Specifications

Ensurepass.com Easy Test! Easy Pass!

Download the complete collection of Exam's Real Q&As www.ensurepass.com

 Authentication is to be done via a Radius server:

 Radius server host: 172.120.39.46

 Radius key: rad123

 Authentication should be implemented as close to the host device possible.

 Devices on VLAN 20 are restricted to in the address range of 172.120.40.0/24.

 Packets from devices in the address range of 172.120.40.0/24 should be passed on VLAN 20.

 Packets from devices in any other address range should be dropped on VLAN 20.

 Filtering should be implemented as close to the server farm as possible.

The Radius server and application servers will be installed at a future date. You have been tasked

with implementing the above access control as a pre-condition to installing the servers.

You must use the available IOS switch features.

Correct Answer:

Step1: Console to ASW1 from PC console 1

ASW1(config)# aaa new-model

ASW1(config)# radius-server host 172.120.39.46 key rad123

ASW1(config)# aaa authentication dot1x default group radius

ASW1(config)# dot1x system-auth-control

ASW1(config)# int fastEthernet 0/1

ASW1(config-if)# switchport mode access

ASW1(config-if)# dot1x port-control auto

ASW1(config-if)# end

ASW1# copy running-config startup-config

Step2: Console to DSW1 from PC console 2

DSW1(config)# ip access-list standard 10

DSW1(config-ext-nacl)# permit 172.120.40.0 0.0.0.255

DSW1(config-ext-nacl)# exit

DSW1(config)# vlan access-map PASS 10

DSW1(config-access-map)# match ip address 10

DSW1(config-access-map)# action forward

DSW1(config-access-map)# exit

DSW1(config)# vlan access-map PASS 20

DSW1(config-access-map)# action drop

DSW1(config-access-map)# exit

DSW1(config)# vlan filter PASS vlan-list 20

DSW1(config)# exit

DSW1# copy running-config startup-config

QUESTION 140

Acme is small export company that has an existing enterprise network comprised of 5 switches;