Due to the wonderfull world of PCI Compliance, I have a need to seup a way to block traffic between hosts on a specific subnet at layer 2, this so each host cannot communicate with another host in its same subnet at layer 2. As I understand isoalted Private VLAN ports should do the trick, right ... However, we have a wonderfull microsoft application running on each host called Lync. Lync says if I want to Instant Message a host in my same subnet, I will connect directly to the host and not an external server.
So this brings me to my question, Is there a way I can use some sort of ACL at Layer 3 or Layer 2 that would allow the isolated PVLAN to inspect and allow tcp traffic for a certain port and deny all others within that subnet? Or is there another way around implementing PVLANs to achieve the goal here?
Your Imput is much appreciated on this Topic..