Dot1x Configuration Flashcards
- ASW1 - How do you enable AAA on a switch?
ASW1(config)# aaa new-model
- ASW1 - How do you define a radius server along with its secret shared password?
ASW1(config)# radius-server host 172.120.39.46 key rad123
- ASW1 - How do you cause the RADIUS server defined on the switch to be used for 802.1x authentication?
ASW1(config)# aaa authentication dot1x default group radius
- ASW1 - How do you enable 802.1x on a switch?
ASW1(config)# dot1x system-auth-control
- ASW1 - How do you configure Fa0/1 to use 802.1x?
ASW1(config-if)# switchport mode access
ASW1(config-if)# dot1x port-control auto
**Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.
- DSW1 - How do you define an access-list?
DSW1(config)# ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-ext-nacl)# permit 172.120.40.0 0.0.0.255
- DSW1 - How do you define an access-map which uses the access-list above?
DSW1(config)# vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)# match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)# action forward
DSW1(config-access-map)# exit
DSW1(config)# vlan access-map MYACCMAP 20
DSW1(config-access-map)# action drop (drop other networks)
DSW1(config-access-map)# exit
- DSW1 - How do you apply a vlan-map into a vlan?
DSW1(config)# vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)
DSW1# copy running-config startup-config
