Being a multi-layer Switch, your 3750 is more than capable of doing what you need it to.
For starters, VLANs would be a great idea – one for management, one for users you dont want to have Web access (so you dont lock EVERYONE out)
- Create the VLANs – like VLAN 10 for your “users”
- Make an ACL to block web traffic for VLAN 10, allow it access to anything in its subnet and allow it access to the exchange server
- Apply the ACL to the interfaces you need filtered.
A great place to start would be <a href=”http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_25_see/configuration/guide/swacl.html”>Cisco.com</a>