Monday, 21 February 2011

AAAdot1x Lab



  1) Configure ASW1
Enable AAA on the switch:
ASW1(config)#aaa new-model
The new-model keyword refers to the use of method lists, by which authentication methods and sources can be grouped or organized.
Define the server along with its secret shared password:
ASW1(config)#radius-server host 172.120.39.46 key rad123
ASW1(config)#aaa authentication dot1x default group radius
This command causes the RADIUS server defined on the switch to be used for 802.1x authentication.
Enable 802.1x on the switch:
ASW1(config)#dot1x system-auth-control
Configure Fa0/1 to use 802.1x:
ASW1(config)#interface fastEthernet 0/1
ASW1(config-if)#switchport mode access
ASW1(config-if)#switchport access Vlan 20
ASW1(config-if)#dot1x port-control auto
Notice that the word “auto” will force connected PC to authenticate through the 802.1x exchange.
ASW1(config-if)#exit

2) Configure DSW1:
Define an access-list:
DSW1(config)#ip access-list standard 10 (syntax: ip access-list {standard | extended} acl-name)
DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255
DSW1(config-ext-nacl)#exit
Define an access-map which uses the access-list above:
DSW1(config)#vlan access-map MYACCMAP 10 (syntax: vlan access-map map_name [0-65535] )
DSW1(config-access-map)#match ip address 10 (syntax: match ip address {acl_number | acl_name})
DSW1(config-access-map)#action forward
DSW1(config-access-map)#exit
DSW1(config)#vlan access-map MYACCMAP 20
DSW1(config-access-map)#action drop (drop other networks)
DSW1(config-access-map)#exit
Apply a vlan-map into a vlan:
DSW1(config)#vlan filter MYACCMAP vlan-list 20 (syntax: vlan filter mapname vlan-list list)


Posted by at 2 comments:

EIGRP-MLS LAB

                                         (Step-I)
mls# configure terminal
mls(config)# int gi0/1
mls(config-if)#no switchport
mls(config-if)# ip address 172.16.1.2 255.255.255.0 ( Here it is, dont assign 1.1 if you put it will show duplicate mac address found coz router interface was config with 1.1. This is the only pondering thing to rember)
mls(config-if)# no shutdown
mls(config-if)# exit
(Step-II)
mls(config)# int vlan 2
mls(config-if)# ip address 192.168.3.33 255.255.255.224
mls(config-if)# no shutdown
mls(config-if)# int vlan 3
mls(config-if)# ip address 192.168.3.65 255.255.255.224
mls(config-if)# no shutdown
mls(config-if)#exit 
(Step-III) 
mls(config)# ip routing
mls(config)# router eigrp 65010
mls(config-router)# network 172.16.1.0 0.0.0.255
mls(config-router)# network 192.168.3.32 0.0.0.31
mls(config-router)# network 192.168.3.64 0.0.0.31
Posted by at No comments:

LACP LAB

SWITCH A
(Step-I) Use the command
“show vlan” on switch-A (connected to router)
you will see… Vlan 99—>name NativeTrunking
Vlan 98—->name Parking
(Step-II)… Create vlan 21,22,23 & its name as follow.
SwitchA(config)#vlan 21
SwitchA(config-vlan)#name Marketing
SwitchA(config)#vlan 22
SwitchA(Config-vlan)#name Sales
SwitchA(config)#vlan 23
SwitchA(config-vlan)#name Engineering
(Step-III)
Switch A(config)#int range fa0/3-4
switchA(config-int-range)#shutdown—-> (In the exam it’s already shutdown)
switchA(config-int-range)#no switchport access vlan 98….(*Imp Step)
SwitchA(config-int-range)#switchport trunk encapsulation dot1q—–>( already Config)
SwitchA(config-int-range)#switchport mode trunk
SwitchA(config-int-range)#switchport trunk native vlan 99
SwitchA(config-int-range)#switchport trunk allowed vlan 1,11-13,21-23
SwitchA(config-int-range)#channel-protocol lacp
SwitchA(config-int-range)#channel-group 1 mode active
SwitchA(config-int-range)#exit
SWITCHA(CONFIG)#SPANNING-TREE VLAN 1,11-13,21-23,98-99 ROOT PRIMARY
————————————————————————————————————
SWITCH B
(Step-I)
SwitchB(config)#spanning-tree rapid-pvst
SwitchB(config)#vtp mode transparent
(Step-II)
SwitchB(config)#ip default-gateway 192.168.1.10 (didnt ask in Question but safe side i just configured it)
Create Vlans on switch-B
SwitchB(config)#vlan 21
SwitchB(config-vlan)#name Marketing
SwitchB(config)#vlan 22
SwitchB(Config-vlan)#name Sales
SwitchB(config)#vlan 23
SwitchB(config-vlan)#name Engineering
switchB(Config)#vlan 99
switchB(CONFIG)#name TrunkNative—–>( same as on switch-A)
switchB(Config)#vlan 98
switchB(CONFIG)#name Parking—–>( same as on switch-A)
SwitchB(config)#exit
(Step-III)
SwitchB(config)#int range fa 0/9 – 10
SwitchB(config)#no shutdown
SwitchB(config-int-range)#switchport mode access
SwitchB(config-int-range)#switchport access vlan 21
SwitchB(config-int-range)# spanning-tree portfast
SwitchB(config)#int range fa 0/13 – 14
SwitchB(config)#no shutdown
SwitchB(config-int-range)#switchport mode access
SwitchB(config-int-range)#switchport access vlan 22
SwitchB(config-int-range)# spanning-tree portfast
SwitchB(config)#int range fa 0/15 – 16
SwitchB(config)#no shutdown
SwitchB(config-int-range)#switchport mode access
SwitchB(config-int-range)#switchport access vlan 23
SwitchB(config-int-range)# spanning-tree portfast
SwitchB(config)#int range fa0/3-4
SwitchB(config)#shutdown (In the exam its already shutdown)
SwitchB(config-int-range)#switchport trunk encapsulation dot1q
SwitchB(config-int-range)#switchport mode trunk
SwitchA(config-int-range)#switchport trunk native vlan 99
SwitchB(config-int-range)#switchport trunk allowed vlan 1,11-13,21-23
SwitchB(config-int-range)#channel-protocol lacp
SwitchB(config-int-range)#channel-group 1 mode passive
SwitchB(config-int-range)#exit
(Step-IV). The below step is already Configured..no need to give it.” Show ip int brief” n check vlan 1 is UP & configured with ip address.
SwitchB(config)#int vlan 1
SwitchB(config)#ip address 192.168.1.11 255.255.255.0
SwitchB(config)#no shutdown
(Step-V)…(**Imp Step)
Thats all wid the configuration… The Port-channel will be automatically created.. just go under port-channel int & give “NO SHUT” command on both Switch A&B.. at next second..
The interfaces fa0/3-4 will be UP( No need to give “No shut” cmd Under fa0/3-4 interfaces )
SwitchA(config)#int port-channel 1
SwitchA(config-int-range)#no shutdown
SwitchA(config-int-range)#exit
SwitchB(config)#int port-channel 1
SwitchB(config-int-range))#no shutdown
SwitchB(config-int-range)#exit
compare the both output from above command the native vlan 99 will be same in both switchs Ping from switch-B to ROUTER by 192.168.1.10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Notes**
Its bit confusing at starting of this lab.. when u read the scenario. But keep Patience take ur time.. copy down all u r steps on the note pad..
Posted by at No comments:
Subscribe to: Comments (Atom)