1 of 1 people found this helpful
They way you're thinking to solve this I think is correct you will need to create ACL for each VLAN and placing in the correct subinterface of the gig 0/2. The access-policy is also the right choice to put work the ACL's.
However, I you set the allow statements at the beginning of the ACL you won't need the deny ip at the end (is implicit).
Hope this helps.
I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.