Unlike regular Cisco IOS access control lists that are configured on router interfaces and applied on routed packets only, VACLs apply to all packets.
The technology was developed by Cisco on the Catalyst 6500 Series switch platform.
Often, this configuration is used to facilitate data loss prevention (DLP) or network-based intrusion prevention systems.
[2] VACL or VACL Ports can be much more discriminating of the traffic they forward compared to a standard SPAN port.
However, they forward all traffic that matches the criteria, as they do not have the functionality to select from ingress or egress traffic like SPAN ports.