In fact, I believe the 3560 model just lets you classify the type of traffic and maybe a bit rate whereas the 9300 uses the update MQC (Modular QoS CLI) model.

BTW, the 3560/3750 series QoS capabilities are a fairly large subset of a 9k switch, but the egress configuration is NOT, at all, like MQC.  It more or less continues the MLS QoS configuration model of earlier switches.

What should be understood with switches, their QoS support is very much dependent on their hardware, and so, their QoS features vary considerably between switch platforms (especially between switch generations).

So, good news and bad news.  The MLS QoS is confusing, but it "matches" the switch's capabilities.  MQC is much more uniform in configuration but then you run into many restrictions of what QoS configuration statements are NOT supported on a particular switch platform.  (Also, BTW, Cisco later switches, like 9k series, support more QoS features than earlier switches, and Cisco switch QoS support seems to be more uniform, across switches, then ever before.  [NB: on the Catalyst 4500 series, QoS varied by supervisor.  On the Catalyst 6500 series, QoS also varied by line card.]). The advantage of MQC, it works well moving to a newer generation because usually it provides backward compatibility, but (rarely) not always.  (E.g. router QoS, same exact MQC syntax might work differently between pre-HQF and HQF.)

Above, I mentioned Cisco appears to be making QoS more uniform.  However, I wonder at the cost of avoiding QoS innovation.  (I'm a fanatic supporter of QoS.  It's NOT a cure all for every network issue, but I believe it's often very much underappreciated.  "Unfortunately", sellers of hardware and/or service providers benefit from selling you more bandwidth, then using bandwidth intelligently.  Again, QoS isn't a cure all, but trying to solve all network issues by increasing bandwidth often isn't a cure all either.)

I was trying to tag you in this and already saw you responded lol. I was going to go check out the 3560 we had to check the exact syntax because I wasn't sure on how granular it could be. I just knew it didn't meet our standards.

---

@David Ruess wrote:

I was going to go check out the 3560 we had to check the exact syntax because I wasn't sure on how granular it could be. I just knew it didn't meet our standards.

---

Just curious, what standard didn't the 3560 meet?

Our DoD STIG requirements. We had to identify traffic that wasnt part of the available options and we needed more granularity in identifying and controlling our traffic but it was related to more CoPP than QoS but using the same MQC structure.

Could you be more specific is what you were trying to identify and/or what was lacking in "granularity"?

Reason I ask, unless 9K series supports some form of NBAR (perhaps they do?), packet analysis capability (I recall?) should be about the same.

For granularity, 9K series might (?) support QoS groups, while I recall 3560 might rely solely (?) on CoS/ToS tagging.

Of course, huge, difference in working with MLS QoS and MQC QoS, and the 3560s were probably at EoL too, so two good reasons to replace them.  Still, I'm curious what couldn't be done on the 3560.

(Laugh, however as you mention DoD, if after telling me, you need to kill me, I'll pass on my question.  Or, if you don't want to publicly further want describe the "issue", send me a PM.  Товарищ, уверяю вас, я сохраню эту информацию в строжайшей тайне.)

For the configuration the 3560s only allowed specific protocols without identifying source IPs or networks. It also doesn't have all the protocols we are trying to control (such as ICMP). That coupled with logging the traffic being denied (per requirement). We needed to be able to track everything that was denied. ACLs fit better. 

Also, when configuring the bit rate in policing there want an option to keep transmitting even if it ran over.

Cant go into details of the policy but as we both understand the EOL is definitely not helping its case.

REF this document:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960cx_3650cx/software/release/15-2_7_e/configuration_guide/b_1527e_consolidated_3560cx_2960cx_cg/configuring_control_plane_policing.html

-David

Ah, so totally related to CoPP, not QoS, transit, correct?

If so, now I better understand.

@john-birkett MHM makes a stellar offer.  Suggest you take him up on it.