H12-891_V1.0 Exam Dumps - Huawei HCIE-Datacom Questions and Answers

Traffic Diversion in SR-MPLS Policy

SR-MPLS Policies use traffic steering mechanisms to direct specific flows to Segment Routing paths (SR Policies). When multiple services share the same destination address, color-based traffic diversion ensures differentiated service treatment.

✅ B. Color-based traffic diversion (Correct Answer)

Traffic is classified based on "color" (a BGP-SR policy attribute) and mapped to different SR-MPLS tunnels.

Different colors represent different paths (e.g., high-priority services can use an optimized low-latency path).

This method ensures service quality by directing traffic according to policy-based routing decisions.

In MPLS LDP (Label Distribution Protocol), label retention modes control how labels are stored in the Label Forwarding Information Base (LFIB).

DU Label Advertisement Mode (Downstream Unsolicited):

Labels are advertised to all LDP peers without a request.

The receiving router decides which label to use for forwarding.

Liberal vs. Conservative Label Retention:

✅ Liberal Label Retention Mode (Correct Answer)

All received labels from all LDP peers are stored.

Even if a peer is not the optimal next hop, its label is retained.

Allows faster convergence during failures.

❌ Conservative Label Retention Mode

Only the label from the best next-hop peer is stored.

Reduces memory usage but can slow down convergence in case of failure.

Reference from Huawei HCIE-Datacom Documentation:

Huawei MPLS LDP Configuration Guide – Liberal vs. Conservative Label Retention

HCIE-Datacom Training Material – Label Advertisement in MPLS Networks

Understanding 802.1X Authentication in Enterprise Networks

???? What is 802.1X?

802.1X is a network access control (NAC) protocol that enforces authentication before allowing a device to connect to a LAN.

It uses EAP (Extensible Authentication Protocol) over RADIUS for user verification.

Typically deployed in corporate and campus networks for secure wired and wireless access.

???? How Does 802.1X Work?1️⃣ Client (Supplicant) → Requests network access.2️⃣ Switch (Authenticator) → Forwards request to RADIUS server.3️⃣ RADIUS Server → Verifies credentials & grants access.

Mandatory Steps to Enable 802.1X on SW3

✅ A. Configure an AAA Scheme

Defines authentication, authorization, and accounting (AAA) methods.

Links 802.1X authentication to the RADIUS server.

✅ B. Configure an Authentication Profile

Specifies how authentication is handled on the switch.

Associates 802.1X authentication with an AAA scheme.

✅ C. Configure an Authentication Domain

Groups authentication policies for different user types.

Maps AAA scheme to user login requests.

✅ D. Configure an 802.1X Access Profile

Applies 802.1X authentication to specific switch ports (GE0/0/2 & GE0/0/3).

Ensures that only authenticated users can pass traffic.

Why Are All Four Steps Necessary?

✅ Each step plays a critical role in enabling 802.1X authentication and linking it to the RADIUS server.✅ Without any one of these configurations, the 802.1X authentication process would fail.

Real-World Application:

Enterprise Wired Security: Ensures that only authenticated devices access corporate networks.

University Campuses & Public Wi-Fi: Prevents unauthorized access to secure LAN environments.

✅ Reference: Huawei HCIE-Datacom Guide – 802.1X Authentication & RADIUS Server Configuration