Hello,

since you want to allow 80/443/3389 only to the host, but (I assume) allow all hosts to communicate using all other protocols, I have come up with the below:

ip access-list 100 permit tcp host 10.100.8.82 10.100.0.0 0.0.0.255 eq 80
ip access-list 100 permit tcp 10.100.0.0 0.0.0.255 host 10.100.8.82 eq 80
ip access-list 100 permit tcp host 10.100.8.82 10.100.0.0 0.0.0.255 eq 443
ip access-list 100 permit tcp 10.100.0.0 0.0.0.255 host 10.100.8.82 eq 443
ip access-list 100 permit tcp host 10.100.8.82 10.100.0.0 0.0.0.255 eq 3389
ip access-list 100 permit tcp 10.100.0.0 0.0.0.255 host 10.100.8.82 eq 3389
ip access-list 100 deny tcp any 10.100.0.0 0.0.0.255 eq 80
ip access-list 100 deny tcp 10.100.0.0 0.0.0.255 any eq 80
ip access-list 100 deny tcp any 10.100.0.0 0.0.0.255 eq 443
ip access-list 100 deny tcp 10.100.0.0 0.0.0.255 any eq 443
ip access-list 100 deny tcp any 10.100.0.0 0.0.0.255 eq 3389
ip access-list 100 deny tcp 10.100.0.0 0.0.0.255 any eq 3389
ip access-list 100 permit ip 10.100.0.0 0.0.0.255 any
ip access-list 100 permit ip any 10.100.0.0 0.0.0.255
!
vlan access-map RDP-WEB-NON 10
match ip address 100
action forward
!
vlan filter RDP-WEB-NON vlan-list 10