Hello, thanks for the answer. I've created new discussion for this particular topic.
Can you please explain it more from the low-level?
How can L2 switch process L3 information, since it works with MACs only? Does it have something to do with TCAM?

L2 SW can process l3 via not software like router but via tcam but it cannot routing l3 packet.

Can l3 sw also use dacl? Yes it can also

From Cisco doc. 

"" 

Understanding Port ACLs

The port ACL (PACL) feature provides the ability to perform access control on specific Layer 2 ports. A Layer 2 port is a physical LAN or trunk port that belongs to a VLAN. Port ACLs are applied only on the ingress traffic. The port ACL feature is supported only in hardware (port ACLs are not applied to any packets routed in software).

When you create a port ACL, an entry is created in the ACL TCAM. You can use the show tcam counts command to see how much TCAM space is available.

The PACL feature does not affect Layer 2 control packets received on the port."" 

Got it, thanks.
So from my understanding, I have to make sure that I have L2 switch that has TCAM so its able to work with dACL.

Dumb question now, since it has TCAM, if I push dACL ip deny any to the switch, the host should not be able to communicate with others even on the same VLAN, right? 

Yes it should that.