enable ip-security anomaly-protection
icmp
enable ip-security anomaly-protection icmp {slot [ slot | all ]}
Description
Enables ICMP size and fragment
checking.
Syntax Description
|
slot
|
Specifies the slot to be
used. |
|
all
|
Specifies all IP addresses, or
all IP addresses in a particular state. |
Default
The default is disabled.
Usage Guidelines
This command
enables ICMP size and fragment checking. This checking takes effect
for both IPv4 and IPv6 TCP packets. When enabled, the switch drops
ICMP packets if one of following condition is true:
-
Fragmented
ICMP packets.
-
IPv4 ICMP pings packets with payload size greater than the
maximum IPv4 ICMP-allowed size. (The maximum allowed size is configurable.)
-
IPv6 ICMP ping packets with payload size > the maximum IPv6
ICMP-allowed size. (The maximum allowed size is configurable.)
History
This command was
first available in ExtremeXOS 12.0.
Platform
Availability
This command is available on ExtremeSwitching X435,
X440-G2, X450-G2, X460-G2, X465, X590, X620, X670-G2, X690, X695, X870, 5420, and 5520 series
switches.
