Understanding User Authentication Points in a Network
Authentication pointscan be deployed at different network layersbased on security and scalability needs:
✅Access Layer Authentication:
Ensureshigh security & granular control(user-level authentication).
Preferred inhigh-security enterprise networks.
✅Aggregation or Core Layer Authentication:
Reduces authentication overheadbutprovides less granular control.
Suitable forlarge-scale networkswhere authentication load needs to be balanced.
Analysis of the Answer Choices:
✅A. Deploying user authentication points at the access layer achieves granular permission management and high network security.
Correct:Providesfine-grained control per userand prevents unauthorized access.
✅B. Moving user authentication points from the access layer to the aggregation or core layer greatly reduces the number of user authentication points, thereby effectively mitigating the pressure on the AAA server.
Correct:Fewer authentication points meanless load on the AAA server.
✅C. Deploying user authentication points at the access layer has both advantages and disadvantages when compared to doing so at the aggregation or core layer. Policy association can be applied if user authentication points are deployed at the access layer.
Correct:Policy-based authentication isbest applied at the access layerforgranular control.
❌D. When user authentication points are moved from the access layer to the aggregation layer, MAC address authentication for users may fail.
Incorrect:MAC authentication worksat both layers, butpolicy adjustmentsmay be needed.
✅Reference:Huawei HCIE-Datacom Guide – User Authentication Strategies in Enterprise Networks
