Hello Community,

I am currently studying for the CCNP SWITCH exam and had a question about how VLAN ACL's operate in a specific instance. The book is not clearing it up for me:

If I had the following configuration:

VTP-Server-1(config)# ip access-list extended ALLOW-TCP

VTP-Server-1(config-ext-nacl)# permit tcp any any

VTP-Server-1(config-ext-nacl)# exit

VTP-Server-1(config)# ip access-list extended ALLOW-UDP

VTP-Server-1(config-ext-nacl)# permit udp any any

VTP-Server-1(config-ext-nacl)# exit

VTP-Server-1(config)# ip access-list extended ALLOW-IP

VTP-Server-1(config-ext-nacl)# permit ip any any

VTP-Server-1(config-ext-nacl)# exit

VTP-Server-1(config)# vlan access-map MY-VACL-MAP 10

VTP-Server-1(config-access-map)# match ip address ALLOW-TCP

VTP-Server-1(config-access-map)# action forward

VTP-Server-1(config-access-map)# exit

VTP-Server-1(config)# vlan access-map MY-VACL-MAP 20

VTP-Server-1(config-access-map)# action drop

VTP-Server-1(config-access-map)# exit

VTP-Server-1(config)# vlan access-map MY-VACL-MAP 30

VTP-Server-1(config-access-map)# match ip address ALLOW-IP

VTP-Server-1(config-access-map)# action forward

VTP-Server-1(config-access-map)# exit

VTP-Server-1(config)# vlan    filter map VLAN-22-MAP vlan-list 22

Would TCP traffic be allowed to pass and all other traffic dropped since there is no specific ACL being matched to "MAP 20"? Would the filter ever get passed the second map "map 20" in this case? Im confused as to what would actually happen in this case. The book has conflicting entries about what actions would be taken since the second entry has no ACL matched to it. It says in the first part that "Because  no ACL is specifically matched in sequence 20, all traffic that  is not dropped  in sequence 10 is effectively forwarded." But at the end in the chapter quiz it marks me wrong when I say the traffic will be forwarded, its states that IP and UDP traffic will be dropped.

Thanks.

Chris.