H12-891_V1.0 Exam Dumps : HCIE-Datacom V1.0

MP-BGP is an extension of BGP-4 that supports multi-protocol address families such as IPv6, VPNv4, etc. When PE and CE exchange BGP routes, there is no need to create a BGP process per VPN on the CE. The CE typically runs a standard BGP process, while the PE maintains separate VPN routing tables (VRFs).

Exact Extract - Huawei HCIE-Datacom MP-BGP Chapter:

“CE devices use standard BGP, and multiple VPNs can share the same BGP process on the CE. The PE handles VPN route separation through VRFs and MP-BGP.”

Huawei IPsec supports multiple modes for establishing Security Associations (SAs):

A. Template negotiation — Used in IPsec policy templates and dynamic VPNs.

B. IKE auto-negotiation mode — Automatically negotiates parameters via IKE Phase 1/2.

C. Certificate negotiation — IPsec peers can authenticate each other using certificates during IKE negotiation.

D. Manual mode — Static IPsec SAs can be manually configured without IKE, often used in simple or static topologies.

Exact Extract - Huawei Security Configuration Guide (USG Series):

“IPsec SAs can be established manually or dynamically through IKE, including using PSKs or certificates. Template-based approaches simplify large-scale deployment.”

When port security is enabled and the maximum number of learned MAC addresses is reached, the switch can trigger multiple security actions depending on configuration:

Discard packets with unknown source MACs

Generate alarms

Shut down the port (set to error-down)

Do all the above combined (default behavior)

The most comprehensive and commonly configured behavior is error-down + alarm generation, which corresponds to Option D.

Exact Extract - Huawei HCIE-Datacom Switching Guide:

“When the MAC address limit is reached on a port with port security enabled, the system can generate alarms and set the port to error-down state based on security policies.”