By accident the other day ran across some information that I thought was pretty interesting. Natively, Cisco 3560, 3750, 4500, and 6500 MLSs use CEF instead of route caching for layer 3 switching. There are several things that will cause what is called a "CEF Punt" which is where CEF defers the processing down to the layer 3 routing engine. It can happen for several reasons: packet needs to be fragmented, MAC not found in adjacency table, no route in FIB...stuff like that. But here's the interesting part. A log attribute on an ACL actually causes a CEF Punt. So, it might be worthwhile to remove those entries once troubleshooting is done so that as much traffic is hardware switched as possible.