I removed my first question as I glossed over something that was stated that explained my questions.
it has to do with the why no Match on the 20 sequence. however I then saw this:
• Sequence number 20 doesn’t have a match statement so everything will match, the action is to forward traffic.
As a result all traffic from any host to destination IP address 192.168.1.100 will be dropped, everything else will be forwarded.
which is actually pretty interesting
**also second question.**
access-list makes devices work harder correct? meaning more CPU work? so having a lot can be a bad thing from design principle if not careful. meaning we want to stay away from them unless we have to have, and would that be same for VACL?
I read about that in a QoS post you had talking about classification and markings and how markings are better because classification which was ACL can make the devices work harder.
The reason that we use marking is that sometimes classification requires some complex access-lists / rules and can degrade performance on the router or switch that is doing classification. In the example above, the router receives marked packets so it doesn’t have to do complex classification using access-lists like the switch. It will still do classification but only has to look for marked packets.
Half way down page: https://networklessons.com/quality-of-service/introduction-qos-quality-service/