This page was exported from Free Cisco Training & Resources - Certification Exam Preparation [ https://www.ciscobibles.com ] Export date:Fri Mar 29 13:01:01 2024 / +0000 GMT ___________________________________________________ Title: CCNP BCMSN(642-812) Lab - AAA dot1x(New) --------------------------------------------------- Acme is a small shipping company that has an existing enterprise network comprised of 2 switches;DSW1 and ASW2. The topology diagram indicates their layer 2 mapping. VLAN 40 is a new VLAN that will be used to provide the shipping personnel access to the server. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner: - Users connecting to ASW1's port must be authenticate before they are given access to the network. Authentication is to be done via a Radius server: - Radius server host: 172.120.39.46 - Radius key: rad123 - Authentication should be implemented as close to the host device possible. - Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24. - Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20. - Packets from devices in any other address range should be dropped on VLAN 20. - Filtering should be implemented as close to the server farm as possible. The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features. The configuration: Step1: Console to ASW1 from PC console 1 ASW1(config)#aaa new-model ASW1(config)#radius-server host 172.120.39.46 key rad123 ASW1(config)#aaa authentication dot1x default group radius ASW1(config)#dot1x system-auth-control ASW1(config)#inter fastEthernet 0/1 ASW1(config-if)#swithcport mode access ASW1(config-if)#dot1x port-control auto ASW1(config-if)#exit ASW1#copy run start Step2: Console to DSW1 from PC console 2 DSW1(config)#ip access-list standard 10 DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255 DSW1(config-ext-nacl)#exit DSW1(config)#vlan access-map PASS 10 DSW1(config-access-map)#match ip address 10 DSW1(config-access-map)#action forward DSW1(config-access-map)#exit DSW1(config)#vlan access-map PASS 20 DSW1(config-access-map)#action drop DSW1(config-access-map)#exit DSW1(config)#vlan filter PASS vlan-list 20 DSW1#copy run start … That is all, hope to helpful for you. Best Luck for ur BCMSN 642-812 Exam. If you need the complete pass4sure test questions for 642-812 Exam, you can visit Latest Pass4sure 642-812,maye it helpful for ur exam! --------------------------------------------------- Images: http://www.ciscobibles.com/wp-content/uploads/2009/04/clip-image002-thumb.jpg --------------------------------------------------- --------------------------------------------------- Post date: 2009-04-11 16:17:24 Post date GMT: 2009-04-11 08:17:24 Post modified date: 2009-05-20 09:33:04 Post modified date GMT: 2009-05-20 01:33:04 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com