View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


Question 50 Discussion

Refer to the exhibit. An ADVPN network is shown. You must configure an ADVPN using IBGP for each local region and EBGP across regions to connect Overlay 1 with Overlay 2. Which two options must you configure in the Hub2Hub BGP peering? (Choose two answers)

  • A. set next-hop-self enable
  • B. set attribute-unchanged next-hop
  • C. set ibgp-enforce-multihop advpn
  • D. set ebgp-enforce-multihop enable
Correct Answer: B,D

Brave-Dump Clients Votes

BD 66.67%
AD 33.33%

Comments



Hasan Ahmed 2025-11-27 18:05:18

Selected Answers: A, D


A and D is the Correct Answer
  • Brave-Dumps Admin 2025-11-27 22:07:50
    please explain why

Shabeeb Kunhipocker 2025-11-27 22:21:41

Selected Answers: A, D


I think A,D since the question is asking for the options to be configured in hub2hub BGP peering (eBGP). The option B will tell to keep the nexthop (spokes' nexthop IPs) unchanged as they will not be reachable across regions.
  • Miguel 2025-12-29 14:24:26
    Default BGP Behavior: When a BGP router advertises a route to a neighbor, it usually changes the next-hop attribute to its own IP address. This means if Hub A receives routes from Spoke 1 and Spoke 2 and then advertises them to Hub B, the next-hop will default to Hub A’s IP (10.255.255.1). Problem in the Shown Topology: Spokes (Spoke 1 and Spoke 2) are behind Hub A, and Spoke 3 and Spoke 4 are behind Hub B. If Hub A changes the next-hop when sending routes to Hub B, Hub B will think the next hop to reach Spoke 1 is Hub A. This breaks routing logic because in SD-WAN or VPN networks, spokes need to keep the original next-hop so traffic flows correctly through the tunnels. Solution with set attribute-unchanged next-hop: This command tells the BGP process not to modify the next-hop attribute when redistributing routes to its neighbor. As a result, Hub A advertises Spoke 1 and Spoke 2 routes to Hub B keeping the original next-hop (the spoke’s IP). This ensures Hub B knows that traffic to Spoke 1 should go directly through the correct tunnel, not via Hub A unnecessarily. Conclusion: In a Hub-and-Spoke architecture using BGP, preserving the original next-hop is critical for proper spoke-to-spoke communication without forcing traffic through the hub. That’s why the correct option is “set attribute-unchanged next-hop”.

Mike 2025-12-06 12:43:29

Selected Answers: B, D


B, D. Study guide page 236

Capi 2025-12-18 19:35:50

Selected Answers: B, D


For me its B and D as per page 236. Option b will keep the next hop unchanged so there aren't issues with setting up advpn for example. Option D allows BGP messages to reach the dest if there are more L3 equipments in the middle

Anonymous User 2025-12-29 14:26:54

Selected Answers: B, D


I already explained that in **Shabeeb Kunhipocker’s comment**.

Adam 2026-01-19 13:33:34

Selected Answers: B, D


Page 236 of Study Guide mentions same use case with requirement to configure the below under eBGP neighbor:
set attribute-unchanged next-hop
set ebgp-enforce-multihop enable