enable ip-security anomaly-protection ip

enable ip-security anomaly-protection ip { slot [ slot | all ] }

Description

Enables source and destination IP address checking.

Syntax Description

slot Specifies the slot.
all Specifies all IP addresses, or all IP addresses in a particular state.

Default

The default is disabled.

Usage Guidelines

This command enables source and destination IP addresses checking. This checking takes effect for both IPv4 and IPv6 packets. When enabled, the switch drops IPv4/IPv6 packets if its source IP address are the same as the destination IP address. In most cases, the condition of source IP address being the same as the destination IP address indicates a Layer 3 protocol error. (These kind of errors are found in LAND attacks.)

History

This command was first available in ExtremeXOS 12.0.

Platform Availability

This command is available on ExtremeSwitching 5320, 5420, 5520, and 5720 series switches.