ip access-list extended Internet_Only
deny ip any any
ip address 10.17.2.2 255.255.255.0
ip access-group Internet_Only in
ip access-group Internet_Only out
ip helper-address 10.131.1.17
no ip unreachables
standby 1 ip 10.17.2.1
standby 1 priority 101
standby 1 preempt
i can still ping 10.17.2.2 and telnet to it from PCs on other subnets. Intrestingly enough if i telnet or ping 10.17.2.2 from that switch it is denied. The ACL was originally much more complicated but it didnt seem to work so im doing a deny any simply to get it working. Is there something i am missing? I have done this before but it doesnt appear to be working in this scenario.
System image file is "flash:c3750-ipservices-mz.122-25.SEB2/c3750-ipservices-mz.122-25.SEB2.bin"
cisco WS-C3750-48P (PowerPC405) processor (revision J0) with 118784K/12280K bytes of memory.