I have a question about the VLAN ACL task.
I came up with this.
vlan access-map GUEST_ACCESS 10
match ip address GUEST
vlan filter GUEST_ACCESS vlan-list 60
Extended IP access list GUEST
10 permit tcp any any eq www
20 permit tcp any any eq 443
30 permit tcp any eq www any
40 permit tcp any eq 443 any
The SG has a different ACL configured with permit ip any any and then using action drop in line 20 of the VACL. Isn't this overkill? If there is at least one match statement in the VACL, then the default action would be to drop. So any traffic not matching the ip addresses in ACL GUEST would be dropped right?
Can I get some clarification as to why the second ACL and VACL statement was used?