We're trying to restrict access to a server by only allowing a limited number of hosts to access the server. It seems like it would be a pretty simple ACL, something like this (assuming the server is 10.10.10.100):
permit ip host 10.10.10.1 host 10.10.10.100
But where should we apply it? We'd planned to apply it on the interface that directly connects to the server, but it appears we can only apply it inbound on that interface (i.e. it would apply to traffic sourced from the server, inbound into the switch). So do we have to apply it to the VLAN on which the server resides, using it with a "permit ip any any" at the end to allow other traffic to flow freely over the VLAN?