View all questions & answers for the NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials exam


NSE 7 - Enterprise Firewall 7.6 Administrator Exam Materials-Question 50 Discussion

Refer to the exhibit. An ADVPN network is shown. You must configure an ADVPN using IBGP for each local region and EBGP across regions to connect Overlay 1 with Overlay 2. Which two options must you configure in the Hub2Hub BGP peering? (Choose two answers)

  • A. set next-hop-self enable
  • B. set attribute-unchanged next-hop
  • C. set ibgp-enforce-multihop advpn
  • D. set ebgp-enforce-multihop enable
Correct Answer: B,D

Brave-Dump Clients Votes

BD 75%
AD 25%

Comments



Hasan Ahmed 2025-11-27 18:05:18

Selected Answers: A, D


A and D is the Correct Answer
  • Brave-Dumps.com Admin 2025-11-27 22:07:50
    please explain why

Shabeeb Kunhipocker 2025-11-27 22:21:41

Selected Answers: A, D


I think A,D since the question is asking for the options to be configured in hub2hub BGP peering (eBGP). The option B will tell to keep the nexthop (spokes' nexthop IPs) unchanged as they will not be reachable across regions.
  • Miguel 2025-12-29 14:24:26
    Default BGP Behavior: When a BGP router advertises a route to a neighbor, it usually changes the next-hop attribute to its own IP address. This means if Hub A receives routes from Spoke 1 and Spoke 2 and then advertises them to Hub B, the next-hop will default to Hub A’s IP (10.255.255.1). Problem in the Shown Topology: Spokes (Spoke 1 and Spoke 2) are behind Hub A, and Spoke 3 and Spoke 4 are behind Hub B. If Hub A changes the next-hop when sending routes to Hub B, Hub B will think the next hop to reach Spoke 1 is Hub A. This breaks routing logic because in SD-WAN or VPN networks, spokes need to keep the original next-hop so traffic flows correctly through the tunnels. Solution with set attribute-unchanged next-hop: This command tells the BGP process not to modify the next-hop attribute when redistributing routes to its neighbor. As a result, Hub A advertises Spoke 1 and Spoke 2 routes to Hub B keeping the original next-hop (the spoke’s IP). This ensures Hub B knows that traffic to Spoke 1 should go directly through the correct tunnel, not via Hub A unnecessarily. Conclusion: In a Hub-and-Spoke architecture using BGP, preserving the original next-hop is critical for proper spoke-to-spoke communication without forcing traffic through the hub. That’s why the correct option is “set attribute-unchanged next-hop”.

Mike 2025-12-06 12:43:29

Selected Answers: B, D


B, D. Study guide page 236

Capi 2025-12-18 19:35:50

Selected Answers: B, D


For me its B and D as per page 236. Option b will keep the next hop unchanged so there aren't issues with setting up advpn for example. Option D allows BGP messages to reach the dest if there are more L3 equipments in the middle

Anonymous User 2025-12-29 14:26:54

Selected Answers: B, D


I already explained that in **Shabeeb Kunhipocker’s comment**.

Adam 2026-01-19 13:33:34

Selected Answers: B, D


Page 236 of Study Guide mentions same use case with requirement to configure the below under eBGP neighbor:
set attribute-unchanged next-hop
set ebgp-enforce-multihop enable

zineeddine 2026-03-14 01:41:15

Selected Answers: B, D


PAGE 236

Mohamed Gamal Mahmoud 2026-03-15 05:58:52

Selected Answers: B, D


b.d