ccie,java,安全,教程,文集,资料,工具书
t-based authentication. As soon as port 0/15 comes up, the switch will challenge the device hooked to it. If the authentication fails, no traffic will get through. If the authentication succeeds, traffic will be forwarded as normal. To set this up, we need to turn on AAA. We need to specify that we are doing dot1x authentication using a RADIUS server.
aaa new-model aaa authentication dot1x RESTRICT group radius
Instead of naming the method RESTRICT, you could simply use the default method. We then need to turn on the authentication on the correct port. The authentication can be done only on a Layer 3 port or on a static access port. In this case, we are not given a Layer 3 address, so we must tell the port that it is strictly an access port or we will get an error when we try to apply the authentication. Study Guide From
IT认证部落 CCIE-LAB
interface FastEthernet0/15 switchport mode access no ip address dot1x port-control auto
Finally, we need to specify the RADIUS server that the switch is going to use for the actual authentication. It states that we are using the default authentication ports for the RADIUS server, so there is no need to type those in.
CAT1(config)#radius-server host 140.4.55.5 key cisco
When you look at the final configuration for this command, you will notice that it did add the default ports into the command. It also automatically added a second line telling the switch to retry 3 times when trying to reach the RADIUS server.
radius-server host 140.4.55.5 auth-port 1812 acct-port 1813 key cisco radius-server retransmit 3
STEP 3 (2 points)
1. Using an extended named access list on CAT2, block all traffic from Ethernet Type 6000 on port 0/5. This is an obscure question. When most people hear "extended named access lists", they think IP. In this case, to filter Ethernet Type 6000 traffic, we need to use an Extended Named MAC Access List. We are going to create the access list in global config and apply it inbound to port 0/5. Don't forget that an Extended Named MAC Access List has an implicit deny at the end, just like all other access lists.
CAT2:
mac access-list extended BLOCK deny any any etype-6000
permit any any interface FastEthernet0/5 mac access-group BLOCK in
2.0 OSPF STEP 1 (2 points)
1. Configure the link between CK6 and CK8 with Clear Text Authentication using the password "ccie".
Study Guide From
IT认证部落 CCIE-LAB
We are going to authenticate only the serial link between CK6 and CK8, not area 68, using clear text authentication. This is done with two commands on each side of the serial interface. Nothing goes under the router process.
CK6:
interface Serial0 ip ospf authentication ip ospf
authentication-key ccie
CK8:
interface Serial0 ip ospf authentication ip ospf authentication-key ccie
STEP 2 (2 Points)
1. Setup area 100 t
,请把【付款记录详情】截图给客服,同时把您购买的文章【网址】发给客服。客服会在24小时内把文档发送给您。
