12-20 lines on average, ACLs are apllied in both direction

Hello Thorr

Most ACL features are processed in hardware, as mentioned on the following link:

ACLs Processed in Hardware in Cisco Catalyst 6500 Series Switches

Some features are processed in software, based on your supervisor model you have to check if any of the following is true for your case, if YES, then there might be some performance impact, but this usually negligible for a switch with low utlization:

ACLs Processed in Software in Cisco Catalyst 6500 Series Switches

ACL Performance Characteristics

Please rate if you find the input helpful.

Regards, Farrukh

Thanks for the links, but I can't find out if SVI ACLs have impact on CPU (Sup720)

Please see what the start of the document reads:

"This document provides information to help you  understand the Access Control List (ACL) merge algorithms and the  hardware resources used in Cisco Catalyst 6500 switches to enforce  security and apply quality of service (QoS) using router ACLs (RACLs), VLAN ACLs (VACLs), and QoS ACLs "

So it covers SVIs also i.e. VLAN ACLs.

Regards

Farrukh

As I know, VLAN ACLs (VACLs) and SVI ACLs are different things. VACLs are configured with vlan access-map command and SVI ACLs with ip access-group under interface vlan.

Hello Thorr

You are 100% correct about the SVI  ACL and VACL difference, they also behave differently as VACLs also affect the traffic within the VLAN.

However if you see the following section of the link, it shows the SVI ACL as an example, thereby suggesting that it applies to SVI ACLs also:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a00800c9470.shtml#wp42319

Regards

Farrukh