To determine which statement is incorrect, we need to analyze the ACL configuration on Router A and understand how it filters outbound traffic to the Internet. Let's break down the configuration step by step, referencing HCIA Datacom principles for ACL processing and traffic filtering.
1. Understanding the ACL Configuration
The configuration on Router A is as follows:
text
WrapCopy
acl number 2000
rule 5 deny source 200.0.12.0 0.0.0.7
rule 10 permit source 200.0.12.0 0.0.0.15
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 2000
#
Rule 5: deny source 200.0.12.0 0.0.0.7
Rule 10: permit source 200.0.12.0 0.0.0.15
Interface Configuration: The ACL 2000 is applied outbound on interface GigabitEthernet0/0/1, meaning it filters traffic leaving Router A toward the Internet.
2. ACL Processing Logic (HCIA Datacom Reference)
According to HCIA Datacom documentation (e.g., Huawei ACL fundamentals), ACLs are processed in sequential order, and the first matching rule determines the action (permit or deny). If no rule matches, the implicit deny rule at the end of the ACL blocks the traffic. In this case:
Since Rule 5 is processed before Rule 10, any IP in the overlap (i.e., 200.0.12.1–200.0.12.6) will be denied by Rule 5, even though Rule 10 would permit it.
Any IP not matching Rule 5 or Rule 10 is implicitly denied (but no such IPs are listed in the options).
3. Evaluating Each Option
Now, let’s check each host IP address against the ACL rules to determine if they can access the Internet:
A. The host with the source IP address 200.0.12.6 cannot access the Internet.
200.0.12.6 falls within the range 200.0.12.1–200.0.12.6, which is denied by Rule 5.
B. The host with the source IP address 200.0.12.8 cannot access the Internet.
C. The host with the source IP address 200.0.12.2 cannot access the Internet.
200.0.12.2 falls within the range 200.0.12.1–200.0.12.6, which is denied by Rule 5.
D. The host with the source IP address 200.0.12.4 cannot access the Internet.
200.0.12.4 falls within the range 200.0.12.1–200.0.12.6, which is denied by Rule 5.
4. Conclusion
The only incorrect statement is B, as the host with the source IP address 200.0.12.8 can access the Internet because it is permitted by Rule 10 and not denied by Rule 5.
5. HCIA Datacom References
This analysis aligns with the HCIA Datacom curriculum, specifically:
ACL Fundamentals: Huawei’s documentation on basic ACLs (e.g., ACL 2000–2999 for IPv4) and their rule processing order (first match wins).
Traffic Filtering: Outbound ACL application on interfaces, as described in Huawei router configuration guides.
Wildcard Mask Calculation: Standard IP addressing and subnetting principles for determining IP ranges (e.g., /29 and /28 subnets).
These principles are detailed in the HCIA Datacom V1.0 training materials, particularly in the sections on ACL configuration, IP addressing, and interface-based traffic control.