Free Practice Questions for Huawei H12-891_V1.0 Exam

InMPLS Traffic Engineering (TE),Label Switched Paths (LSPs)can be established:

Statically: Manual configuration.

Dynamically: Typically viaRSVP-TE.

Protocol roles:

RSVP-TE:Used to dynamically establish and signal TE LSPs→✅

OSPF / IS-IS: Act asIGP protocolsand provide TE-related link-state information (like bandwidth) butdo not establish LSPs themselves→❌

BGP: Used forroute advertisement, not forLSP setupin MPLS TE →❌

Correct answers: A, C, D

The Loopback interface is not advertised by default in IS-IS, unless a specific command is used (like network entity with loopback settings or enabling it manually). In this case, the GE0/0/0 and GE0/0/1 interfaces are both UP, and have IS-IS L1/L2 enabled. These two interfaces qualify to advertise IS-IS routes.

Exact Extract - Huawei HCIE-Datacom V1.0 IS-IS Chapter

“By default, only physical interfaces in UP state and configured with IS-IS (L1, L2, or L1/L2) participate in IS-IS. Loopback interfaces must be explicitly advertised using route import policies.”

802.1X Authentication Overview

802.1X is aport-based authentication mechanismused for secure network access control. It involves:

EAPoL (Extensible Authentication Protocol over LAN) communicationbetween theclient (supplicant) and the switch (authenticator).

RADIUS communicationbetween theauthenticator and the authentication server (AAA server).

✅A. 802.1X authentication uses EAPoL to exchange authentication information.

EAPoL (Extensible Authentication Protocol over LAN)is used to send authentication packets overEthernet (IEEE 802.3)networks.

✅B. In EAP termination mode, the network device terminates EAP packets and re-encapsulates them into RADIUS.

The switchacts as an authentication proxybyterminating EAP sessions and converting authentication information into RADIUS format.

✅C. EAPoL is for wired (802.3), EAPoW is for wireless (802.11).

EAPoL (EAP over LAN) is used in wired Ethernet networks.

EAPoW (EAP over Wireless) is used in Wi-Fi (802.11) networks.

✅D. In EAP relay mode, EAP packets are encapsulated into RADIUS using EAPoR (EAP over RADIUS).

The switchdoes not terminate the EAP sessionbut insteadforwards EAP messages to the AAA server inside RADIUS packets.

Reference from Huawei HCIE-Datacom Documentation:

Huawei 802.1X Configuration Guide – EAPoL, EAPoW, and EAPoR

HCIE-Datacom Training Material – AAA Authentication Modes

TheTime-To-Live (TTL) fieldin MPLS is essential forpreventing infinite loopsandenhancing security.

MPLS TTL Field Functionality:

It prevents packets fromcirculating indefinitelyin the MPLS network.

It allowstraceroute (tracert) to identify MPLS hopswhen TTL propagation is enabled.

Explanation of Correct Answers:✅B. The processing of IP TTL copy hides the LSR in an MPLS domain, improving security.

IfTTL propagation is disabled, MPLS routers do not decrease TTL, hidinginternal LSRsfrom traceroute, enhancing security.

✅C. MPLS provides two TTL processing modes:

Default Mode:The MPLS TTLcopies the IP TTL valuewhen an IP packet enters the MPLS network.

Uniform Mode:The ingress LERsets the MPLS TTL to 255, so it does not decrement.

✅D. MPLS encapsulation in frame mode supports the TTL field, while cell mode does not.

Frame Mode (Ethernet, PPP, etc.) supports TTL.

Cell Mode (ATM/MPLS) does not support TTL.

Incorrect Answer Explanation:❌A. If TTL copy is disabled, users can use the tracert function to view MPLS hops.

Wrong!If TTL propagation is disabled, tracertcannotsee LSRs inside the MPLS core network.

Reference from Huawei HCIE-Datacom Documentation:

Huawei MPLS Technology Guide – TTL Field & Loop Prevention

HCIE-Datacom MPLS VPN Configuration Guide – Traceroute in MPLS Networks

The command port-isolate enable is used on Huawei switches to completely isolate traffic at both Layer 2 and Layer 3 between different interfaces within the same VLAN. This isolation prevents any communication between isolated ports—even if they belong to the same subnet or VLAN—making it a critical security feature in multi-tenant environments.

Usage Context:

Often used in shared service or hotel network scenarios.

Can be applied in access port configurations.

Does not require additional VLAN creation or private VLAN features.

Huawei Datacom Reference:

"To completely isolate Layer 2 and Layer 3 communication between interfaces in the same VLAN, run the port-isolate enable command under the interface view."

(Source: HCIE-Datacom Study Guide V3.0 – Chapter: VLAN & Security Technologies, Section: Port Isolation)

Comprehensive and Detailed In-Depth Explanation:

Blackhole MAC address configuration is a security feature that helps protect a network from MAC address spoofing or attacks involving untrusted MAC addresses. When you configure a MAC address as ablackhole MAC address, any packet received with that address as the source or destination will be immediately discarded by the device.

This feature is useful in scenarios where certain MAC addresses are identified as malicious or untrusted. By adding these MAC addresses to the blackhole list, the device effectively blocks communication involving these addresses, thereby mitigating security risks.

TheMPLS headerconsists of:

Label (20 bits)– Label value used for forwarding.

EXP (3 bits)– QoS field (Class of Service).

S bit (1 bit)– Bottom-of-Stack indicator.

TTL (8 bits)–Time-to-Live, similar to the TTL field in the IP header.

Function of TTL in MPLS:

It is used toprevent infinite loops.

Every LSRdecrementsthe TTL by 1.

When TTL reaches0, the packet isdiscarded.

This mirrors the behavior of IP TTL and ensures loop prevention in MPLS networks.

Correct answer: D. This field is used to prevent packet forwarding loops, similar to the TTL field in an IP header.

Comprehensive and Detailed In-Depth Explanation:

1. Understanding SR-MPLS (Segment Routing with MPLS):

Segment Routing (SR)leverages MPLS labels to define paths through the network.

The labels representsegments(nodes or specific paths) rather than traditional LDP or RSVP-TE labels.

Thelabel stackdetermines the forwarding path through the network.

Top Label:Determines thenext hop.

Next Label:After label pop, it indicates thesubsequent hop.

2. Analyzing the Given Label Stack:

The label stack encapsulated byR1is as follows:

Layer2:2046

2013

2032

2024

2046

Layer3

Thetop label (2046)indicates that thenext-hop routerisR4.

AfterR4pops the top label, thenext label (2046)directs the packet toR6.

3. Forwarding Path Analysis:

Step 1:R1sends the packet toR2based on internal routing.

Step 2:R2forwards the packet directly toR4as dictated by the top label (2046).

Step 3:R4pops the top label (2046) and checks the next label (again2046), directing the packet toR6.

Step 4:R6receives the packet as the final destination.

4. Why Option B is Correct:

The pathR1-R2-R4-R6matches thelabel stack processingin SR-MPLS.

Thelabels indicate the shortest pathchosen by SR policies, which isR1 → R2 → R4 → R6.

TheSR-MPLS label stackefficiently guides the packet through the optimal path without complex signaling.

Why Other Options Are Incorrect:

Option A (R1-R2-R3-R5-R6):

This path does not match thelabel sequenceas the labels clearly indicate adirect path via R4, not throughR3 and R5.

Option C (R1-R3-R2-R4-R6):

This path is longer and unnecessary, as thelabel stackindicates a moredirect path via R2 and R4.

Option A: Correct — both terminal and interface security are important.

Option C: Correct —CAPWAP supports DTLSencryption for secure tunnel communication.

Option D: Correct — intranet security design considersboth wired and wireless.

Option B:Incorrect— traffic suppression (such as broadcast suppression) is implemented usingrate limiting or storm control,not by shutting down interfaces. Shutting down interfaces would disrupt legitimate traffic too.

Correct answer: B

Huawei’sNQA (Network Quality Analysis)provides tools to test and monitor network performance such as latency, jitter, and packet loss. The supported test types include:

ICMP— For reachability and round-trip time testing.

UDP,TCP,HTTP,FTP, etc.

DNS,VoIP,DHCP(limited to simulation, not monitoring protocol status itself)

Protocols likeSNMPandOSPFarenot directly monitored by NQA, as these aremanagement or control plane protocols, not data-path or performance-measurable protocols.

Correct answer: C. ICMP