Switching is Layer 2 functionality and the kind of ACL you want to create should be acting on Layer 3, the IP layer with IP-addresses en Port numbers.
Therefore "a standard way of limiting traffic between ports on a managed Ethernet switch" does not exist.
Having said that, many managed L2 switches are more capable but there is no standard/universal way of configuring them.
Note that the datasheet for your device suggest that L3 ACL's are supported in your hardware : https://ww1.microchip.com/downloads/en/DeviceDoc/KSZ9897R-Data-Sheet-DS00002330D.pdf says the following:
section §4.4.16 ACCESS CONTROL LIST (ACL) FILTERING
An Access Control List (ACL) can be created for each port to perform filtering on incoming layer 2 MAC, layer 3 IP or
layer 4 TCP/UDP packets. Multicast filtering is handled in the Static Address Table and the Reserved Multicast Address
Table, but the ACL provides additional capabilities for filtering routed network protocols. As shown in Figure 4-3, ACL
filtering may take precedence over other forwarding functions.
The ACL allows the switch to filter ingress traffic based on the following header fields:
- Source or destination MAC address and/or EtherType
- Source or destination IPv4 address with programmable mask
- IPv4 protocol
- Source or destination UDP port
- Source or destination TCP port
- TCP Flag with programmable mask
The ACL is implemented as an ordered list of up to 16 access control rules which are programmed into the ACL Table.
Each entry specifies certain rules (a set of matching conditions and action rules) to control the forwarding and priority
of packets. When a packet is received on an interface, the switch compares the fields in the packet against any applied
ACLs to verify that the packet has the permissions required to be forwarded, based on the conditions specified in the
lists. Multiple match conditions can be either AND'ed or OR'ed together.
No idea though how you can actually use that though.
