I have one 6509 core switch and two 6506 switches interconnected via port channel and all in the same building. They are all on one vlan. I wish to restrict access to one particular ip adress from all but two machines. I'm not sure access-list are the answer. VACL's may be the answer. Am I on the right track?
I would lean more towards Private VLAN/Protected Port.