Huawei Updated H12-891_V1.0 Exam Questions and Answers by aryan

When port security is enabled and the maximum number of learned MAC addresses is reached, the switch can trigger multiple security actions depending on configuration:

Discard packets with unknown source MACs

Generate alarms

Shut down the port (set to error-down)

Do all the above combined (default behavior)

The most comprehensive and commonly configured behavior is error-down + alarm generation, which corresponds to Option D.

Exact Extract - Huawei HCIE-Datacom Switching Guide:

“When the MAC address limit is reached on a port with port security enabled, the system can generate alarms and set the port to error-down state based on security policies.”

Comprehensive and Detailed In-Depth Explanation:

A. When planning paths based on bandwidth:Correct. The available bandwidth of each interface must beset in advanceto allow path planning based on bandwidth requirements.

B. When planning paths based on delay:Correct. To plan paths considering delay, you need to deployTWAMP (Two-Way Active Measurement Protocol)oriFIT (Intelligent Flow Information Telemetry)to measure thereal-time delayon network links.

C. If the controller plans SR-MPLS Policy paths:Incorrect. The controller can planprimary, backup, and load-balanced paths, enablingtraffic distribution across multiple paths.

D. Statically planned SR-MPLS Policy paths:Correct. You canmanually configure load balancingfor the primary path when planning the SR-MPLS Policy path statically.

Understanding Huawei CloudCampus Access Control

Huawei’sCloudCampus solutionprovidescentralized authentication and policy managementviaiMaster NCE-Campus.

????Analysis of Each Option:

✅A. iMaster NCE can function as an authentication server.

Correct:iMaster NCE includesAAA (Authentication, Authorization, and Accounting) capabilities, reducing dependency on external servers.

❌B. Cloud APs support local Portal authentication.

Incorrect:HuaweiCloud APs do NOT support local Portal authentication.

Instead,Portal authentication is managed centrally by iMaster NCE, NOT by individual APs.

✅C. iMaster NCE can function as a Portal relay device.

Correct:It can relay authentication requests to aRADIUS or AAA server.

✅D. iMaster NCE can interconnect with a third-party RADIUS server.

Correct:It supports integration withexternal RADIUS authentication serversforenterprise authentication.

Real-World Application:

Used inWi-Fi 6 enterprise deploymentswhere centralizedauthentication, security, and policy enforcementare needed.

✅Reference:Huawei HCIE-Datacom Guide – CloudCampus Authentication Architecture

In BGP4+ (used for IPv6 routing), the MP_REACH_NLRI attribute is used to advertise reachable routes. The Next Hop field must:

Contain a global unicast IPv6 address

Link-local addresses are not used in MP_REACH_NLRI because they are valid only on a local link and not suitable for inter-AS routing.

RFC 2545 (Multiprotocol Extensions for BGP-4) also states that the Next Hop must be a routable global address.

Therefore:

C. It must be a global unicast address — is correct.

The other options involving link-local addresses are incorrect.