I have a department in my network called D department. This D want to be isolated from the network but wants to use some facilities of the network such as email , ftp etc. But D does not want anyone else to be able to enter its PCs. So i put a layer 3 switch in D directly connected with the core Layer 3 switch. Both are 3550 Cisco .
So i configured a special Vlan for D , and i also configured an access-list on its switch and permit in only those facilities that D wants .
The problem is that i cannot configure an access-list out on the layer 3 switch. Also i do not know if that is enought or i have to do something else for increasing the security.
Thanks a lot for your time