Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

October 3rd, 2018 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Note: In fact, there is an implicit “deny all” command at the end of each VLAN access-map so we don’t need to deny other networks. Therefore there is no problem if you don’t enter the “vlan access-map MYACCMAP 20” above.

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 44 45 46 41
  1. @2$
    July 31st, 2019

    so any updates on which dumps better ?

  2. IP HELPER
    August 1st, 2019

    For valid July 2019 dump, contact me: cisco4career @ gmail . com

  3. Anonymous
    August 10th, 2019

    Hi IP Helper, Pls email me July 2019 dump on syedmr4 at yahoo.co.uk

  4. Scofield
    August 14th, 2019

    Hi IP Helper, Pls email me valid July 2019 with vce file at mikescofield791ATgmail.com

  5. yugoos
    August 15th, 2019

    hi IP Helper, please email me July 2019 dump on yugoosATgmail.com
    thanx, yuri

  6. Roger
    September 8th, 2019

    Hi Everyone,

    This is for clarification, I saw many of you are confused by using 40. or 39.

    So here is a simple explanation:

    First it will depend upon the question in the exam, if it says host host 172.120.40.46, then use 40.
    and if it says host host 172.120.39.46, then use 39.

    Now some of you use it only at the beginning with:
    radius-server host 172.120.39.46 key rad123 , and then use permit 172.120.40.0 0.0.0.255 , only because it was written in the ANSWER cheat like this .

    SO if you were one of the people who got host (172.120.39.46): then your answer at radius and permit lines will be this:

    radius-server host 172.120.39.46 key rad123
    permit 172.120.39.0 0.0.0.255

    and if you were one of the lucky ones and get 40,then do as the answer cheat and put (40) for both lines:

    radius-server host 172.120.40.46 key rad123
    permit 172.120.40.0 0.0.0.255

    AND after all you have passed your CCNA, so a knowledge like different network/subnet must be clear to you. and don’t ever take any answer as a guaranteed one, do your own research if you were confused.

    HOPE THIS HAS BEEN HELPFUL TO YOU, AND BEST OF LUCK :)

  7. Fabdot
    September 8th, 2019

    Hi, IPHELPER please email me july 2019 dumps at fabio.dit AT inwind.it

Comment pages
1 44 45 46 41
  1. No trackbacks yet.