disable ip-security anomaly-protection
tcp fragment
disable ip-security anomaly-protection tcp fragment {slot [ slot | all ]}
Description
Disables TCP fragment checking.
Syntax Description
|
slot
|
Specifies the slot to be
used. |
|
all
|
Specifies all IP addresses, or
all IP addresses in a particular state. |
Default
The default is disabled.
Usage Guidelines
This command
disables TCP fragment checking. This checking takes effect for IPv4/IPv6.
When it is enabled, the switch drops TCP packets if one of following
condition is true:
-
For the first IPv4 TCP fragment (its IP offset
field==0), if its TCP header is less than the minimum IPv4 TCP header
allowed size.
-
If its IP offset field==1 (for IPv4 only).
History
This command was
first available in ExtremeXOS 12.0.
Platform
Availability
This command is only available on the Summit X440, X460, X480,
and X670 platforms, whether or not included in a SummitStack, and the BlackDiamond X8
series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB