H12-891_V1.0 Exam Dumps : HCIE-Datacom V1.0

Understanding User Authentication Points in a Network

Authentication points can be deployed at different network layers based on security and scalability needs:

✅ Access Layer Authentication:

Ensures high security & granular control (user-level authentication).

Preferred in high-security enterprise networks.

✅ Aggregation or Core Layer Authentication:

Reduces authentication overhead but provides less granular control.

Suitable for large-scale networks where authentication load needs to be balanced.

Analysis of the Answer Choices:

✅ A. Deploying user authentication points at the access layer achieves granular permission management and high network security.

Correct: Provides fine-grained control per user and prevents unauthorized access.

✅ B. Moving user authentication points from the access layer to the aggregation or core layer greatly reduces the number of user authentication points, thereby effectively mitigating the pressure on the AAA server.

Correct: Fewer authentication points mean less load on the AAA server.

✅ C. Deploying user authentication points at the access layer has both advantages and disadvantages when compared to doing so at the aggregation or core layer. Policy association can be applied if user authentication points are deployed at the access layer.

Correct: Policy-based authentication is best applied at the access layer for granular control.

❌ D. When user authentication points are moved from the access layer to the aggregation layer, MAC address authentication for users may fail.

Incorrect: MAC authentication works at both layers, but policy adjustments may be needed.

✅ Reference: Huawei HCIE-Datacom Guide – User Authentication Strategies in Enterprise Networks

IGP Metric Design in Enterprise WANs

In an enterprise bearer WAN, routing metrics determine path selection. The aggregation layer connects multiple access-layer devices to the core network, so it should have a lower metric to:

✅ Ensure traffic is forwarded through higher-capacity aggregation links instead of lower-bandwidth access links.✅ Optimize traffic flow, reduce congestion, and improve network efficiency.✅ Enhance reliability by preferring more stable aggregation links.

IGP Routing Protocols Considerations:

OSPF: Lower cost values indicate preferred paths.

IS-IS: Lower link metrics result in preferred forwarding paths.

Reference from Huawei HCIE-Datacom Documentation:

Huawei IGP Design Guide – Enterprise WAN Routing Optimization

HCIE-Datacom Training Material – Metric Calculation and Path Selection in OSPF/IS-IS

Route Target (RT) is a BGP extended community attribute used in MPLS Layer 3 VPNs (L3VPNs) to control the import and export of VPN routes between different VPN instances (VRFs).

Explanation of Correct Answers:

✅ A. Each VPN instance is associated with one or more pairs of VPN Target attributes, used to control VPN routing information advertisement and reception between sites.

Each VRF (VPN Routing and Forwarding instance) has an associated RT that determines which routes are imported and exported between VPNs.

RTs enable inter-VPN communication while maintaining separation between VPN customers.

✅ B. Export Target and Import Target are independent of each other and support multiple values to implement flexible VPN routing information advertisement and reception control.

The Export RT specifies which routes should be advertised.

The Import RT specifies which routes should be accepted into a VRF.

These can be configured independently to control traffic flow between VPNs.

✅ C. RTs are classified into two types: Export Target and Import Target.

Export Target: Defines which VPN routes are advertised.

Import Target: Defines which VPN routes are accepted.

A VPN instance can have multiple RTs to allow flexibility.

✅ D. The RT value is advertised to neighbors through the BGP extended community attribute in Update messages.

RTs are carried in BGP UPDATE messages as part of the BGP extended community attribute, enabling VPN route exchange between PEs.

Reference from Huawei HCIE-Datacom Documentation:

Huawei MPLS VPN Configuration Guide – Route Target (RT) Concepts

HCIE-Datacom Study Material – BGP Route Advertisement in MPLS VPNs