I'm not sure you can do this. The essence is packets with the same IP addresses that need to be delivered to different VLAN ports. Let's say your user agent is address A and the origin server is address S. When the user agent sends a packet, it is A -> S. This is intercepted by ATS and then when it wants to connect to the origin server it will send a packet A -> S and this packet needs to flow out to the Internet, not be intercepted by ATS again. If you have a router you can do this by doing policy routing based on which interface handled the packet. With just a switch I'm not sure you an distinguish the packets sufficiently.
I've never tried do that and I don't know anyone who has, so I have to just guess.
