Hi All

I have been testing VCAL access to segregate 35 new vlans for new network implementation, when I define my rules they work, except internet access gets blocked. i would imagine (from example below) that the internet or possibly "any" is not defined in the forward rule, so its dropped in the proceeding rule:

#Servers VLAN 15, 10.0.15.0/24
#Printers VLAN 20, 10.0.20.0/24
#Users VLAN 100, 10.1.0.0/24

access-list  10 remark Servers
access-list  10 permit 10.0.10.0 0.0.0.255

access-list  13 remark Printers
access-list  13 permit 10.0.20.0 0.0.0.255

access-list  14 remark Users
access-list  14 permit 10.1.0.0 0.0.0.255

Ip access-list extended Printsvr
Permit ip 10.0.20.0 0.0.0.255 host 10.0.10.14

vlan access-map Printers 10
action forward
match ip address 13 Printsvr
vlan access-map Printers 20
action drop
exit

vlan access-map Users 10
action forward
match ip address  10 14 Printsvr
vlan access-map Users 20
action drop
exit

vlan access-map servers 10
action forward
match ip address  10 13 14
vlan access-map server 20
action drop
exit

vlan filter Users vlan-list  100
vlan filter Printers vlan-list  20
vlan filter Servers vlan-list  15

I have tried to create an "any" ACL and reverse the VLAN access map to see if I can block access first, then allow permitted traffic out via "Any", however this does not seem to work? In the example I tried to block access to the printer network and allow everything else:

Ip access-list extended Any

Permit ip any any

vlan access-map Users 10

action drop

ip match 13

vlan access-map Users 20

action forward

ip match any

Please help!