Perhaps you are confused because a L3/L4 ACL is applied on a L2-switch. But L2-switch only refers to the forwarding decision which is done based on L2 information. The switch can look into the packets more deeply to do some security-control like these Access-Lists.

@sivam siva Hello,

Hello,

This is applied under a physical interface that belongs to a vlan and is perfect valid.

"The port ACL (PACL) feature provides the ability to perform access control on specific Layer 2 ports. A Layer 2 port is a physical LAN or trunk port that belongs to a VLAN. Port ACLs are applied only on the ingress traffic. The port ACL feature is supported only in hardware (port ACLs are not applied to any packets routed in software)."

"VLAN ACLs (VACLs) can provide access control for all packet s that are bridged within a VLAN or that are routed into or out of a VLAN or a WAN interface for VACL capture. Unlike Cisco IOS ACLs that are applied on routed packets only, VACLs apply to all packets and can be applied to any VLAN or WAN interface. VACLs are processed in the ACL TCAM hardware. VACLs ignore any Cisco IOS ACL fields that are not supported in hardware."

Look here more detail: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/vacl.html