Which of the following statements are correct about authentication points and policy enforcement points in Huawei's free mobility solution?
A.
The policy enforcement point executes inter-group policies based on security groups.
B.
The authentication point and policy enforcement point must be deployed on the same device.
C.
When receiving user traffic, the authentication point enforces a policy to process the traffic based on the source or destination security group corresponding to the source or destination IP address of the traffic.
D.
The authentication point and policy enforcement point can be deployed on different devices.
Authentication Point (AP): Identifies users and associates them with aSecurity Group Tag (SGT)upon access.
Policy Enforcement Point (PEP): Enforces policiesbetween different security groups, such as allowing or denying traffic.
Key points:
Ais correct — The PEP enforces inter-group access based on defined policies.
Bis incorrect — AP and PEPcan be on separate devices, offering deployment flexibility.
Cis incorrect — Thepolicy enforcementhappens at thePEP, not the AP. AP's job is to authenticate and tag traffic.
Dis correct — AP and PEP can be deployed ondifferent devices.
Correct answers: A, D
[Reference:Huawei HCIE-Datacom V1.0 Study Guide —Chapter: Free Mobility and User-Centric PolicySection: Role of Authentication and Enforcement Points, , , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit