disable ip-security anomaly-protection tcp flags

disable ip-security anomaly-protection tcp flags {slot [ slot | all ]}

Description

Disables TCP flag checking.

Syntax Description

`slot`	Specifies the slot to be used.
all	Specifies all IP addresses, or all IP addresses in a particular state.

Default

The default is disabled.

Usage Guidelines

This command disables TCP flag checking. This checking takes effect for both IPv4 and IPv6 TCP packets. When enabled, the switch drops TCP packets if one of following condition is true:

TCP SYN flag==1 and the source port<1024
TCP control flag==0 and the sequence number==0
TCP FIN, URG, and PSH bits are set, and the sequence number==0
TCP SYN and FIN both are set.

History

This command was first available in ExtremeXOS 12.0.

Platform Availability

This command is only available on the Summit X440, X460, X480, and X670 platforms, whether or not included in a SummitStack, and the BlackDiamond X8 series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules.

Published August 2016prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback

Extreme Networks

Smart OmniEdge

Automated Campus

Agile Data Center

Cloud Service Provider

Network Service Provider

K-12/Secondary Education

Higher Education

Retail

Healthcare

Federal Government

Hospitality

Sports & Public Venues

Manufacturing

Professional Services

Premier Services

ExtremeWorks Maintenance Services

WING Managed Services

Training

Extreme Enterprise Campus Agreement

Contact Support

Training & Courses

Knowledge Base

Documentation

Customer-Driven Networking

Networking Made Simple, Easy, and Affordable - Q&A with the Senior Director of Extreme Capital Solutions