disable ip-security anomaly-protection
tcp fragment
disable ip-security anomaly-protection tcp fragment {slot [ slot | all ]}
Description
Disables TCP fragment checking.
Syntax Description
slot
|
Specifies the slot to be
used. |
all
|
Specifies all IP addresses, or
all IP addresses in a particular state. |
Default
The default is disabled.
Usage Guidelines
This command
disables TCP fragment checking. This checking takes effect for IPv4/IPv6.
When it is enabled, the switch drops TCP packets if one of following
condition is true:
-
For the first IPv4 TCP fragment (its IP offset
field==0), if its TCP header is less than the minimum IPv4 TCP header
allowed size.
-
If its IP offset field==1 (for IPv4 only).
History
This command was
first available in ExtremeXOS 12.0.
Platform
Availability
This command is available on ExtremeSwitching 5320, 5420, 5520,
and 5720 series switches.