I'd like to limit access to a particular server so that only two specific hosts can access this server. The server is connected via a LAN switch port that is configured as an access port for the Server VLAN. Initially I'd planned to apply an ACL to the LAN port, but ACLs on Layer 2 ports can only be applied to ingress traffic, meaning that I could restrict traffic coming from the server, but not traffic going to the server. So my next option was to put the ACL on the VLAN (VACL). Assuming the server is 10.0.0.1 and the hosts that I want to allow communication with are 10.100.0.1 and 10.100.0.2, I'm thinking my ACL will look like this:
3750_switch#sh ip access-lists
Extended IP access list Test
10 permit ip host 10.100.0.1 host 10.0.0.1
20 permit ip host 10.100.0.2 host 10.0.0.1
But there are many other servers on this VLAN, so how do I apply this ACL to the VLAN without affecting or restricting access to the other servers? An ACL has an implicit deny at the end, so if I apply the ACL as it's configured above, it will allow communications between my server and those two hosts, but every other packet traversing the VLAN will be dropped. On the other hand, if I add "permit ip any an" at the end of the ACL, then any IP traffic will be permitted to access my server.
Any ideas are appreciated. Thanks.