Bandwidth utilization is often computed on a multi-second to multi-minute basis.  Policers often compute utilization on a multi-millisecond basis.

I.e. policers will drop short term bursts not "visible" to longer term bandwidth utilization measurements.

Or, policer's short term measurements are often the equivalent of a small egress buffer.

The "solution" is to increase the Bc interval.

Hi Joseph,

Thanks for your response.

i have changed the Bc interval .

sh policy-map interface GigabitEthernet0/0.100 output class Shared-Process-Reliance | i offer|drop|cir

      30 second offered rate 3798000 bps, drop rate 147000 bps

          cir 16000000 bps, bc 500000 bytes

          drop

Now find the output after changing the BC interval. drops have been decreased for some extent . can we increase it further and check .if so any impact for other classes??

sh policy-map interface GigabitEthernet0/0.100 output class Shared-Process-Reliance | i offer|drop|cir

      30 second offered rate 2786000 bps, drop rate 32000 bps

          cir 16000000 bps, bc 1000000 bytes

          drop

Please help us on this.

Thanks

Now find the output after changing the BC interval. drops have been decreased for some extent . can we increase it further and check .if so any impact for other classes??

You could although you should see diminishing returns.  I.e. drops percentage won't decrease as much as earlier Bc adjustments.

its not working.

I have created the subinterface and applied the service policy to it. During which it says cannot apply service policy in input.

When i took the cable from switch to my pc an caution symbol is only shown with no ip.

I Think there are more statements to be specified in class-map, Policy-map and in the interface.

Please help me

It would be helpful if you would post what you've specifically tried.  There are restrictions to what statements can be used with a ingress policy.

Also you mention subinterfaces - I recall there's special considerations for those too.

i have done like this below:

ip dhcp pool test1

network 10.0.0.0 255.255.255.0

default-router 10.0.0.1

dns-server 8.8.8.8 4.2.2.2

ip access-list extended test2

  deny ip 192.168.0.0 0.0.0.255 10.0.0.0 0.255.255.255

   permit ip 10.0.0.0 0.255.255.255 any

class-map match-all classtest

   match access-group name test2

policy-map pd110

class classtest 

shape average 20000000

policy-map pu110

class classtest 

shape average 20000000

int gig0/1.110

encapsulation dot1q 110

ip address 10.0.0.1 255.0.0.0

service-policy input pd110             ----------------->    its not working

service-policy output pu110

The router is 3925 series

Yup, pd110 won't work as an ingress policy because it uses a shaper which queues traffic.  However, if you change pd110's to use a policer it should accept it.

So What commands must be added and change it ?

policy-map pd110
 class classtest
  shape average 20000000
  police average 20000000

NB: not 100% sure about police statement on your IOS, but something like above.

I Think more commands are also required in the class-map and policy-map. Commands that uses dscp, etc in my 3925 router ios. I don't know much about dscp that must be used in this context (limiting the bandwidth to 5 Mbps from 200 Mbps). Done the above using police but still not working.

That is i want to do this without using police in cisco ios 3925 router.

Please help me.

DSCP would only be useful if something was tagging your packets with a specific DSCP marking to correspond with your VLANs.

Further define "not working".