It's been a while since I was working with ACLs on L3 switches, but the last time I did, the main vendors were not doing stateful firewalls on L3 switches, as that would eat into their firewall markets :)
I'm not sending the storage networking via the router, so this cuts down a bit on the...