To determine which statement is incorrect, we need to analyze the ACL configuration on Router A and understand how it filters outbound traffic to the Internet. Let's break down the configuration step by step, referencing HCIA Datacom principles for ACL processing and traffic filtering.
1. Understanding the ACL Configuration
The configuration on Router A is as follows:
text
WrapCopy
acl number 2000
rule 5 deny source 200.0.12.0 0.0.0.7
rule 10 permit source 200.0.12.0 0.0.0.15
#
interface GigabitEthernet0/0/1
traffic-filter outbound acl 2000
#
* ACL Number 2000: This is a basic ACL used to filter traffic based on source IP addresses.
* Rule 5: deny source 200.0.12.0 0.0.0.7
* The wildcard mask 0.0.0.7 translates to a subnet mask of /29 (255.255.255.248).
* The IP range for 200.0.12.0 0.0.0.7 is calculated as:
* Network address: 200.0.12.0
* Broadcast address: 200.0.12.7
* Usable host addresses: 200.0.12.1 to 200.0.12.6 (6 usable addresses in a /29 subnet).
* Therefore, this rule denies traffic from any source IP in the range 200.0.12.1-200.0.12.6.
* Rule 10: permit source 200.0.12.0 0.0.0.15
* The wildcard mask 0.0.0.15 translates to a subnet mask of /28 (255.255.255.240).
* The IP range for 200.0.12.0 0.0.0.15 is:
* Network address: 200.0.12.0
* Broadcast address: 200.0.12.15
* Usable host addresses: 200.0.12.1 to 200.0.12.14 (14 usable addresses in a /28 subnet).
* Therefore, this rule permits traffic from any source IP in the range 200.0.12.1-200.0.12.14.
* Interface Configuration: The ACL 2000 is applied outbound on interface GigabitEthernet0/0/1, meaning it filters traffic leaving Router A toward the Internet.
2. ACL Processing Logic (HCIA Datacom Reference)
According to HCIA Datacom documentation (e.g., Huawei ACL fundamentals), ACLs are processed in sequential order, and the first matching rule determines the action (permit or deny). If no rule matches, the implicit deny rule at the end of the ACL blocks the traffic. In this case:
* Rule 5 denies traffic from 200.0.12.1-200.0.12.6.
* Rule 10 permits traffic from 200.0.12.1-200.0.12.14.
* Since Rule 5 is processed before Rule 10, any IP in the overlap (i.e., 200.0.12.1-200.0.12.6) will be denied by Rule 5, even though Rule 10 would permit it.
* IPs outside 200.0.12.1-200.0.12.6 but within 200.0.12.1-200.0.12.14 are permitted by Rule 10.
* Any IP not matching Rule 5 or Rule 10 is implicitly denied (but no such IPs are listed in the options).
3. Evaluating Each Option
Now, let's check each host IP address against the ACL rules to determine if they can access the Internet:
* A. The host with the source IP address 200.0.12.6 cannot access the Internet.
* 200.0.12.6 falls within the range 200.0.12.1-200.0.12.6, which is denied by Rule 5.
* Therefore, this statement is correct (the host cannot access the Internet).
* B. The host with the source IP address 200.0.12.8 cannot access the Internet.
* 200.0.12.8 does not fall within the range 200.0.12.1-200.0.12.6 (denied by Rule 5).
* It does fall within the range 200.0.12.1-200.0.12.14 (permitted by Rule 10).
* Therefore, 200.0.12.8 is permitted to access the Internet, making this statement incorrect.
* C. The host with the source IP address 200.0.12.2 cannot access the Internet.
* 200.0.12.2 falls within the range 200.0.12.1-200.0.12.6, which is denied by Rule 5.
* Therefore, this statement is correct (the host cannot access the Internet).
* D. The host with the source IP address 200.0.12.4 cannot access the Internet.
* 200.0.12.4 falls within the range 200.0.12.1-200.0.12.6, which is denied by Rule 5.
* Therefore, this statement is correct (the host cannot access the Internet).
4. Conclusion
The only incorrect statement is B, as the host with the source IP address 200.0.12.8 can access the Internet because it is permitted by Rule 10 and not denied by Rule 5.
5. HCIA Datacom References
This analysis aligns with the HCIA Datacom curriculum, specifically:
* ACL Fundamentals: Huawei's documentation on basic ACLs (e.g., ACL 2000-2999 for IPv4) and their rule processing order (first match wins).
* Traffic Filtering: Outbound ACL application on interfaces, as described in Huawei router configuration guides.
* Wildcard Mask Calculation: Standard IP addressing and subnetting principles for determining IP ranges (e.g., /29 and /28 subnets).
These principles are detailed in the HCIA Datacom V1.0 training materials, particularly in the sections on ACL configuration, IP addressing, and interface-based traffic control.