In general, CoS refers to a set of attributes that define the importance of a frame while it is forwarded through the network relative to other packets, and to the maximum throughput per time unit that a client or port assigned to the role is permitted. The CoS defines actions to be taken when rate limits are exceeded.
A role can contain default access control (VLAN) and/or Class of Service (priority) characteristics that will be applied to traffic when the rule either allows traffic, or does not specifically disallow traffic and the last rule is ALLOW ALL.
Class of Service is a 3-bit field that is present in an Ethernet frame header when 802.1Q VLAN tagging is present. The field specifies a priority value between 0 and 7, more commonly known as CS0 through CS7. These values can be used by QoS disciplines to differentiate and shape or police network traffic.
CoS operates only on 802.1Q VLAN Ethernet at the data link layer (layer 2), which other QoS mechanisms (such as DiffServ, also known as DSCP) operate at the IP network layer (layer 3).
After packets are classified, they are assigned a final User Priority (UP) value, which consists of the Priority and ToS/DSCP. Marking bits to be applied to the packet is taken from the CoS, and if the value is not set then the received value (ToS/DSCP) is used. ToS/DSCP Marking rewrites the Layer 3 Type of Service (ToS) byte.