H12-891_V1.0 Exam Dumps : HCIE-Datacom V1.0

To automatically enable MPLS on an interface inSR-MPLS:

Segment routing must be enabled globallyin thesystem view→✅

Segment routing must also be enabled under the IGP process, andIGP (OSPF or IS-IS) must be enabled on the interface→✅

Clarifications:

SRGB (Segment Routing Global Block)configuration defines SID ranges butdoes not trigger MPLS enablement→❌

Static adjacency labelsare advanced options and do not auto-enable MPLS →❌

Correct answers: B, D

Comprehensive and Detailed In-Depth Explanation:

AnNVE (Network Virtualization Edge) interfaceis responsible for connecting physical or virtual devices to a VXLAN network. It functions as theVTEP (VXLAN Tunnel Endpoint)and supportsencapsulation and decapsulation of VXLAN packets.

Layer 2 VXLAN gateway (D)is used for intra-subnet communication, but theNVE interfaceis the actual point where traffic enters the VXLAN network.

Layer 3 VXLAN gateway (A)is used for inter-subnet communication.

VLANIF interface (C)is used for VLAN-based communication, not directly for VXLAN.

Therefore, theNVE interface (B)is the correct answer as it serves as thetraffic ingress and egress point for the VXLAN network.

Huawei IPsec supports multiple modes for establishing Security Associations (SAs):

A. Template negotiation — Used in IPsec policy templates and dynamic VPNs.

B. IKE auto-negotiation mode — Automatically negotiates parameters via IKE Phase 1/2.

C. Certificate negotiation — IPsec peers can authenticate each other using certificates during IKE negotiation.

D. Manual mode — Static IPsec SAs can be manually configured without IKE, often used in simple or static topologies.

Exact Extract - Huawei Security Configuration Guide (USG Series):

“IPsec SAs can be established manually or dynamically through IKE, including using PSKs or certificates. Template-based approaches simplify large-scale deployment.”