enable ip-security anomaly-protection icmp
Enables ICMP size and fragment checking.
|slot||Specifies the slot to be used.|
|all||Specifies all IP addresses, or all IP addresses in a particular state.|
The default is disabled.
This command enables ICMP size and fragment checking. This checking takes effect for both IPv4 and IPv6 TCP packets. When enabled, the switch drops ICMP packets if one of following condition is true:
Fragmented ICMP packets.
IPv4 ICMP pings packets with payload size greater than the maximum IPv4 ICMP-allowed size. (The maximum allowed size is configurable.)
IPv6 ICMP ping packets with payload size > the maximum IPv6 ICMP-allowed size. (The maximum allowed size is configurable.)
This command was first available in ExtremeXOS 12.0.