disable ip-security anomaly-protection
tcp flags
disable ip-security anomaly-protection tcp flags {slot [ slot | all ]}
Description
Disables TCP flag checking.
Syntax Description
slot
|
Specifies the slot to be
used. |
all
|
Specifies all IP addresses, or
all IP addresses in a particular state. |
Default
The default is disabled.
Usage Guidelines
This command
disables TCP flag checking. This checking takes effect for both
IPv4 and IPv6 TCP packets. When enabled, the switch drops TCP packets
if one of following condition is true:
-
TCP SYN flag==1
and the source port<1024
-
TCP control flag==0 and the sequence number==0
-
TCP FIN, URG, and PSH bits are set, and the sequence number==0
-
TCP SYN and FIN both are set.
History
This command was
first available in ExtremeXOS 12.0.
Platform
Availability
This command is only available on the Summit X440, X460, X480,
and X670 platforms, whether or not included in a SummitStack, and the BlackDiamond X8
series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules.