I understand that a BVI is very much equivalent to a network switch. But it includes the benefit of being able to have an access control list.
I am doing this, but I would like to more effectively distinguish incoming vs outgoing. Right now, all I have to go on is the IP address.
How can I add a protection against IP spoofing? I would like to prevent someone on the WAN port (FastEthernet4) from using one of the IP addresses that are only supposed to exist the LAN port.