In a virtualized campus network built with iMaster NCE-Campus,virtual networks (VNs)are designed to belogically isolated by default. This isolation is achieved through VXLAN and VPN instances, ensuring that users in different VNs cannot communicate unless explicit interconnection mechanisms are configured. While thepolicy control matrixis an important component of access control, it isnot sufficient by itselfto implement mutual access between users in different VNs.
According to HCIP Datacom Campus Network documentation, the policy control matrix is used to defineinter-group or inter-user access permissions, typically based onsecurity groups. It controls whether traffic is permitted, denied, or restricted between different user groups. However, the policy control matrix only definessecurity policy behaviorand does not establish Layer 3 connectivity between isolated virtual networks.
To enable mutual access between users in different VNs, the administrator must also configureinter-VN connectivity mechanisms, such asexternal networks,border nodes, orroute import and export policies. This includes enabling route exchange between VPN instances using BGP EVPN and configuring appropriate gateway or routing paths. Only after Layer 3 reachability is established can the policy control matrix take effect to permit or restrict traffic.
Therefore, deploying a policy control matrix alone does not meet the technical requirements for inter-VN communication. Bothconnectivity configuration and policy controlare required. Hence, the statement is incorrect, and the correct answer isFALSE.
