Product and Software: This article applies to all ArubaOS versions.
Aruba Networks always recommends session ACLs. You would only use an extended/etype/mac ACL if a session ACL could not support the desired behavior.
If non-session ACLs are used, we iterate through all rules for each frame, which lowers the performance of the system.
When session ACLs are used, we only iterate through the rules for the first frame of a "session", for example, TCP connection.