I've been playing with nested cbQos several times on pure L3 devices.
My usual configuration use:
- parent policy, with general policer limiting bandwith per-vlan
- child policy, with percentage on NBAR matching
Now I wanted to use the same approach on my switched network:
- cat2960 as access-devices
- cat6500 sup720 as distribution/core ones
I've been setting a police/class on vlan, and specifying "mls qos per-vlan" on trunk port between access and core.
Although I see some improvement (flow is slowed), the expected police is not reached (e.g. set a "police 32000" and I get a 1Mbit of traffic, sustained)
Any suggestion, before leaving CBQOS and try to use Cos/DSCP?