1 general commands, 1 diffserv – Fortinet MR1 User Manual

255

Note that the type of class - all, any, or acl - has a bearing on the validity of match criteria
specified when defining the class. A class type of 'any' processes its match rules in an
ordered sequence; additional rules specified for such a class simply extend this list. A class
type of ‘acl’ obtains its rule list by interpreting each ACL rule definition at the time the Diffserv
class is created. Differences arise when specifying match criteria for a class type 'all', since
only one value for each non-excluded match field is allowed within a class definition. If a field
is already specified for a class, all subsequent attempts to specify the same field fail,
including the cases where a field can be specified multiple ways through alternative formats.
The exception to this is when the 'exclude' option is specified, in which case this restriction
does not apply to the excluded fields.

The following class restrictions are imposed by the FortiSwitch-100 Switch DiffServ design:

• nested class support limited to:

• 'all' within 'all'

• no nested 'not' conditions
• no nested 'acl' class types
• each class contains at most one referenced class

• hierarchical service policies not supported in a class definition

• access list matched by reference only, and must be sole criterion in a class

• that is, ACL rules copied as class match criteria at time of class creation, with class type 'any'
• implicit ACL 'deny all' rule also copied
• no nesting of class type 'acl'

Regarding nested classes, referred to here as class references, a given class definition can
contain at most one reference to another class, which can be combined with other match
criteria. The referenced class is truly a reference and not a copy, since additions to a
referenced class affect all classes that reference it. Changes to any class definition currently
referenced by any other class must result in valid class definitions for all derived classes
otherwise the change is rejected. A class reference may be removed from a class definition.

The user can display summary and detailed information for classes, policies, and services.
All configuration information is accessible via the CLI, Web, and SNMP user interfaces.

5.12.1 General Commands

The following characteristics are configurable for the platform as a whole.

5.12.1.1 diffserv

This command sets the DiffServ operational mode to active. While disabled, the DiffServ
configuration is retained and can be changed, but it is not activated. When enabled, Diffserv
services are activated.