disable ip-security anomaly-protection tcp fragment

disable ip-security anomaly-protection tcp fragment {slot [ slot | all ]}


Disables TCP fragment checking.

Syntax Description

slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular state.


The default is disabled.

Usage Guidelines

This command disables TCP fragment checking. This checking takes effect for IPv4/IPv6. When it is enabled, the switch drops TCP packets if one of following condition is true:
  • For the first IPv4 TCP fragment (its IP offset field==0), if its TCP header is less than the minimum IPv4 TCP header allowed size.

  • If its IP offset field==1 (for IPv4 only).


This command was first available in ExtremeXOS 12.0.

Platform Availability

This command is only available on the Summit X440, X460, X480, and X670 platforms, whether or not included in a SummitStack, and the BlackDiamond X8 series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules.