I have what may seem like a basic question.  We have built some policers to apply to vlan SVIs on our 7613 so that we can rate limit input and output traffic.  We followed the Cisco formula and got this.

policy-map vlan-shape-3meg

  class class-default

   police cir 3000000 bc 562500 be 1125000    conform-action transmit     exceed-action drop     violate-action drop

There have been some complaints about this not actually meeting the limit.  When I do a show policy-map interface xxx I get this.  Based on that it looks like the Be value is being change to match the Bc value. 

On a separate note, I noticed that every policer we built with the cisco formula actually ends up with a Tc greater than the max Tc of .125 seconds. It seems odd that a recommended formula would end up creating values outside the maximum allowed limits by the software.

I'm not a QoS expert so if any of this seems like basic stuff it's just because I'm a little slow on QoS. 

Vlan2

  Service-policy input: temp-remove

    class-map: class-default (match-any)

      Match: any

      police :

        3000000 bps 562000 limit 562000 extended limit

      Earl in slot 5 :

        0 bytes

        5 minute offered rate 0 bps

        aggregate-forwarded 0 bytes action: transmit

        exceeded 0 bytes action: drop

        aggregate-forward 0 bps exceed 0 bps

  Service-policy output: temp-remove

    class-map: class-default (match-any)

      Match: any

      police :

        3000000 bps 562000 limit 562000 extended limit

      Earl in slot 5 :

        940 bytes

        5 minute offered rate 0 bps

        aggregate-forwarded 940 bytes action: transmit

        exceeded 0 bytes action: drop

        aggregate-forward 0 bps exceed 0 bps

One other thing...in order to apply policers input and output on an SVI does mls qos vlan-based have to be configured on the trunks tagged with the corresponding Vlan?

Thanks for any offered explanations.  I have to figure this out but my curiousity has been peaked by this.