I work as a network technician and used to have my CCNA (it expired in April) however I recently came across something that was never brought up in any of my CCNA classes. I was always under the impression you could only configure ACL's on layer 3 devices (whether they were switches, routers, firewalls, etc). However I came across the fact that layer 2 devices can have ACL's configured on them.
My question is if you configure an ACL that specifies an IP address (or a range of IP addresses) how is the layer 2 device able to read the IP address of the packet? My understanding is they only read the MAC address and then send the packet on its way.
Thanks in advance!
Yes and no. If the switch was a pure cut-through switch then what you say is correct ie. once the destination mac-address has been read the frame is forwarded.
However even with modern cut-through switches they will still read addition information from the frame (such as the IP header) if it is needed to make a forwarding decision. See this doc for more details -
All current Cisco switches are store and forward with the exception i believe of some of the Nexus switches which use cut-through to decrease latency.