Switch User Manual
31-19
Catalyst 6500 Series Switch Cisco IOS Software Configuration Guide—Release 12.1 E
78-14099-04
Chapter 31 Configuring PFC QoS
Understanding How PFC QoS Works
 • Untrusted—Sets the internal DSCP value to a configured DSCP value.
Note With the default values, PFC QoS applies DSCP zero to traffic from ingress LAN ports 
configured as untrusted.
Policers
Note Policing with the conform-action transmit keywords supersedes the ingress LAN port trust state of 
matched traffic with trust DSCP or with the trust state defined by a trust policy-map class command (see 
the “Configuring the Policy Map Class Trust State” section on page 31-45).
You can create policers that do the following:
 • Mark traffic
 • Limit bandwidth utilization and mark traffic
For more information, see the “Creating Named Aggregate Policers” section on page 31-35 and the 
“Configuring Policy Map Class Actions” section on page 31-44. 
Policing rates are based on the Layer 3 packet size. You specify the bandwidth utilization limit as a 
committed information rate (CIR). With a PFC2, you can also specify a higher peak information rate 
(PIR). Packets that exceed a rate are “out of profile” or “nonconforming.”
In each policer, you specify if out-of-profile packets are to be dropped or to have a new DSCP value 
applied to them (applying a new DSCP value is called “markdown”). Because out-of-profile packets do 
not retain their original priority, they are not counted as part of the bandwidth consumed by in-profile 
packets.
With a PFC2, if you configure a PIR, the PIR out-of-profile action cannot be less severe than the CIR 
out-of-profile action. For example, if the CIR out-of-profile action is to mark down the traffic, then the 
PIR out-of-profile action cannot be to transmit the traffic. 
For all policers, PFC QoS uses a configurable global table that maps the internal DSCP value to a 
marked-down DSCP value (see the “Configuring DSCP Markdown Values” section on page 31-68). 
When markdown occurs, PFC QoS gets the marked-down DSCP value from the table. You cannot 
specify marked-down DSCP values in individual policers.
Note By default, the markdown table is configured so that no markdown occurs: the marked-down DSCP 
values are equal to the original DSCP values. To enable markdown, configure the table appropriately for 
your network.
You can create two kinds of policers: aggregate and microflow:
 • PFC QoS applies the bandwidth limits specified in an aggregate policer cumulatively to all flows in 
matched traffic. You can create up to 1023 aggregate policers. You can create two types of aggregate 
policer: named and per port. Both types can be attached to more than one port:
 –
You define per-interface aggregate policers in a policy map class with the police command. If 
you attach a per-interface aggregate policer to multiple ingress ports, it polices the matched 
traffic on each ingress port separately.
 –
You create named aggregate policers with the mls qos aggregate-policer command. If you 
attach a named aggregate policer to multiple ingress ports, it polices the matched traffic from 
all the ingress ports to which it is attached.










