H12-891_V1.0 Exam Dumps : HCIE-Datacom V1.0

To automatically enable MPLS on an interface inSR-MPLS:

Segment routing must be enabled globallyin thesystem view→✅

Segment routing must also be enabled under the IGP process, andIGP (OSPF or IS-IS) must be enabled on the interface→✅

Clarifications:

SRGB (Segment Routing Global Block)configuration defines SID ranges butdoes not trigger MPLS enablement→❌

Static adjacency labelsare advanced options and do not auto-enable MPLS →❌

Correct answers: B, D

The command port-isolate enable is used on Huawei switches to completely isolate traffic at both Layer 2 and Layer 3 between different interfaces within the same VLAN. This isolation prevents any communication between isolated ports—even if they belong to the same subnet or VLAN—making it a critical security feature in multi-tenant environments.

Usage Context:

Often used in shared service or hotel network scenarios.

Can be applied in access port configurations.

Does not require additional VLAN creation or private VLAN features.

Huawei Datacom Reference:

"To completely isolate Layer 2 and Layer 3 communication between interfaces in the same VLAN, run the port-isolate enable command under the interface view."

(Source: HCIE-Datacom Study Guide V3.0 – Chapter: VLAN & Security Technologies, Section: Port Isolation)

Huawei IPsec supports multiple modes for establishing Security Associations (SAs):

A. Template negotiation — Used in IPsec policy templates and dynamic VPNs.

B. IKE auto-negotiation mode — Automatically negotiates parameters via IKE Phase 1/2.

C. Certificate negotiation — IPsec peers can authenticate each other using certificates during IKE negotiation.

D. Manual mode — Static IPsec SAs can be manually configured without IKE, often used in simple or static topologies.

Exact Extract - Huawei Security Configuration Guide (USG Series):

“IPsec SAs can be established manually or dynamically through IKE, including using PSKs or certificates. Template-based approaches simplify large-scale deployment.”