When setting up an access list on an SVI (3560 or 3750), I don't get the same results when setup on a router such as a 1900.
I have a PC with IP 192.168.1.10 and another device with IP 192.168.2.10. On the switch, the SVIs are vlan 1 - 192.168.1.1, and vlan 2 - 192.168.2.1. The 192.168.1.10 pc is using default gateway 192.168.1.1. I have an acl on the vlan 1 interface to block all ip traffic from the 192.168.1.10 host to anything.
If I ping from 192.168.1.10 to 192.168.2.10, it goes through and I get replies.
If I ping from 192.168.1.10 to 192.168.1.1, it fails.
If I ping from 192.168.2.10 to 192.168.1.10 (win firewall off), it fails.
I can also remote desktop from the 192.168.1.10 pc to the 192.168.2.10 pc.
Here is the acl
ip access-list extend vlan1acl
deny ip host 192.168.1.10 any
permit ip any any
int vlan 1
ip addr 192.168.1.1
ip access-group vlan1acl in