Question : Problem: VLAN Security Configuration/ACL 500 Pts.

I have a VLAN built for the security cameras in my school, VLAN 100.  I also have a VLAN for all the student use computers, VLAN 200.  I would like to build a rule that denies all VLAN 200 computers access to VLAN 100.  I would also like to allow specific ports from other VLANs access to the camera VLAN (Superintendent, principals, etc.)  I have heard this can be accomplished through the use of ACL's but need an example.  Let me know if I am missing any pertinent information.

Answer : Problem: VLAN Security Configuration/ACL 500 Pts.

No, the commands are entered as shown.

"ip access-group 1 out" applies access-list 1 outbound on the VLAN 100 interface. Any traffic exiting that interface is subject to the statements in that access-list.