PROBLEM WITH ACCESS-LIST

Hello friends, am having issues with creating my access-list in my network and I need urgent help. the following is the senario of my problem.


I have a network of two vlans and am using a router(1941 series) for inter vlan routing. I have created sub interfaces(two in this case) to serve as default gateway to my vlans. I am using g0/1 as internal to my vlan with(g0/1.1 &g0/1.2) as my sub interfaces. Each of these Vlans have a seperate pools for DHCP ip assignment. On the other hand, i have connection to another network via g0/0 of thesame Router. I have excluded addresses in one of the Vlan above. As of now, all the addresses have access to the network at g0/0 interface. The challenge is, i need only excluded addresses on my Vlan to access the network at g0/0 and all others including the learned addresses from dhcp should be denied access to the network at g0/0. I have created an extended ip named access-list and i applied it at the interface(g0/0) at the outbound direction but not working. I tried standard access-list(also named access-list) applied at that same interface but still not working. Pls i need help....

Could you post the excluded address range(s) and your access list?

apply it as a VACL, not an acl. (interface vlan xxx and ip access-group xxx in)


also, are you adding each excluded address, or saying permit xxx.xxx.xxx.0 (wildcard bits) and deny others?


edit: oh, and put the vacl onto your vlan SVI, that way you filter that traffic.