Understanding User Authentication Points in a Network
Authentication points can be deployed at different network layers based on security and scalability needs:
✅ Access Layer Authentication:
Ensures high security & granular control (user-level authentication).
Preferred in high-security enterprise networks.
✅ Aggregation or Core Layer Authentication:
Reduces authentication overhead but provides less granular control.
Suitable for large-scale networks where authentication load needs to be balanced.
Analysis of the Answer Choices:
✅ A. Deploying user authentication points at the access layer achieves granular permission management and high network security.
✅ B. Moving user authentication points from the access layer to the aggregation or core layer greatly reduces the number of user authentication points, thereby effectively mitigating the pressure on the AAA server.
✅ C. Deploying user authentication points at the access layer has both advantages and disadvantages when compared to doing so at the aggregation or core layer. Policy association can be applied if user authentication points are deployed at the access layer.
❌ D. When user authentication points are moved from the access layer to the aggregation layer, MAC address authentication for users may fail.
Incorrect: MAC authentication works at both layers, but policy adjustments may be needed.
✅ Reference: Huawei HCIE-Datacom Guide – User Authentication Strategies in Enterprise Networks