I need the ability to restrict traffic between 2 LAN segments. I want to do this with dedicated hardware. I acheieved this using a 48 port 3750 switch with ACL's configured (spare hardware at the time), with 2 ports used (one connected to LAN A, one to LAN B). This is a waste of hardware.
I don't need any routing capablity in this device, so I am thinking I will replace it with the smallest (cheapest) switch capable of running ACL's on ports. I'm not sure all CISCO switches can do this ?
I currently apply the restrictions by host-host ip and the rules are not protocol specific. If I wanted to make the rules specific to certain protocols, can ACL's in switches do this ? or would that require a router ?