The 3550 is a layer 3 switch, which effectively means you can work on the network layer to perform wonders
Regarding your questions, if you wish to restrict specific IP addresses behind each port, you can create custom access lists and bind them to the necessary interface to get the result you need.
For example, let's say we want to restrict the workstation behind port 0/12 to ip address 10.0.0.4:
[code:1]Cat3560G(config)#access-list 100 permit ip host 10.0.0.4 any
Cat3560G(config)#interface gigabitEthernet 0/12
Cat3560G(config-if)#ip access-group 100 in[/code:1]
With the above configuration, only ip address 10.0.0.4 will be able to work on the specific interface. Traffic from the network will also be able to reach 10.0.0.4 without problems.
Regarding the bandwidth limiter, I'll have to test it to provide you with a working configuration, but I believe it can work using class maps to define the traffic and policies to which the classes are bound to. From there on, you apply the policy to the interface you wish in either outbound or inbound direction.
Any luck chris on the rate limiting? Also I had another question...
I have one VLAN (example, 192.168.0.0/24) and I have one uplink so far with a gateway of 192.168.0.1. Now I get a second uplink (example, 10.10.10.14) can I mix that in with my network. Like have a computer on port 5 have all their out going traffic routed through the second uplink (10.10.10.14)?