That's the issue. I couldn't figure out how to incorporate the defined net destination into an extended ACL.
The ACL I ended up using in my 3810 had no defined net destinations and the ACL works as intended.
ip access-list extended "Room_102_ACL"
10 deny ip xx.xx.xx.0 0.0.0.255 10.0.0.0 0.255.255.255
20 deny ip xx.xx.xx.0 0.0.0.255 172.16.0.0 255.240.0.0
30 deny ip xx.xx.xx.0 0.0.0.255 192.168.0.0 255.255.0.0
40 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
xx.xx.xx.0 represents the subnet defined for that classroom.
I have to replicate this for multiple classrooms that need to be restricted. Using defined objects in Cisco makes it a little quicker/easier since you can reuse those defined objects in multiple ACLs.
In Cisco, objects were defined as below:
object-group ip address Internal_Nets
10.0.0.0 255.0.0.0
172.16.0.0 255.240.0.0
192.168.0.0 255.255.0.0
Then those objects are referenced in the ACL:
ip access-list extended Restricted_Classroom
deny ip any addrgroup Internal_Nets
permit ip any any
Just wondering if Aruba has a similar method/process.