Normally, when changes are made to a policy and a policy is refreshed, the switch uses what is called a “smart refresh”. This basically means when a change in the policy is detected, only the ACL changes needed to modify the ACLs are sent to the hardware, and the unchanged entries remain.
Smart Refresh works well up for up to 200 changes. If the number of changes exceeds 200, you will see this message: "Policy file has more than 200 new rules. Smart refresh cannot be carried out" and you will get the following prompt - "Note, the current setting for Access-list Refresh Blackhole is Enabled. Would you like to perform a full refresh?"
In this situation, the switch carries out a “hard refresh”; All ACLs previously defined in the policy are to be removed in the hardware, and the new refreshed ACL entries are to be installed. In such a scenario, when a "refresh policy" command is used, the aforementioned message will be logged.
"Hard refresh" is also carried out when the number of entries in the policy changes i.e., when a rule is added or deleted in the policy.