Print this pagePrint this page

Email this topicEmail this topic

View PDFView PDF

Download EPUBDownload EPUB

enable ip-security anomaly-protection icmp

enable ip-security anomaly-protection icmp {slot [ slot | all ]}

Description

Enables ICMP size and fragment checking.

Syntax Description

slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular state.

Default

The default is disabled.

Usage Guidelines

This command enables ICMP size and fragment checking. This checking takes effect for both IPv4 and IPv6 TCP packets. When enabled, the switch drops ICMP packets if one of following condition is true:

  • Fragmented ICMP packets.

  • IPv4 ICMP pings packets with payload size greater than the maximum IPv4 ICMP-allowed size. (The maximum allowed size is configurable.)

  • IPv6 ICMP ping packets with payload size > the maximum IPv6 ICMP-allowed size. (The maximum allowed size is configurable.)

History

This command was first available in ExtremeXOS 12.0.

Platform Availability

This command is only available on the Summit X440, X460, X460-G2, X480, and X670, X670-G2 platforms, whether or not included in a SummitStack, and the BlackDiamond X8 series switches, BlackDiamond 8000 c-, e-, xl-, and xm-series modules.
Published August 2016prev | next

Email this topicEmail this topic

Print this pagePrint this page