The syntax for configuring a Port Access Control List is the same as creating any other access control list. The difference is Port Access Control lists support filtering via MAC address via a different CLI syntax.
PACLs can only support filtering of incoming traffic with no outbound filtering support.
PACLs can not filter control packets such as CDP, VTP, DTP, PAgP, UDLD and STP
A PACL are only supported in hardware.
A PACL does not support ACLs filtering IPv6, ARP, or MPLS traffic
ip access-list extended PortACL deny tcp any any eq 23 deny icmp any any permit ip any any