Hi Johanna,
The access-list would be the following:
ip access-list standard traffic_in
permit 10.60.0.0 0.0.255.255
permit 10.90.0.0 0.0.255.255
interface vlan xx
ip access-group traffic_in in
If you use "permit 10.60.0.0" only in the access-list, then it will permit the 10.60.0.0 source address only, not the entire subnet.
My supposition is that the subnets are:
10.60.0.0 255.255.0.0
10.90.0.0 255.255.0.0
This is why I chose the given wildcard mask in the access-list.
You don't have to put "deny any" at the end of the access-list, because there is an implicit deny at the end anyway.
Cheers:
Istvan