Hi,
An ACL is statically configured on a switch, you would create an Authorization rule to apply the statically configured ACL to a users sessions. This is not scalable as the same ACL would need to be defined on all switches (which could be 100s or 1000s). However a DACL (Downloadable ACL) is configured once on ISE, this DACL is defined in an Authorization Profile, downloaded to the switch and applied to a users session. This means you do not need to create the same ACL on all switches.

Airespace ACL is related to WLC, this does not support DACL so you have to reference the Airespace ACL in the Authorization Profile.

HTH

Hi Sajid,

Dynamic VLAN Assignment: One of the traditional means of limiting network access is by putting endpoints in different VLANs based on their role.ISE can authorize endpoints to specific VLANs either by the VLAN name or number. 
IP Access Control Lists (ACLs): ACLs can be used to control network access at the port level. ACLs can either be downloaded to the network from ISE or be configured locally on the switch and be referenced by ISE during authorization. Named ACL authorization can be done with RADIUS standard attribute called the ‘Filter-ID’ with the ACL name. For ACL downloads, either Per-User-ACL or Downloadable ACL (dACLs) can be used. Both these ACL download options use Cisco custom RADIUS Attribute Value Pair (AVP). The per-User ACL is limited by a size of 4000 characters, while downloadable ACLs do not have a limit on its size. However the practical recommendation for dACLs are 64 Access Control Entries (ACE)s.

Airespace ACL: These ACLs can be used to control network access at Wireless endpoints & these acls are need to configured at WLC.Named Airespace ACL authorization can be done with RADIUS standard attribute called the ‘Airespace ACL’ with the ACL name.However Airespace ACL are limited to 64 ACL entries.

Note: DACLs are applicable with switches & Firewalls not with Wireless controller.