I have Brocade switch stach 6450 and 6610. My 6610 is connected directly to firewall and 6450 stack is connected to 6610 is trunked to 6450 using 1/1/2 interface and 2/2/2 interface.
I created new vlan 222 and assigned new route and DHCP helper to reach DHCP server for IP assignment based on new scope and new range of IP address for guest wifi. The new access point interface assigned to VLAN 222. I created route of the firewall with gatewway address of new guest wifi range.
The guest wifi currently is working but has access to all network. Since the route and interface was created in switch there is no option access control on firewall.
How would create ACL on Brocade swtich to allow vlan 222 to access only the external internet switch and restrict access to internal servers?
You should create the VLAN on the firewall instead of the switches and assign it's own Gateway IP, often referred to as a 'virtual interface'.
This IP would be the default gateway for the VLAN instead of the existing one on the Switch. This allows you to set up rules in the firewall as normal which controls the level of access it is allowed between subnets.