CBWFQ not supported on Sub-Interfaces

Hi Lazarus,

I’m wondering about how is selected the queue for a certain traffic. If I understood it correctly from your quoted text, its from the number of classes in the policy map. Does this mean that for each “class” entry in a “policy-map” a new queue is created? Or only for some “class” entries depending on the commands nested inside it?

You also mention that 4, 8 or 12 are considered best practice. However, if I only need 2 o 3 classes in my policy map, what do I do? I wouldn’t be following the best practice, what effect will it have? Will I get worse performance than if I used 4?


Hello José

According to this Cisco documentation:

For CBWFQ, you define traffic classes based on match criteria including protocols, access control lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class.

So yes, each class created corresponds to a queue for that class.

As for the best practice of the number of queues, I was trying to find the documentation where this is stated, but I have been unable to. But I do know that this is indeed a recommended best practice from Cisco. On some platforms, you can create up to 64 queues, but the recommendation is indeed 4, 8, or 12. The reason for this is that the algorithms used to achieve queueing are more efficient for these values. That doesn’t mean you can’t implement 3 or 5 classes, but it will simply be less efficient. How much less efficient it may be will also depend on traffic patterns and congestion experienced.

I hope this has been helpful!


1 Like

when i get the following match protoc telnet

% NBAR Error: operation failed, not enough available memory

when trying to configure my router, wht should i do?
i read this one

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-121-mainline/6507-mallocfail.html bt unvail.

Any suggestion?

i just increased th nvram

Hello Konstantinos

What device/platform are you using, and what IOS version do you have? The link you shared is for a Nexus device, is that what you are using?

Concerning the error, I have found that it is an NVRAM issue. You can’t just increase the NVRAM (unless you can upgrade it on your platform). It would be best if you changed certain configurations that may take up more memory. Take a look at this Cisco community post that includes some suggestions that may help.

I hope this has been helpful!


Hlw Rene ,
My configuration as below …

class-map match-all DATA
 match precedence 6 
class-map match-all VOICE
 match precedence 7 
policy-map CHILD
 class VOICE
  bandwidth percent 10 
 class DATA
  bandwidth percent 20 

policy-map PARENT
 class class-default
  shape peak **20000000**
   service-policy CHILD

interface GigabitEthernet0/3.100
service-policy output PARENT

As per the above configuration How much BW will consume by the default class ?? It will consume 14Mb since VOICE will consume 2Mb(10% of 20Mbps) and DATA will consume 4Mb(20% of 20Mbps) ?? If no traffic on VOICE and DATA class then How much BW will consume by default class ?? The default class will use same BW always or it will use others classes unused BW also . Be informed Our total BW is 20Mbps on the sub-interface .Thanks in advanced

Hello Mohammad

The default class, as you correctly stated, will consume 14 Mbps. However, you must keep in mind that these percentages that have been configured (10 for voice, 20 for data) will only take effect if there is congestion. If there is little voice and data traffic, then the default class can consume more than 14Mbps, that is, it consumes any unused bandwidth that may be available from the other classes.

So to answer your question, the default class will use any unused bandwidth from both the voice and data class. Does that make sense?

I hope this has been helpful!



I will put our branch router configuration below . As per the configuration VOICE_OUT class will have 40%(0.8M) of interface bandwidth 2M right ? also DATA_OUT class will have 35%(0.7M) of interface bandwidth 2M right ? and other all traffics matching with class default will have 25%(0.5M) of interface bandwidth 2M right ?

Can any of this each class shaping values burst up to 2M when interface is not utilizing other traffics ?

policy-map CHILD_ISP
 class VOICE_OUT
  priority percent 40
  set dscp ef
 class DATA_OUT
  bandwidth percent 35 
  set dscp af31
 class class-default
  bandwidth percent 25 
  set dscp af11

policy-map PARENT_ISP
 class class-default
  shape average 2048000   
   service-policy CHILD_ISP

interface GigabitEthernet0/1/0
 description ***ISP***
 bandwidth 2048
 ip address
 service-policy output PARENT_ISP

Your understanding of the bandwidth allocation is correct. The VOICE_OUT class is allocated 40% (0.8Mbps) of the 2Mbps interface bandwidth, DATA_OUT class is allocated 35% (0.7Mbps), and the class-default is allocated 25% (0.5Mbps).

Regarding your question about bursting up to 2Mbps, yes, each class can use up to 2Mbps of bandwidth, but only if the remaining bandwidth is not being utilized by other classes. This is a fundamental rule of QoS mechanisms in general. The bandwidth command guarantees minimum bandwidth for a class during congestion but does not limit the bandwidth a class can use. Hence, if the VOICE_OUT class needs more bandwidth and it’s available, it can use more than 0.8M.

To clarify further, the command reference for the priority command (page 832 of the PDF) stipulates that:

When the device is not congested, the priority class traffic is allowed to exceed its allocated bandwidth. When the device is congested, the priority class traffic above the allocated bandwidth is discarded.

So these values only kick in when we have congestion.

I hope this has been helpful!