disable ip-security anomaly-protection l4port

disable ip-security anomaly-protection l4port [tcp | udp | both] {slot [ slot | all ]}

Description

Disables TCP and UDP ports checking.

Syntax Description

tcp Specifies that the TCP port be disabled for checking.
udp Specifies that the UDP port be disabled for checking.
both Specifies both the TCP and UDP ports be disabled for checking.
slot Specifies the slot to be used.
all Specifies all IP addresses, or all IP addresses in a particular state.

Default

The default is disabled.

Usage Guidelines

This command disables TCP and UDP ports checking. This checking takes effect for both IPv4 and IPv6 TCP and UDP packets. When enabled, the switch drops TCP and UDP packets if its source port is the same as its destination port. In most cases, when the condition of source port is the same as that of the destination port, it indicates a Layer4 protocol error. (This type of error can be found in a BALT attack.)

History

This command was first available in ExtremeXOS 12.0.

Platform Availability

This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X620, X690, X870 series switches.