H12-891_V1.0 Exam Dumps : HCIE-Datacom V1.0

In BGP EVPN configuration forVXLAN-based networks, Huawei uses the command:

[bgp] advertise l2vpn evpn

This command enables the BGP process toadvertise routes from a VPN instance into the EVPN (L2VPN) address family, which is used for VXLAN control-plane operations like MAC/IP advertisement.

Option A (advertise irbvfi)— invalid command.

Option B (advertise vpnv4)— used for MPLS VPNs, not EVPN.

Option C (advertise irb)— not a recognized Huawei command.

Option Dis the correct and officially used command.

Correct answer: D. advertise l2vpn evpn

The free mobility solution in Huawei iMaster NCE-Campus allows:

Centralized policy management via the controller

Security group-based policies, decoupled from IPs/VLANs

Automatic policy delivery, no need to configure repeatedly per device

Dynamic mapping of users and IPs via security group subscriptions

Exact Extract - Huawei iMaster NCE-Campus Solution White Paper:

“Free mobility uses security groups and centralized control to enable consistent policy enforcement, avoiding repetitive configurations and simplifying policy management.”

A screenshot of a computer AI-generated content may be incorrect.

IPsec (Internet Protocol Security) provides secure communication over IP networks through several essential functions. Let’s explain each function and its purpose:

1. Data Origin Authentication:

Description:The receiver verifies the identity of the sender.

This function ensures that the data received actually comes from the claimed source.

IPsec achieves this usingIKE (Internet Key Exchange)anddigital signatures.

TheAuthentication Header (AH)andEncapsulating Security Payload (ESP)support authentication.

Use Case:Verifying that a message claiming to be from a specific IP address is genuinely from that source.

2. Data Encryption:

Description:The sender encrypts the data, and the receiver decrypts the data.

Encryption ensuresdata confidentialityby transforming readable data (plaintext) into unreadable data (ciphertext).

Only the intended receiver with the correct decryption key can convert the ciphertext back to plaintext.

Common encryption algorithms used includeAES (Advanced Encryption Standard)andDES (Data Encryption Standard).

Use Case:Protecting sensitive data transferred over public networks.

3. Data Integrity:

Description:The receiver verifies received data to determine whether the data has been tampered with.

Ensures that the data was not altered during transmission.

Uses cryptographichash functions(e.g.,SHA-1, SHA-256) to generate amessage digest.

The digest is sent with the data and verified on the receiving side.

Use Case:Detecting any changes made to the data packet during transmission.

4. Anti-Replay:

Description:The receiver rejects duplicate data packets.

Prevents attackers from capturing packets and replaying them later.

Usessequence numbersto detect replayed or duplicated packets.

The receiver keeps asliding windowof sequence numbers to compare incoming packets.

Use Case:Blocking malicious actors from sending previously intercepted packets to disrupt communication.

Why This Mapping Is Correct:

The functions and descriptions are aligned based on the core concepts of IPsec and the roles they play in ensuring secure data transmission.

Each function addresses a specific aspect of security:authentication, confidentiality, integrity, and replay protection.