hello, do we have any command to verify post configuration?

    @STUDENT, no need. We only permit the subnet we wanted into the ACL and put it into access map. Thats all. The deny part will be done on access map

  3. Anonymous
    April 8th, 2018

    can we use “?” in sim qns?

  4. mimikongag
    April 18th, 2018

    latest valid CCNP Exam questions
    dumps
    pro
    dot
    com

  5. ROB
    April 28th, 2018

    Hi my friends, i need your help

    How do you know that the server is 172.120.39.46 and not 172.120.40.46?
    where do they mention the server’s address or how do they reach that conclusion?

  6. Kongo_boy
    April 30th, 2018

    when i type a comand:
    “radius-server host 172.120.40.46 key rad123”

    Warning: The CLI will be deprecated soon
    ‘radius-server host 172.120.40.46 key rad123’
    Please move to ‘radius server ‘ CLI.
    Who knows what is it?

  7. Anonymous
    May 1st, 2018

    Hi, 28 April, Pass 8xx, some new cuestions, Lab LACP y AAA, HSRP. Thanks for all. CCNP Route next.

  8. Znet
    May 9th, 2018

    Hi fasfasf,

    the link is not accessible.

  9. dimsum
    May 17th, 2018

    VACL has an implicit deny all at the end anyways, what’s the point of this?

    DSW1(config)#vlan access-map MYACCMAP 20
    DSW1(config-access-map)#action drop (drop other networks)
    DSW1(config-access-map)#exit

    This is redundant and I’m wondering if you’ll loose points for something like that.

  10. Anonymous
    May 25th, 2018

    Hi every1. I just passed CCNP 300-115. On a GODLY grace: 798. passed. I cannot tell you to use my dump, For it was just a few Objectives that came out from it. Sim: AAA; LACP & STP; VTP V3.
    Pls choose your own dump. No dump is guarantee. Study and know it very well.

  11. NetworNinja
    May 28th, 2018

    @Kongo_boy

    For the command – “radius-server host 172.120.40.46 key rad123”
    Cisco is now recommending using groups to define radius servers, should you have mutiple.

    aaa server group radius <>
    server <>

    aaa dot1x authentication default group <>

    Hope this helps =) Good Luck !

  12. Anonymous
    May 30th, 2018

    Hello Team !
    Thanks to God. I pass the exam just few minutes.
    All questions were from the dumps
    My email : coopersaphir @ gmail . com
    Contact me to get the dumps !
    Good luck Team

  13. caza00
    May 30th, 2018

    Can anyone explain to me why only fastEthernet 0/1 is activated to use 802.1x and fa0/2-3 are not?

    Thank you

  14. A_IP
    June 8th, 2018

    Hi All,
    Could you please comment on this question?
    Which three settings are part of a default LLDP configuration? (Choose three.)
    A. The LLDP hold time is 120 seconds.
    B. The LLDP global state is disabled.
    C. The LLDP reinitialisation delay is 5 seconds.
    D. The LLDP interface state is enabled.
    E. The LLDP timer is 60 seconds.
    Correct Answer: ABD
    I checked the documentation related to Cisco IOS Configuration Fundamentals Command Reference, Release 12.2. on Cisco Catalyst 2960. Based on that the correct Answers are: A and D

  15. 2/3 CCNP
    June 8th, 2018

    Just passed with an 881. This SIM is still 100% accurate.

  16. Jo
    June 11th, 2018

    What Labs, Simlets, DND are actual in the exam? Which questions do you remember out of the exam?

  17. China
    June 13th, 2018

    @ A_IP

    I can confirm B is correct. Tested on a 2960, 3560, 4500-X, 3750 & 3750-X

  18. ccnp
    June 15th, 2018

    @ A_IP answer A, B and C

  19. Anonymous
    June 19th, 2018

    does anyone have diagram and question to the above sim?

  20. ron
    June 25th, 2018

    Got this sim in my exam…still valid…passed on 21st June…

  21. irrsjdas569
    June 27th, 2018

    UPDATED
    REAL DUMPS
    GUARANTEED 100% VALID PASSING MATERIA
    GOOD LUCK everyone

    dumps
    pro
    dot
    com

  22. Dana
    July 1st, 2018

    Hi Guys,
    How can i practice this lab in my GNS3 or EVE-NG simulator??
    any idea?. i it very hard to config radius server in Win or linux

    thx

  23. Flesz
    July 7th, 2018

    @dana Yeah, it is difficult to practice it , just memorise the commands

  24. London
    July 12th, 2018

    @ron Thank you very much for your input. Much appreciated!!!

  25. Anonymous
    July 17th, 2018

    Dumps4free is the foremost and valid 300-115 Free Exam Questions Answers provider.

  26. Tarzan
    July 17th, 2018

    what about creating vlan 20 on both switches ???

  27. DAP
    July 23rd, 2018

    This may sound obvious but when we complete this in the exam do you have to run any commands to test it if so what ?

  28. Kush
    August 7th, 2018

    This LAB was in exam yesterday

  29. Anonymous
    August 11th, 2018

    Kush. Did it say “not to use named ACLs”

  30. @LF_
    August 13th, 2018

    To config:
    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#dot1x port-control auto

    at first I had to change interface from L2 to L3:

    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#no switchport

    I’m using a switch C3750 12.2 as lab.

  31. RED1
    August 16th, 2018

    hay everybody

    I passed today successfully
    I had the AAA Dot1X LAB
    it is okay this site is right

  32. RED1
    August 16th, 2018

    Yes
    sorry, pay attention, I had the radius server ip address: 172.120.40.46
    in the same subnet as the vlan20

    You have to know that in F0/1 switch access interface, the clan 20 is affected as access:
    switchport access vlan 20
    spanning-tree portfast
    but it doesn’t change anything for the LAB
    Just do it like this site

  33. DMP Cisco
    August 17th, 2018

    @RED1

    AAAdot1x

    Hi RED1,

    Congratulation for clearing the exam. I am little bit confuse for this configuration. different people are expressing their opinion in different way. if you dont mind, can i configure this LAB like above or I do like 2nd line. Please kindly advised me……………………

    ASW1(config)#radius-server host 172.120.39.46 key rad123

    or
    ASW1(config)#radius-server host 172.120.40.46 key rad123

    so, which line is correct…………….

    Regards,
    DMP Cisco

  34. DMP Cisco
    August 17th, 2018

    Hi All,
    Please help me to find the below issue,

    ASW1(config)#radius-server host 172.120.39.46 key rad123

    or
    ASW1(config)#radius-server host 172.120.40.46 key rad123

    How will i configure the host? can i follow the Curtprepare configuration or i do need to use 40.46 network address?

    Please i need an accurate guidance from you all.

    With regards
    DMP Cisco

  35. Pgun
    August 21st, 2018

    It depends on your test, radius server ip address is given in your question.

  36. DMP Cisco
    August 28th, 2018

    @Pgun
    Thanks

  37. iceicebabe
    September 10th, 2018

    hello, anyone can help if the sim here are still valid? wish someone can answer me.

Comment pages
1 41 42 43 41
  1. No trackbacks yet.