ip access-list exvlan605-permit
permit udp any anyeq bootps
permit udp any anyeq bootpc
permit udp any anyeq domain
permit udp any eqdomain any
permit icmp any any
permit tcp any10.100.2.0 0.0.0.255 eq www
permit tcp any host114.255.3.248 eq www
permit tcp any host114.255.3.248 eq 443
permit tcp any10.206.20.0 0.0.0.127 gt 1024 established
permit tcp any anyeq 8080
permit udp any anyeq ntp
permit tcp any10.206.20.0 0.0.0.127 eq 3389
permit tcp10.206.20.0 0.0.0.127 eq 3389 any gt 1024
ip access-list ex vlan605-deny
permit ip any any
vlan access-map vlan605
match ip address vlan605-permit
ac for
vlan access-map vlan605 20
match ip address vlan605-deny
ac drop
vlan filter vlan605 vlan-list 605