Hello Gordon
The main difference between a VACL and a regular ACL lies in their functionality and where they are applied.
A regular ACL, either standard or extended, is used primarily for filtering network traffic and can be applied on a router’s interface, either inbound or outbound. ACLs control traffic based on the source and/or destination IP addresses and Transport layer ports.
On the other hand, a VACL functions by defining a set of rules or filters that determine which types of network traffic are allowed or denied between devices within the same VLAN. These rules are typically based on criteria such as source and destination IP addresses, source and destination MAC addresses, and protocol types.
For more information about VACLs and how they work, take a look at this NetworkLessons note on VACLs.
Now the example config you shared in your post applies an ACL on a VLAN interface or an SVI. (Just a note, the in or out keyword is missing, it should be added at the end of the command). This will result in filtering any traffic directed to or from that interface.
If you were to apply a VACL to VLAN 10, then all traffic that traverses the VLAN (regardless of whether or not it is directed to or from the VLAN 10 SVI) would be subject to the rules of that VACL. Does that make sense?
I hope this has been helpful!
Laz