Which of the following statements are correct about authentication points and policy enforcement points in Huawei ' s free mobility solution?
A.
The policy enforcement point executes inter-group policies based on security groups.
B.
The authentication point and policy enforcement point must be deployed on the same device.
C.
When receiving user traffic, the authentication point enforces a policy to process the traffic based on the source or destination security group corresponding to the source or destination IP address of the traffic.
D.
The authentication point and policy enforcement point can be deployed on different devices.
Authentication Point (AP): Identifies users and associates them with a Security Group Tag (SGT) upon access.
Policy Enforcement Point (PEP): Enforces policies between different security groups, such as allowing or denying traffic.
Key points:
A is correct — The PEP enforces inter-group access based on defined policies.
B is incorrect — AP and PEP can be on separate devices, offering deployment flexibility.
C is incorrect — The policy enforcement happens at the PEP, not the AP. AP ' s job is to authenticate and tag traffic.
D is correct — AP and PEP can be deployed on different devices.
Correct answers: A, D
[Reference:Huawei HCIE-Datacom V1.0 Study Guide —Chapter: Free Mobility and User-Centric PolicySection: Role of Authentication and Enforcement Points, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit