Hi everybody, 

I am going to configure VLAN filter on Cisco 4506 switch. My configuration is below:

ip access-list extended vlan500
10 permit ip 192.168.1.0 0.0.0.255 10.0.0.0 0.255.255.255
20 permit ip 192.168.1.0 0.0.0.255 192.168.9.0 0.0.0.255
30 permit ip 192.168.1.0 0.0.0.255 172.10.1.0 0.0.15.255
40 permit ip 192.168.1.0 0.0.0.255 192.168.30.0 0.0.0.255
50 permit ip 192.168.1.0 0.0.0.255 192.168.40.0 0.0.0.255
60 permit ip 192.168.1.0 0.0.0.255 192.168.42.0 0.0.0.255
exit
!

ip access-list extended vlan500-1

Permit ip any any
!
vlan access-map vacl-500
action drop
match ip address vlan500
!
vlan access-map vacl-500
action forward
match ip address vlan500-1
exit
!
vlan filter vacl-500 vlan-list 500

is it correct?

I have read some articles as http://blog.ine.com/2009/08/10/vlan-access-control-lists-vacls-tiers-1/

If I am not assigning an ACL under the access-map with action forward. It is giving an error "Error% access-map vacl-500 20 is removed because match ACL is missing".  and without the forward action, it will not allow accessing the internet also. 

So I wrote a new ACL "vlan500-1" with IP permit any any, Is it ok? and it will serve my requirements.  

Regards,

Deepak Kumar