Home > AAAdot1x Lab Sim

AAAdot1x Lab Sim

October 3rd, 2018 in Lab Sim, LabSim Go to comments

Question

Answer and Explanation

 

1) Configure ASW1

Enable AAA on the switch:
ASW1(config)#
aaa new-model

The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.

Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.

Globally enable port-based authentication (802.1x) on a switch:
ASW1(config)#dot1x system-auth-control

Configure Fa0/1 to use 802.1x:

ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.

2) Configure DSW1:

Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-std-nacl)#exit

Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit

DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit

Note: In fact, there is an implicit “deny all” command at the end of each VLAN access-map so we don’t need to deny other networks. Therefore there is no problem if you don’t enter the “vlan access-map MYACCMAP 20” above.

Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)

DSW1#copy running-config startup-config

(Notice: Many reports said the copy running-config startup-config didn’t work but they still got the full mark)

Note: If the requirement of this sim states that “not to use named ACLs” then you should configure number ACL instead:

DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

Other lab-sims in this site:

LACP with STP Sim
MLS and EIGRP Sim
VTP Lab 2
VTP Lab
Spanning Tree Lab Sim

Comments
Comment pages
1 43 44 45 41
  1. Anonymous
    April 1st, 2019

    @Neil and Osya kindly please forward valid 300-115 switching dump, i had an invalid dump it cost me money R4021 and a low score of 480. tebogoleshaba900atgmaildotcom, CCNA expires on 25 April

  2. mostafa
    April 9th, 2019

    Hi Neil,

    Kindly share CCNP SWITCH 300-115 dump premium file to (( mosty2562002 @ gmail . com )). I have my exam next week. Thanks

  3. mostafa
    April 9th, 2019

    Hi Osya,

    Kindly share CCNP SWITCH 300-115 dump premium file to (( mosty2562002 @ gmail . com )). I have my exam next week. Thanks

  4. Yeah
    April 9th, 2019

    Why was it 172.120.39.46 instead of 172.120.40.46?

  5. Vitynejo
    April 9th, 2019

    Pass on 09th April with 914 score. My lab is HRSP, VTP and AAA dot1q (not permit named ACLs in my lab). Few new question (6 of 47)

    Dump valid IPHelper. Thanks certprepare!

  6. Need Help
    April 11th, 2019

    OK I am really confused on the AAA lab. I took the test on 4/9/19 and failed because of the AAA lab. My lab said NO NAME ACCESS-LIST. So we can’t use “DSW1(config)# ip access-list standard 10” Also I don’t remember if the radius server address was 172.120.39.46 or 172.120.40.46 on the test. If I can’t use a name access-list then configuration listed above is NOT correct. Any help would be great, my cert expires in 7 days.

  7. Need Help
    April 11th, 2019

    OK this will work for the AAA SIM question and NOT using a named ACL. ip access-list standard {acl-name | acl-num} so ip access-list standard 10 is correct. Next, why are they changing the radius host address from the instruction? Am I missing a simple reason? The instruction says – Radius server host: 172.120.40.46 but in the configs we are showing radius-server host 172.120.39.46 key rad123.
    Thanks in advance

  8. zd
    April 19th, 2019

    Hi everyone,

    Please, if you can send valid 300-115 dumps (({email not allowed}))

  9. zd
    April 19th, 2019

    Hi everyone,

    Please, if you can send valid 300-115 dumps to (( zdarsadze @ gmail . com ))

  10. Need Help
    April 19th, 2019

    WOW this place is dead.. Anyway passed this week. AAA Lab, HSRP Lap questions, alot of SPAN, couple of drag and drops.

    Good luck everyone.

  11. Anonymous
    April 22nd, 2019

    I think that both of below conf are correct:

    DSW1(config)#ip access-list standard 10 ——- {No ACL here not named one}
    DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255
    DSW1(config-std-nacl)#exit
    or
    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

    also, Did you made the configuration at all interfaces F 0/1, F 0/2, F 0/3 or just F 0/1

  12. Anonymous
    April 22nd, 2019

    This sim is Valid. I sat for 300-115 Today and there are many questions that are covered by Certprepare.com

  13. fadi
    April 23rd, 2019

    Dear can any one send me full configuration of aaa lab with no acl name

  14. XXX
    April 26th, 2019

    This is correct:

    1) Configure ASW1

    ASW1(config)#aaa new-model
    ASW1(config)#radius-server host 172.120.39.46 key rad123
    ASW1(config)#aaa authentication dot1x default group radius
    ASW1(config)#dot1x system-auth-control

    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#switchport mode access
    ASW1(config-if)#switchport access vlan 20
    ASW1(config-if)#dot1x port-control auto

    2) Configure DSW1:

    DSW1(config)#ip access-list 10 permit 172.120.40.0 0.0.0.255

    DSW1(config)#vlan access-map ccnp 10
    DSW1(config-access-map)#match ip address 10
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit

    DSW1(config)#vlan access-map ccnp 20
    DSW1(config-access-map)#action drop
    DSW1(config-access-map)#exit

    DSW1(config)#vlan filter ccnp vlan-list 20

    DSW1#copy running-config startup-config

  15. XXX
    April 26th, 2019

    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255 (Not with ip)

  16. share please
    April 28th, 2019

    Hi Anyone who has
    Could you share link to dl 300-115_IPHelper_March_2019
    or email to ai m 4 sk ie s @ h otm ail . co m

  17. Sushi
    April 28th, 2019

    @Neil
    Hi Neil,
    Would you please share the dump with me please? (soroushkahn2001 @ gmail . com)
    Thank you so much!

  18. thatNZgirl
    April 30th, 2019

    Can anyone tell me where can i practise the LABs? My exam is literally in 2 days:(
    Any help would be appreciated :)

  19. DC
    May 1st, 2019

    Valid 1st of may 2019

  20. Bazraman
    May 5th, 2019

    Who is the Radius server as I don’t see any config for that
    Is DSW1 acting as the server something else.

  21. MikeTheMan
    May 11th, 2019

    This is correct:

    1) Configure ASW1

    ASW1(config)#aaa new-model
    ASW1(config)#radius-server host 172.120.39.46 key rad123
    ASW1(config)#aaa authentication dot1x default group radius
    ASW1(config)#dot1x system-auth-control

    ASW1(config)#interface fastEthernet 0/1
    ASW1(config-if)#switchport mode access
    ASW1(config-if)#switchport access vlan 20
    ASW1(config-if)#dot1x port-control auto

    2) Configure DSW1:

    DSW1(config)#access-list 10 permit 172.120.40.0 0.0.0.255

    DSW1(config)#vlan access-map ccnp 10
    DSW1(config-access-map)#match ip address 10
    DSW1(config-access-map)#action forward
    DSW1(config-access-map)#exit

    DSW1(config)#vlan access-map ccnp 20
    DSW1(config-access-map)#action drop
    DSW1(config-access-map)#exit

    DSW1(config)#vlan filter ccnp vlan-list 20

    DSW1#copy running-config startup-config

  22. Osya
    May 16th, 2019

    Updated IPhelper May 2019. Contact me at: cisco4career(at)gmail(dot)com

  23. Anonymous
    May 18th, 2019

    Valid Sim. Had this on my Exam Today. I passed Switch, now on to Route!

  24. Tom
    May 21st, 2019

    yes, i had this Sim today…. but i fail with 759 score….

    They are some new Questions….I need a valid DUMP ;-)
    My next Exam is 25 of May.

  25. Sky
    May 21st, 2019

    @Tom, dont you have to wait for five days?
    Which dumps did you use?
    I have 143q premium from exam collection. Not sure if it is still valid.

  26. NIC
    May 23rd, 2019

    I passed it today! Thank you certprepare. I found like 6 questions that there are not on here.

  27. Anonymous
    May 23rd, 2019

    @NIC which dumps did you use. Can i have it? I’m due for the exam in 8 days
    chukystar4sure(at)yahoo(dot)com

  28. Anonymous
    May 23rd, 2019

    Some should please assist me with a current dumps. I’m due for Switch exam in 8 days
    chukystar4sure(at)yahoo(dot)com
    Thanks

  29. NIC
    May 24th, 2019

    Email me: networkdummies(at)gmail(dot)com

  30. Matt
    May 30th, 2019

    HI All

    Why are we changing the server IP from 172.120.40.46 to 172.120.39.46???
    anyone has an answer please

  31. Sky
    May 31st, 2019

    @Matt
    172.120.40.0 is the network address that must be used in acl, 172.120.39.46 is the IP address of the radius server.

  32. lislabo
    June 8th, 2019

    Hi, can you kindly share CCNP SWITCH 300-115 dump premium file to (( lislaboo@gmail . com ))
    Thank You.

  33. Anonymous
    June 12th, 2019

    Can anyone explain why I have to enable 802.1x globally, and then on the port?
    Couldnt you just enable it on the port and be done with it?

  34. Anonymous
    June 13th, 2019

    @anon System authentication is disabled by default. If this command is disabled, all ports behave as if they are force authorized. You must globally enable auth control for port auth to even exist.

  35. Anonymous
    June 16th, 2019

    XXX and MikeTheMan

    can you explain the relevance of *ASW1(config-if)#switchport access vlan 20*

  36. Henry
    June 17th, 2019

    Why should we use VACL ?
    VACL controls access within the same vlan.
    The lab mentions two different vlans oO

  37. Anonymous
    June 18th, 2019

    Sky can you please share you ccnp switching dump to me at

    itmann (at)outlook(DOT)com

  38. Need help AAA
    July 2nd, 2019

    How to identify (which sentence/line from AAA Question) if the lab is asking named or no name access-list to be configured. Please, answer my exam is on 3rd July afternoon

    if lab said NO NAME ACCESS-LIST (how to know from Question). So we can’t use “DSW1(config)# ip access-list standard 10”

  39. Anonymous
    July 3rd, 2019

    Hi, can you kindly share CCNP SWITCH 300-115 dump premium file to ((fcb.riga.ryota@gmail . com ))
    I have exams next week
    Thank You.

  40. Bmore
    July 6th, 2019

    Took the switch exam twice in the past two weeks and scored 719 & 723 respectively. First exam had half dozen drag and drops that were completely unfamiliar. Almost all question were the variety of “choose two” and even “choose three” in which most were completely baffling. The second exam had no drag and drops at all and with the same scheme of questions that came out of left field. Not feeling very confident for a third try.

  41. TACCACS+
    July 7th, 2019

    hi To people that had dot1x LAB in the exam and pass please answer:
    which ip address have you used?
    172.120.39.46 OR 172.120.39.46
    PLEASE REPLY

  42. TACCACS+
    July 7th, 2019

    hi To people that had dot1x LAB in the exam and pass please answer:
    which ip address have you used?
    172.120.39.46 OR 172.120.40.46
    PLEASE REPLY

  43. Anonymous
    July 8th, 2019

    Kindly share CCNP SWITCH 300-115 dump premium file to (( {email not allowed} )). I have my exam . Thanks

  44. Anonymous
    July 8th, 2019

    can someone post the question I can’t see it

  45. TACCACS+
    July 9th, 2019

    Pass My 300-115 today. 44 questions in total one lab. pass with 906

  46. PINGPONG
    July 10th, 2019

    CCNA EXPIRED 10 AUG I NEED 300-115 EXAM PLEASE SEND ME MAIL mr.emre.aktan at gmail com

  47. IP HELPER
    July 17th, 2019

    who wants updated dump in july 2019, kindly email me for sharing: cisco4career @ gmail . com

  48. s45
    July 20th, 2019

    please send to the thast Dump MKM963 at outlook . com

  49. Anonymous
    July 23rd, 2019

    I fail today.

    I have braindumps 143q dump and all question new.

    Please, share dump valid with me: albcombo @ gmail . com

    Thanks.

Comment pages
1 43 44 45 41
  1. No trackbacks yet.