I want to prevent a vlan on the switch from being able to talk to other vlans, below is what I thought was the solution, but it denies traffic to all. I want to deny to all apart from one vlan (172.16.10.0)
ip access-list extended "101"
10 permit ip 172.16.20.0 255.255.255.0 172.16.10.0 255.255.255.0
20 deny ip 172.16.20.0 255.255.255.0 172.16.0.0 255.255.0.0
vlan 207
name "Test"
ip access-group "101" out
ip address 172.16.20.1 255.255.255.0