Table Of Contents
Configuring LAPB and X.25
Cisco's Implementation of LAPB and X.25
Facility Handling in Encapsulated X.25 Virtual Circuits
LAPB Configuration Task List
Establish LAPB DCE or DTE Operation
Configure LAPB Timers and Frame Parameters
Define the LAPB Hold Queue Size
X.25 Configuration Task List
Configure an X.25 Datagram Transport
Set X.25 DTE or DCE Operation
Set the X.121 Interface Address
Understand Single-Protocol and Multiprotocol Virtual Circuit Options
Protocol Encapsulation
Protocol Identification
Map Datagram Addresses to X.25 Hosts
Establish a Permanent Virtual Circuit (PVC)
Establish a Default Virtual Circuit Protocol
Configure DDN or BFE X.25
Cisco's Implementation of DDN X.25 Dynamic Mapping
Enable DDN X.25
Define IP Precedence Handling
Configure Blacker Emergency Mode
Create X.29 Access Lists
Create an Access List
Apply an Access List to a Line
Create an X.29 Profile Script
Configure X.25 Level 3 Parameters and Special Features
Configure Virtual Circuit Ranges
Configure the Switched Virtual Circuit Idle Timer
Increase the Number of Virtual Circuits Allowed
Configure the Ignore Destination Timer
Set Default Window Sizes
Set Default Maximum Packet Sizes
Establish the Packet Acknowledgment Policy
Configure the X.25 Level 3 Retransmission Timers
Set X.25 TCP Header Compression
Configure X.25 Packet-by-Packet Compression
Define the Default Encapsulation Protocol
Configure the X.25 User Facilities
Set the Packet Numbering Modulo
Suppress the Calling Address
Suppress the Called Address
Disable Packet-Level Restarts
Define the Virtual Circuit Packet Hold Queue Size
Monitor and Maintain LAPB and X.25
LAPB and X.25 Configuration Examples
Typical LAPB Configuration Example
Typical X.25 Configuration Example
Virtual Circuit Ranges Example
DDN X.25 Configuration Example
BFE Emergency Mode Example
Netboot over X.25 Example
X.29 Access List Example
X.3 Profile Example
Configuring LAPB and X.25
This chapter describes how to configure connections through X.25 networks, including Link Access Procedure Balanced (LAPB) connections. LAPB procedures are presented first for those users who only want to configure a simple, reliable serial encapsulation method. For a complete description of the commands mentioned in this chapter, refer to the "X.25 Configuration Commands" chapter in the Access and Communication Servers Command Reference publication.
Cisco's Implementation of LAPB and X.25
A group of specifications published by the ITU-T defines Recommendations, or specifications, for X.25.
Note The ITU-T carries out the functions of the former Consultative Committee for International Telegraph and Telephone (CCITT).
The ITU-T specifications specify connections between data terminal equipment (DTE) and data communications equipment (DCE) for remote terminal access and computer communications. The X.25 specifications include LAPB as the data link layer protocol and X.25 as the network layer protocol, or packet layer protocol (PLP) as it is also known. The ITU-T updates its specifications every four years, and the specifications dated 1980 and 1984 are the most common versions currently in use.
Additionally, the International Organization for Standardization (ISO) has published ISO 7776:1986 as an equivalent to the LAPB standard, and ISO 8208:1989 as an equivalent to the ITU-T 1984 X.25 Recommendation packet layer. Our X.25 software follows the CCITT 1984 X.25 Recommendation, except for its Defense Data Network (DDN) and Blacker Front-End Encryption (BFE) encapsulation operation, which follows the CCITT 1980 X.25 Recommendation.
Briefly, our X.25 software provides the following capabilities:
•X.25 Level 2, or LAPB (Link Access Procedure, Balanced)—LAPB is a protocol that operates at Level 2 (the data link layer) of the OSI reference model. LAPB specifies methods for exchanging data (in units called frames), detecting out-of-sequence or missing frames, retransmitting frames, and acknowledging frames.
•LAPB datagram transport—Protocol datagrams (IP) are carried over a reliable LABP connection, or datagrams of IP are encapsulated in a proprietary protocol and carried over a LAPB connection. The LAPB connection can carry a single protocol or multiple protocols, depending upon the configuration.
•X.25 datagram transport—Protocol datagrams (IP) are encapsulated inside packets on an X.25 virtual circuit. Mappings between X.25 addresses and protocol addresses allow these datagrams to be routed through an X.25 network, thereby allowing an X.25 public data network (PDN) to transport LAN protocols.
•DDN and BFE X.25—DDN-specified Standard Service is supported. The DDN X.25 Standard Service is the required protocol for use with DDN Packet Switched Nodes (PSNs). The Defense Communications Agency (DCA) has certified Cisco Systems' DDN X.25 Standard Service implementation for attachment to the Defense Data Network. Cisco's DDN implementation also includes Blacker Front-End Encryption and Blacker Emergency Mode operation.
•X.25 MIB—Specified in SNMP MIB Extension for X.25 LAPB (RFC 1381) and SNMP MIB Extension for the X.25 Packet Layer (RFC1382) subsets are supported. The LAPB XID Table X.25 Cleared Circuit Table, and X.25 Call Parameter Table are not implemented. All values are read-only. To use the X.25 MIB, refer to your MIB publications.
Facility Handling in Encapsulated X.25 Virtual Circuits
The access server either originates or accepts encapsulation virtual circuits in order to transport LAN traffic through an X.25 network.
When the access server originates a CALL for LAN traffic encapsulation, the facilities in the CALL are controlled by the facilities configured for the interface and the map statement that specifies the LAN/X.25 encapsulation. Because an access server may be attached to a Public Data Network (PDN), the interface and map configurations allow a number of facilities to be specified in outgoing CALLs. These facilities are specified in all originated CALLs relating to the given interface and map with one exception; the incoming and outgoing maximum packet sizes proposed will be lowered if the lower layer (LAPB) cannot support the specified DATA packet size.
When the access server accepts an encapsulation CALL, many facilities are simply ignored. The maximum packet sizes will be lowered if the lower layer (LAPB) cannot support the sizes proposed. A reverse-charged CALL will be CLEARed if neither the interface nor the map allows it. A CALL that specifies a Network User Identification (NUID) will be CLEARed if the user authentication fails.
LAPB Configuration Task List
It is possible to use only LAPB as a serial encapsulation method. This can be done using a leased serial line. You must use one of the X.25 packet-level encapsulations when attaching to an X.25 network.
The LAPB standards distinguish between two types of hosts: data terminal equipment (DTE), and data circuit-terminating equipment (DCE). At Level 2, or the data link layer in the OSI model, LAPB allows for orderly and reliable exchange of data between a DTE and a DCE. An access server using LAPB encapsulation can act as a DTE or DCE device at the protocol level, which is distinct from the hardware DTE or DCE level.
Using LAPB under noisy conditions can result in greater throughput than HDLC encapsulation. When LAPB detects a missing frame, the access server retransmits the frame instead of waiting for the higher layers to recover the lost information. This behavior is good only if the host timers are relatively slow. In the case of quickly expiring host timers, however, you will discover that LAPB is spending much of its time transmitting host retransmissions. If the line is not noisy, the lower overhead of HDLC encapsulation is more efficient than LAPB. When using long delay satellite links, for example, the lock-step behavior of LAPB makes HDLC encapsulation the better choice.
Perform the following tasks to configure LAPB:
•Establish LAPB DCE or DTE Operation
•Configure LAPB Timers and Frame Parameters
•Define the LAPB Hold Queue Size
•Monitor and Maintain LAPB and X.25
The following sections describe the LAPB configuration tasks. Refer to the section "Monitor and Maintain LAPB and X.25" later in this chapter for the LAPB administrative tasks. Examples of LAPB configurations appear at the end of this chapter.
Establish LAPB DCE or DTE Operation
Set the appropriate LAPB encapsulation to run datagrams over a serial interface. One end of the link must be DTE and the other must be DCE.
Select an encapsulation and the protocol if using a single protocol, or select the multiple protocol operation, according to the table that follows. Perform the following tasks in interface configuration mode:
Task
|
Command
|
Enable encapsulation of a single protocol on the line using DCE operation.
|
encapsulation lapb-dce
|
Enable encapsulation of a single protocol on the line using DTE operation.
|
encapsulation lapb
|
Set the line protocol.
|
lapb protocol protocol
|
Enable use of multiple protocols on the line using DCE operation.
|
encapsulation multi-lapb-dce
|
Enable use of multiple protocols on the line using DTE operation.
|
encapsulation multi-lapb
|
For an example of configuring LAPB DCE operation, see the section "Typical LAPB Configuration Example" later in this chapter.
Configure LAPB Timers and Frame Parameters
X.25 Level 2 or LAPB operates at the data link layer of the OSI reference model. LAPB specifies methods for exchanging data (in units called frames), detecting out-of-sequence or missing frames, retransmitting frames, and acknowledging frames.
The LAPB modulo determines the operating mode. Modulo 8 (basic mode) is widely available, because it is required for all standard LAPB implementations and is sufficient for most links. Modulo 128 (extended mode) can achieve greater throughput on high-speed links that have a low error rate (satellite links, for example) by increasing the number of frames that can be transmitted before waiting for acknowledgment (as configured by the LAPB window parameter, k). By its design, LAPB's k parameter can be at most one less than the operating modulo. Modulo 8 links can typically send seven frames before an acknowledgment must be received; modulo 128 links can set k to a value as large as 127. By default, LAPB links use the basic mode with a window of 7.
When connecting to an X.25 network, use the N1 parameter value set by the network administrator. This value is the maximum number of bits in a LAPB frame, which determines the maximum size of an X.25 packet. When using LAPB over leased lines, the N1 parameter should be eight times the hardware maximum transmission unit (MTU) size plus any LAPB overhead. The other frame parameters are determined by the network configuration; see for the default values.
The retransmission timer determines how long a transmitted frame can remain unacknowledged before the router polls for an acknowledgment. For X.25 networks, the router retransmission timer setting should match that of the network.
The LAPB standards define a timer to detect unsignaled link failures (T4). The T4 timer is reset every time a frame is received from the partner on the link. If the T4 timer expires, a Receiver Ready frame with the Poll bit set is sent to the partner, which is required to respond. If the partner does not respond, the standard polling mechanism is used to determine whether the link is down. The period of T4 must be greater than the period of T1.
Another LAPB timer function allows brief hardware failures, while the protocol is up, without requiring a protocol reset. If a brief hardware outage occurs, the link will continue uninterrupted if the outage is cured before the specified hardware outage period expires.
For leased-line circuits, the retransmission timer setting is critical. The timer setting must be large enough to permit a maximum-sized frame to complete one round trip on the link. If the timer setting is too small, the router will poll before the acknowledgment frame can return, which may result in duplicated frames and severe protocol problems; the design of LAPB assumes that a frame has been lost if it is not acknowledged within period T1. If the timer setting is too large, the router waits longer than necessary before requesting an acknowledgment, which reduces bandwidth.
summarizes the LAPB parameters you can set in interface configuration mode.
Table 8-1 LAPB Parameters
Task (LAPB Parameter)
|
Command
|
Values or Ranges
|
Default
|
Set the modulo.
|
lapb modulo modulus
|
8 or 128
|
8
|
Set the window size (k).
|
lapb k window-size
|
1- (modulo minus 1) frames
|
7
|
Set maximum bits per frame (N1).
|
lapb n1 bits
|
1088-32840 bits (must be a multiple of 8)
|
Based on hardware MTU and protocol overhead
|
Set count for sending frames (N2).
|
lapb n2 tries
|
1-255 tries
|
20
|
Set the retransmission timer (T1).
|
lapb t1 milliseconds
|
1-64000 milliseconds
|
3000
|
Set the hardware outage period.
|
lapb interface-outage milliseconds
|
|
0 (disabled)
|
Set the idle link period (T4).
|
lapb t4 seconds
|
|
0 (disabled)
|
For an example of configuring the LAPB T1 timer, see the section "Typical LAPB Configuration Example" later in this chapter.
Define the LAPB Hold Queue Size
To define the maximum number of packets to be held while LAPB is unable to send data, perform the following task in interface configuration mode:
Task
|
Command
|
Define the size of a packet hold queue.
|
lapb hold-queue queue-size
|
X.25 Configuration Task List
To configure X.25, you can choose from the following tasks, depending upon the X.25 application or task required for your network:
•Configure an X.25 Datagram Transport
•Configure DDN or BFE X.25
•Create X.29 Access Lists
•Create an X.29 Profile Script
•Configure X.25 Level 3 Parameters and Special Features
•Monitor and Maintain LAPB and X.25
Note that all X.25 applications except DDN and BFE X.25 operation and routing require that an encapsulation method and an X.121 address be set; see the sections "Set X.25 DTE or DCE Operation" and "Set the X.121 Interface Address" for the tasks to do so.
Default parameters have been provided for X.25 operation; however, you can change the settings to meet the needs of your X.25 network or as defined by your X.25 service supplier. We also provide special and custom configuration settings to further optimize your X.25 network. See the section "Configure X.25 Level 3 Parameters and Special Features" later in this chapter for more information.
The following sections describe how to implement the supported configuration types and special configuration tasks. Refer to the Access and Communication Servers Command Reference publication for information about the commands in the tasks. See the section "LAPB and X.25 Configuration Examples" at the end of this chapter for configuration examples.
Configure an X.25 Datagram Transport
X.25 support is most commonly configured as a transport for datagrams across an X.25 network. This is accomplished by first establishing a mapping between protocol addresses (for example, IP or DECnet) and the X.121 addresses of the X.25 network. When datagrams for a particular destination are routed for the first time, a virtual circuit is set up to the appropriate X.121 address. The Call User Data portion of the initial Call Request identifies the protocol of the datagrams being carried by a particular virtual circuit. If multiple protocols are in use, multiple virtual circuits will be opened.
illustrates two access servers sending data across an X.25 public data network (PDN).
Figure 8-1 Transporting LAN Protocols across an X.25 PDN
You must perform the following tasks to configure your access server as a transport for X.25 datagrams (note that these tasks are required by all X.25 applications except DDN and BFE X.25):
•Set X.25 DTE or DCE Operation
•Set the X.121 Interface Address
Perform the following tasks, as necessary, to complete the X.25 configuration for your network needs:
•Understand Single-Protocol and Multiprotocol Virtual Circuit Options
•Map Datagram Addresses to X.25 Hosts
•Establish a Permanent Virtual Circuit (PVC)
•Establish a Default Virtual Circuit Protocol
The following sections describe how to perform these configuration tasks. Configuring the X.25 parameters and special features, including TCP header compression, are described in the section "Configure X.25 Level 3 Parameters and Special Features" later in this chapter.
Set X.25 DTE or DCE Operation
An access Server using X.25 Level 3 encapsulation can act as a DTE or DCE protocol device. Default serial encapsulation is HDLC. Configure one of these encapsulation types, according to the needs of your X.25 service supplier. To do so, perform the following task in interface configuration mode:
Task
|
Command
|
Set X.25 DTE operation.
|
encapsulation x25
|
Set X.25 DCE operation.
|
encapsulation x25-dce
|
Typically, a public data network will require attachment as a DTE. (This is distinct from the hardware interface DTE and DCE assignments.)
For an example of configuring X.25 DTE operation, see the section "Typical X.25 Configuration Example" later in this chapter.
Set the X.121 Interface Address
Set the X.121 address of the network interface. The X.121 address is assigned by the X.25 network service provider. To set the X.121 address, perform the following task in interface configuration mode:
Task
|
Command
|
Set the X.121 address.
|
x25 address x.121-address
|
For an example of configuring the X.25 interface address, see the section "Typical X.25 Configuration Example" later in this chapter.
Understand Single-Protocol and Multiprotocol Virtual Circuit Options
This section describes X.25 single-protocol and multiprotocol encapsulation options and describes how protocols are identified under both options.
Protocol Encapsulation
We support encapsulation of several datagram protocols across X.25, using a standard method, when available, or a proprietary method, when necessary. These traditional methods assign a protocol to each virtual circuit. If more than one protocol is carried between the router and a given host, each active protocol will have at least one virtual circuit dedicated to carrying its datagrams.
We also support a newer standard, RFC 1356, which standardizes a method for encapsulating most datagram protocols over X.25. It also specifies how one virtual circuit can carry datagrams from more than one protocol.
A router can be configured to use any of the available encapsulation methods with a particular host.
Once an encapsulation virtual circuit is established using any method, sending and receiving a datagram is a simple process of fragmenting and reassembling the datagram into and from an X.25 complete packet sequence. An X.25 complete packet sequence is one or more X.25 data packets that have the More bit set in all but the last packet. A virtual circuit that can carry multiple protocols includes protocol identification data as well as the protocol data at the start of each complete packet sequence.
Protocol Identification
The primary difference between the available encapsulation methods is the specific value used to identify a protocol. When any of the methods establishes a virtual circuit for carrying a single protocol, the protocol is identified in the Call packet by using the Call User Data (CUD) field. When a virtual circuit is established to carry more than one protocol (only available using the RFC 1356 methodology), a specific value is also encoded in the Call User Data field in each datagram; every datagram exchanged over that virtual circuit has its protocol identified.
Table 8-2 summarizes the values used in the Call User Data field to identify protocols.
Table 8-2 Protocol Identification in the Call User Data Field
Protocol
|
Cisco
|
IETF RFC 1356
|
AppleTalk
|
0xD2
|
0x80 (5-byte SNAP encoding)
|
ISO CLNS
|
0x81
|
0x811
|
Compressed TCP
|
0xD8
|
0x00 (5-byte SNAP encoding)2
|
IP
|
0xCC
|
0xCC3 or 0x80 (5-byte SNAP encoding)
|
Novell IPX
|
0xD3
|
0x80 (5-byte SNAP encoding)
|
Once a multiprotocol virtual circuit has been established, datagrams on the virtual circuit have protocol identification data before the actual protocol data; the values used are the same used by RFC 1356 in the CUD field for an individual protocol.
Note IP datagrams can be identified using a 1-byte identification (0xCC) or a 6-byte identification (0x80 followed by the five-byte SNAP encoding). The single-byte encoding is used by default, although the SNAP encoding can be configured.
Map Datagram Addresses to X.25 Hosts
Encapsulation is a cooperative process between the router and another X.25 host. Since X.25 hosts are reached using an X.121 address (an X.121 address has between 0 and 15 decimal digits), the router must have a means to map a host's protocol address (or addresses) to its X.121 address.
Each encapsulating X.25 interface should be configured with the relevant datagram parameters. For example, an interface that encapsulates IP will typically have an IP address.
A router set up for DDN or BFE service uses a dynamic mapping technique to convert between IP and X.121 addresses. These techniques have been designed specifically for attachment to the DDN network and to Blacker encryption equipment. Their design, restrictions, and operation make them work well for these specific applications, but not for other networks.
You should also establish the X.121 address of an encapsulating X.25 interface using the x25 address interface configuration command. This is the address that encapsulation Calls should be directed to. It will also be used as the source X.121 address when originating an encapsulation Call, which is how the destination host will be able to determine what services are needed for the encapsulation virtual circuit. A DDN or BFE interface will have an X.121 address generated from the interface IP address, which for proper operation, should not be modified.
For each X.25 interface, you can explicitly map each destination host's protocols and addresses to its X.121 address. If needed and the destination host has the capability, one host map can be configured to support several protocols; alternatively, you can define one map for each supported protocol.
To establish a map, perform the following task in interface configuration mode:
Task
|
Command
|
Map one or more host protocol addresses to the host's X.121 address.
|
x25 map protocol1 address1 [protocol2 address2...protocol9 address9] x.121-address [option]
|
As an example, if you are encapsulating IP over a given X.25 interface, you should define an IP address for the interface and, for each of the desired destination hosts, map the host's IP address to its X.121 address.
Note You can map the X.121 address to as many as nine protocol addresses, but each protocol can be mapped only once.
An individual host map can specify the following protocols using the given keyword:
•TCP header compression—compressedtcp
•IP—ip
•Novell IPX—ipx
A multiprotocol map can specify a single address for all of the protocols listed above (except bridging and QLLC, which are not supported for RFC 1356 encapsulation). If IP and TCP header compression are both specified, the same IP address must be given for both protocols.
When setting up the address map, you can include options, such as enabling broadcasts and specifying the number of virtual circuits allowed, and defining various user facility settings.
Note Multiprotocol maps, especially those configured to carry broadcast traffic, can result in significantly larger traffic loads, requiring a larger hold queue, larger window sizes, or multiple virtual circuits.
For specific information about how to establish a protocol to run over X.25, refer to the appropriate protocol chapters in this publication.
The configuration for the Open Shortest Path First (OSPF) protocol can be greatly simplified by adding the optional broadcast keyword when doing this task. See the x25-map description in the Access and Communication Servers Command Reference publication for more information.
Establish a Permanent Virtual Circuit (PVC)
Permanent virtual circuits (PVCs) are the X.25 equivalent of leased lines; they are never disconnected. Specify the required network protocol-to-X.121 address map before you set up a PVC. To establish a PVC, perform the following task in interface configuration mode:
Task
|
Command
|
Establish a PVC.
|
x25 pvc circuit protocol-keyword protocol-address [option]
|
IP and Novell IPX are supported by this task.
Establish a Default Virtual Circuit Protocol
The Call Request packet that sets up a virtual circuit might contain a field called the Call User Data (CUD) field. Typically, the software uses the first byte of Call User Data to distinguish which high-level protocol will be carried by a particular virtual circuit.
lists the hexadecimal values of the initial byte of Call User Data and its corresponding network level protocol. The use of 0xCC for Department of Defense IP is defined by RFC 877. The other values are meaningful only to our X.25 software. Most of the single-byte identifiers are padded to four bytes with three bytes of 0x00. BFE IP encapsulation requires that only one byte be used. CLNS may use one or five bytes as defined in ISO 8473.
Table 8-3 Protocols and Initial Byte of Call User Data
Protocol
|
Initial CUD Byte
|
DoD IP
|
0xCC
|
Novell IPX
|
0xD3
|
TCP Header Compression (THC)
|
0xD8
|
You can specify the protocol assumed by the access server to interpret calls with unknown Call User Data (CUD) or with no CUD by performing the following task in interface configuration mode:
Task
|
Command
|
Establish the default protocol.
|
x25 default protocol
|
Configure DDN or BFE X.25
The DDN X.25 protocol has two versions: Basic Service and Standard Service. Our X.25 implementation only supports the Standard Service. DDN X.25 Standard Service requires that the X.25 data packets carry IP datagrams. The DDN Packet Switch Nodes (PSNs) can extract the IP packet from within the X.25 packet and pass data to another Standard Service host.
The DDN X.25 Standard is the required protocol for use with DDN PSNs. The Defense Communications Agency (DCA) has certified our DDN X.25 Standard implementation for attachment to the Defense Data Network. As part of the certification, our software is required to provide a scheme for dynamically mapping IP address to X.121 addresses. See the section "Cisco's Implementation of DDN X.25 Dynamic Mapping" that follows for details on that scheme.
Complete the following tasks to enable DDN X.25 service:
•Enable DDN X.25
•Define IP Precedence Handling
Perform the following task, as necessary, to complete the configuration.
•Configure Defense Data Network Blacker Front-End Encryption (BFE) and Configure Blacker Emergency Mode, as needed.
Cisco's Implementation of DDN X.25 Dynamic Mapping
The DDN X.25 standard implementation includes a scheme for dynamically mapping all classes of IP addresses to X.121 addresses without a table. This scheme requires that the IP addresses conform to the formats shown in . These formats segment the IP addresses into network (N), host (H), logical address (L), and PSN (P) portions. (The acronym PSN stands for Packet Switch Node.) For the BFE encapsulation, the IP address is segmented into Port (P), Domain (D), and BFE ID number (B). The DDN algorithm requires that the host value be less than 64.
Figure 8-2 DDN Internet/X.121 Address Conventions
The DDN conversion scheme uses the host and PSN portions of an IP address to create the corresponding X.121 address. Strictly speaking, the DDN conversion mechanism is limited to Class A IP addresses. However, the access server can convert Class B and Class C addresses as well. As indicated, this method uses the last two octets of a Class B address as the host and PSN identifiers, and the upper and lower four bits in the last octet of a Class C address as the host and PSN identifiers, respectively. The BFE conversion scheme requires a Class A IP address.
The DDN conversion scheme uses a physical address mapping if the host identifier is numerically less than 64. (This limit derives from the fact that a PSN cannot support more than 64 nodes.) If the host identifier is numerically larger than 64, the resulting X.121 address is called a logical address. The DDN does not use logical addresses.
The format of physical DDN X.25/X.121 addresses is ZZZZFIIIHHZZ(SS), where each character represents a digit. ZZZZ represents four zeros, F is zero to indicate a physical address, III represents the PSN octet from the IP address padded with leading zeros, HH is the host octet from the IP address padded with leading zeros, and ZZ represents two zeros. (SS) represents the optional and unused subaddress.
The physical and logical mappings of the DDN conversion scheme always generate a 12-digit X.121 address. Subaddresses are optional; when added to this scheme, the result is a 14-digit X.121 address. The DDN does not use subaddressing.
Packets using routing and other protocols that require broadcast support can successfully traverse X.25 networks, including the DDN. This traversal requires the use of network protocol-to-X.121 maps, because the access server must know explicitly where to deliver broadcast datagrams. (X.25 does not support broadcasts.) You can mark network protocol-to-X.121 map entries to accept broadcast packets; the access server then sends broadcast packets to hosts with marked entries. If you do not specify the address for an interface configured for DDN X.25, the access server uses the DDN mapping technique to obtain the X.121 address of an interface.
Enable DDN X.25
Both DCE and DTE operation cause the access server to specify the Standard Service facility in the Call Request packet, which notifies the PSNs to use Standard Service.
Perform one of the following tasks in interface configuration mode, as appropriate for your network:
Task
|
Command
|
Set DDN X.25 DTE operation.
|
encapsulation ddnx25
|
Set DDN X.25 DCE operation.
|
encapsulation ddnx25-dce
|
For an example of enabling DDN X.25, see the section "DDN X.25 Configuration Example" later in this chapter.
Define IP Precedence Handling
Using Standard Service, the DDN can be configured to provide efficient service for datagrams with Index high precedence values. If the access server receives an IP packet with a nonzero protocol precedence field, it uses a different virtual circuit and sets the precedence facility request to the DDN-specified precedence mapping in the Call Request packet. Different virtual circuits are maintained based on the precedence mapping values and the number of virtual circuits permitted.
By default, the DDN X.25 software opens one virtual circuit for all types of service values. You can enable the precedence sensitivity feature by performing the following task in interface configuration mode:
Task
|
Command
|
Allow a new virtual circuit based on the type of service (TOS) field.
|
x25 ip-precedence
|
Some hosts send nonstandard data in the TOS field, thereby causing multiple, wasteful virtual circuits to be created.
Configure Blacker Emergency Mode
For environments that require a high level of security, your access server software supports the Defense Data Network Blacker Front-End Encryption (BFE) and Blacker Emergency Mode.
Blacker Emergency Mode allows your BFE device and your access server to function in emergency situations. When the access server is configured to participate in emergency mode and the BFE device is in emergency mode, the access server sends address translation information to the BFE device to assist it in sending information.
Our implementation of Blacker Emergency Mode adheres to the specifications outlined in the DCA Blacker Interface Control document, published March 21, 1989.
Your BFE device is configured to be in one of three possible modes as follows:
•Enters emergency mode when requested to by the network. If the access server is configured to respond to a BFE device in emergency mode, or if the EXEC command bfe enter is used, the access server sends address translation information to the BFE device.
•Never enters emergency mode.
•Notifies the access server that an emergency mode window is open and waits for the access server to tell it to enter emergency mode. If the access server is configured to respond to a BFE in emergency mode, or if the EXEC command bfe enter is used, the access server sends a special address translation packet to the BFE device. The "special" data includes a command to the BFE to enter emergency mode.
Perform these tasks to configure Blacker Emergency Mode:
•Set BFE encapsulation on the access server attached to a BFE device.
•Provide address translation information to the BFE device.
•Define the circumstances under which the access server will participate in emergency mode.
•Enter Blacker Emergency Mode using the bfe EXEC command.
The following tables describe these tasks.
BFE encapsulation operates to map between Class A IP addresses and the X.121 addresses expected by the BFE encryption device. To set BFE encapsulation, perform the following task in interface configuration mode:
Task
|
Command
|
Set BFE encapsulation on the access server attached to a BFE device.
|
encapsulation bfex25
|
For an example of enabling Blacker Emergency mode, see the section "BFE Emergency Mode Example" later in this chapter.
You must set up a table that provides the address translation information the access server sends to the BFE when the BFE is in emergency mode. To do so, perform the following task in interface configuration mode
Task
|
Command
|
Set up the table that lists the BFE nodes (host or gateways) to which the access server will send packets.
|
x25 remote-red host-ip-address remote-black blacker-ip-address
|
:
For an example of configuring setting up the table, see the section "BFE Emergency Mode Example" later in this chapter.
You can define the circumstances under which the access server participates in emergency mode and how it will participate in emergency mode. To do so, perform the following tasks in interface configuration mode:
Task
|
Command
|
Configure the circumstances under which the access server will participate in emergency mode.
|
x25 bfe-emergency {never | always | decision}
|
Configure how an access server configured as x25 bfe-emergency decision will participate in emergency mode.
|
x25 bfe-decision {no | yes | ask}
|
For an example of configuring the circumstances under which the access server participates in emergency mode, see the section "BFE Emergency Mode Example" later in this chapter.
To set the access server to participate in emergency mode or to end participation in emergency mode when your system is so configured, perform the following task in EXEC mode:
Task
|
Command
|
Set access server to participate in emergency mode.
|
bfe {enter | leave} type number
|
For an example of configuring the access server to participate in emergency mode, see the section "BFE Emergency Mode Example" later in this chapter. See the previous task for more information about configuring the access server to participate in emergency mode.
Create X.29 Access Lists
Protocol translation software supports access lists, which make it possible to limit access to the access server from X.25 hosts. Access lists take advantage of the message field defined by Recommendation X.29, which describes procedures for exchanging data between two PADs or between a PAD and a DTE device.
To define X.29 access lists, perform the following tasks:
Step 1 Create an X.29 access list.
Step 2 Apply an access list to a virtual terminal line or to protocol translation.
These tasks are described in the following sections.
When configuring protocol translation, you can specify an access list number with each translate command. When translation sessions result from incoming PAD connections, the corresponding X.29 access list is used. Refer to the chapter "Protocol Translation Configuration Commands" in the Access and Communication Servers Command Reference publication for more information about the translate command.
Create an Access List
To specify the access conditions, perform the following global configuration task:
Task
|
Command
|
Restrict incoming and outgoing connections between a particular virtual terminal line (into a Cisco device) and the addresses in an access list.
|
x29 access-list access-list-number {deny | permit} x.121-address
|
An access list can contain any number of lines. The lists are processed in the order in which you type the entries. The first match causes the permit or deny condition. If an X.121 address does not match any of the entries in the access list, access will be denied.
Apply an Access List to a Line
To apply an access list to a virtual line, perform the following task in line configuration mode:
Task
|
Command
|
Restrict incoming and outgoing connections between a particular virtual terminal line (into a Cisco device) and the addresses in an access list.
|
access-class access-list-number in
|
The access list number is used for incoming TCP access, incoming LAT access, and for incoming PAD access. For TCP access, the protocol translator uses the defined IP access lists. For LAT access, the protocol translator uses the defined LAT access list. For incoming PAD connections, an X.29 access list is used. If you want to have access restrictions only on one of the protocols, then you can create an access list that permits all addresses for the other protocol.
For information about applying an access list using the translate command, refer to the chapter "Protocol Translation Configuration Commands" in the Access and Communication Servers Command Reference publication.
Create an X.29 Profile Script
You can create an X.29 profile script for use by the translate command. When an X.25 connection is established, the protocol translator then acts as if an X.29 SET PARAMETER packet had been sent that contained the parameters and values set by this command.
To create an X.29 profile script, perform the following global configuration task:
Task
|
Command
|
Create an X.29 profile script.
|
x29 profile name parameter:value [parameter:value]
|
Configure X.25 Level 3 Parameters and Special Features
The Cisco IOS software allows you to configure the standard Level 2 and Level 3 X.25 parameters and user facilities.
Note If you connect an access server to an X.25 network, use the parameters set by the network administrator. Also, note that the X.25 Level 2 parameters described in the "Configure LAPB Timers and Frame Parameters" section earlier in this chapter affect X.25 Level 3 operations.
This section describes the X.25 parameters, user facilities, and special features you can configure. Which tasks you perform depends upon the structure of your network and the requirements of the service provider. These parameters must be adjusted to match the values used by the X.25 network. It is common for networks to require values different from the our defaults.
Perform the following tasks to configure the optional parameters, user facilities, and special features:
•Configure Virtual Circuit Ranges
•Configure the Switched Virtual Circuit Idle Timer
•Increase the Number of Virtual Circuits Allowed
•Configure the Ignore Destination Timer
•Set Default Window Sizes
•Set Default Maximum Packet Sizes
•Establish the Packet Acknowledgment Policy
•Configure the X.25 Level 3 Retransmission Timers
•Set X.25 TCP Header Compression
•Configure X.25 Packet-by-Packet Compression
•Define the Default Encapsulation Protocol
•Configure the X.25 User Facilities
•Set the Packet Numbering Modulo
•Suppress the Calling Address
•Suppress the Called Address
•Disable Packet-Level Restarts
•Define the Virtual Circuit Packet Hold Queue Size
The following sections describe these tasks.
Configure Virtual Circuit Ranges
The X.25 protocol maintains multiple connections over one physical link between a DTE and a DCE. These connections are called virtual circuits or logical channels. X.25 can maintain up to 4095 virtual circuits numbered 1 through 4095. An individual virtual circuit is identified by giving its logical channel identifier or virtual circuit number. Many documents use the following terms interchangeably: virtual circuit and logical channel. The same is true for the terms virtual circuit number, logical channel number, and logical channel identifier.
An important part of X.25 operation is the range of virtual circuit numbers. Virtual circuit numbers are broken into four ranges (listed here in numerically increasing order):
1 Permanent virtual circuits (PVCs)
2 Incoming-only circuits
3 Two-way circuits
4 Outgoing-only circuits
The incoming-only, two-way, and outgoing-only ranges define the virtual circuit numbers over which a switched virtual circuit (SVC) can be established by placing an X.25 call, much like a telephone network establishes a switched voice circuit when a call is placed.
The rules about DCE and DTE devices initiating calls are as follows:
•Only the DCE device can initiate a call in the incoming-only range.
•Only the DTE device can initiate a call in the outgoing-only range.
•Both the DCE device and the DTE device can initiate a call in the two-way range.
There is no difference in the operation of the SVCs except the restrictions on which a device can initiate a call. These ranges can be used to prevent one side from monopolizing the virtual circuits, which can be useful for X.25 interfaces with a small total number of SVCs available.
Six X.25 parameters define the upper and lower limit of each of the three SVC ranges. A permanent virtual circuit (PVC) must be assigned a number less than the numbers assigned to the SVC ranges. An SVC range is not allowed to overlap another range.
For a list of virtual circuit range types and the corresponding commands used to configure the ranges, refer to the "X.25 Configuration Commands" chapter in the Access and Communication Servers Command Reference publication.
Note Because the X.25 protocol requires the DTE and DCE to have identical virtual circuit ranges, if the interface is up, changes to the virtual circuit range limits will be held until the X.25 protocol RESTARTs the packet service.
To set the X.25 virtual circuit parameters, perform any of the following tasks in interface configuration mode:
Task
|
Command
|
Set lowest incoming-only virtual circuit number (LIC).
|
x25 lic circuit-number
|
Set highest incoming-only virtual circuit number (HIC).
|
x25 hic circuit-number
|
Set lowest two-way virtual circuit number (LTC).
|
x25 ltc circuit-number
|
Set highest two-way virtual circuit number (HTC).
|
x25 htc circuit-number
|
Set lowest outgoing-only virtual circuit number (LOC).
|
x25 loc circuit-number
|
Set highest outgoing-only virtual circuit number (HOC).
|
x25 hoc circuit-number
|
For an example of configuring virtual circuit ranges, see the section "Virtual Circuit Ranges Example" later in this chapter.
Configure the Switched Virtual Circuit Idle Timer
The access server can clear datagram transport switched virtual circuit (SVC) after a set period of inactivity. You can set this time by performing the following task in interface configuration mode:
Task
|
Command
|
Set the idle time before an SVC is cleared.
|
x25 idle minutes
|
For an example of configuring the SVC idle timer, see the section "Typical X.25 Configuration Example" later in this chapter. See the section "Monitor and Maintain LAPB and X.25" later in this chapter for additional commands that clear virtual circuits.
Increase the Number of Virtual Circuits Allowed
You can establish up to eight switched virtual circuits to a host for each protocol used in X.25 datagram transport. Perform one or both of the following tasks to increase the number of virtual circuits allowed:
Task
|
Command
|
Specify the maximum number of switched virtual circuits that can be open simultaneously to one host for each protocol.
|
x25 nvc count x25 map protocol-keyword protocol-address x.121-address nvc count
|
For an example of increasing the number of virtual circuits allowed, see the sections "Typical X.25 Configuration Example" and "DDN X.25 Configuration Example" later in this chapter.
Configure the Ignore Destination Timer
Upon receiving a Clear for an outstanding datagram transport Call Request, the X.25 support code immediately tries another Call Request if it has more traffic to send. This action can overrun some X.25 switches. You can define the number of minutes it takes to prevent calls from going to a previously failed destination by performing the following task in interface configuration mode:
Task
|
Command
|
Configure the ignore destination timer.
|
x25 hold-vc-timer minutes
|
Incoming calls will still be accepted.
Set Default Window Sizes
X.25 networks have a default input and output window size that is defined by the network administrator. You must set the access server default input and output window sizes to match those of the network; see the note following the next section "Set Default Maximum Packet Sizes."
To set the default window sizes, perform the following tasks in interface configuration mode:
Task
|
Default
|
Command
|
Set the default number of packets the server can receive before sending an X.25 acknowledgment.
|
2
|
x25 win packets
|
Set the default number of sent packets that can remain unacknowledged before the virtual circuit uses its hold queue.
|
2
|
x25 wout packets
|
For an example of setting the default window sizes, see the sections "Typical X.25 Configuration Example" and "DDN X.25 Configuration Example" later in this chapter.
Set Default Maximum Packet Sizes
X.25 networks have a default maximum input and output packet size that is defined by the network administrator. You must set the access server default input and output maximum packet sizes to match those of the network by performing the following tasks in interface configuration mode:
Task
|
Default
|
Command
|
Set the default input maximum packet size.
|
128
|
x25 ips bytes
|
Set the default output maximum packet size.
|
128
|
x25 ops bytes
|
To send a packet larger than the agreed X.25 packet size over an X.25 virtual circuit, an access server must break the packet into two or more X.25 packets with the M-bit ("more data" bit) set. The receiving device collects all packets in the M-bit sequence and reassembles them.
For an example of setting the default maximum packet sizes, see the sections "Typical X.25 Configuration Example" and "DDN X.25 Configuration Example" later in this chapter.
Note Because the X.25 protocol requires the DTE and DCE to have identical default maximum packet sizes and default window sizes, if the interface is up, changes to the default window and packet sizes will be held until the X.25 protocol RESTARTs the packet service.
Establish the Packet Acknowledgment Policy
You can instruct the access server to send an acknowledgment packet when it has received a threshold of data packets it has not acknowledged, instead of waiting until its input window is full. A value of 1 will send an acknowledgment for each data packet received if it cannot be acknowledged in an outgoing data packet. A value of 0 restores the default behavior of waiting until the input window is full. This approach improves line responsiveness at the expense of bandwidth. To do so, perform the following task in interface configuration mode:
Task
|
Command
|
Establish the threshold at which to acknowledge data packets.
|
x25 th delay-count
|
Configure the X.25 Level 3 Retransmission Timers
The X.25 Level 3 retransmission timers determine how long the access server must wait before retransmitting various packets (an expiring call timer causes the virtual circuit to be cleared). You can set these timers independently using the commands listed in the "X.25 Configuration Commands" chapter in the Access and Communication Servers Command Reference publication. Each keyword requires a time value in seconds as its argument. The last column shows the default timer values, in seconds. Four of the timers apply to DTE devices, and the other four apply to DCE devices. To set the retransmission timers, perform any of the following tasks in interface configuration mode:
Task
|
Command
|
Set DTE T20 Restart Indication.
|
x25 t20 seconds
|
Set DCE T10 Restart Request.
|
x25 t10 seconds
|
Set DTE T21 Call Request.
|
x25 t21 seconds
|
Set DCE T11 Call Indication.
|
x25 t11 seconds
|
Set DTE T22 Reset Request.
|
x25 t22 seconds
|
Set DCE T12 Reset Indication.
|
x25 t12 seconds
|
Set DTE T23 Clear Request.
|
x25 t23 seconds
|
Set DCE T13 Clear Indication.
|
x25 t13 seconds
|
For an example of setting the default packet sizes, see the section "DDN X.25 Configuration Example" later in this chapter.
Set X.25 TCP Header Compression
You can configure two types of compression for X.25 interfaces:
•TCP/IP header compression, which is described in this section
•X.25 packet-by packet "payload" compression, which is described in the "Configuring Interfaces" chapter of this publication
We support RFC 1144 TCP/IP header compression on serial lines using HDLC and X.25 encapsulation. The implementation of Compressed TCP over X.25 uses one virtual circuit to pass the compressed packets. Any noncompressed packets are carried over separate IP encapsulations. To set X.25 TCP header compression perform the following tasks interface configuration mode:
Task
|
Command
|
To allow a separate virtual circuit for compressed packets.
|
x25 map compressedtcp ip-address x.121-address [options]
|
Configure X.25 Packet-by-Packet Compression
For increased efficiency on relatively slow networks, our access servers support packet-by-packet compression of outgoing calls over X.25.
Several restrictions apply to packet-by-packet compression:
•Traffic that is compressed packet-by-packet must flow end-to-end. No intermediate decompression is allowed.
•Decompressed traffic is routed through an X.25 serial interface.
•X.25 packet aggregation is not supported for traffic that is compressed packet-by-packet.
•X.25 IP-tunneled LAN routes will not transport traffic that is compressed packet-by-packet.
•PAD traffic is not compressed packet-by-packet.
To enable packet-by-packet compression over X.25, perform the following task in interface configuration mode:
Task
|
Command
|
Enable packet-by-packet compression over X.25.
|
x25 map protocol address [protocol address] x.121-address compress
|
This command specifies that X.25 compression is to be used when mapping outgoing traffic to the specified host. Because each virtual circuit established for compressed traffic uses significant amounts of memory, compression should be used with careful consideration of its impact on the router's performance.
Define the Default Encapsulation Protocol
To instruct the access server how to interpret unknown Call User Data, perform the following task in interface configuration mode:
Task
|
Command
|
Interpret incoming calls with unknown Call User Data.
|
x25 default protocol
|
Configure the X.25 User Facilities
The X.25 software provides commands to support X.25 user facilities—options specified by the creators of the X.25 Recommendation—that allow you to implement features such as accounting, user identification, and flow control negotiation. The facilities configured by the x25 map commands are on a per-peer basis; the x25 facility commands specify the values sent for calls originated by the interface. Routed calls are not affected by the facilities specified for the outgoing interface.
To set the supported X.25 user facilities, perform one or more of the following tasks in interface configuration mode:
Task (User Facility)
|
Command
|
Select closed user group.
|
x25 facility cug number x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address cug number
|
Set flow control parameter negotiation values to request on outgoing calls.
|
x25 facility packetsize in-size out-size x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address packetsize in-size out-size
x25 facility windowsize in-size out-size x25 map protocol address [protocol2 address2[...[protocol9 address9]]] x.121-address windowsize in-size out-size
|
Set reverse charging.
|
x25 facility reverse x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address reverse
|
Allow reverse charging acceptance.
|
x25 accept-reverse x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address accept-reverse
|
Select throughput class negotiation.
|
x25 facility throughput in out x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address throughput in out
|
Select transit delay.
|
x25 facility transit-delay number x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address transit-delay number
|
Set the Recognized Private Operation Agency (RPOA) to use.
|
x25 facility rpoa name x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address rpoa name
|
Set the Cisco standard network user identification.
|
x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address nuid username password
|
Set a user-defined network user identification allowing format determined by the network administrator.
|
x25 map protocol address [protocol2 address2 [...[protocol9 address9]]] x.121-address nudata string
|
Additionally, the D-bit is supported and passed through transparently. Both restricted and unrestricted fast select are also supported and are transparently handled by the software. No configuration is required for use of the D-bit or fast select facilities.
Set the Packet Numbering Modulo
The Cisco implementation of X.25 supports the extended packet sequence numbering. To use the extended packet sequence, perform the following task in interface configuration mode:
Task
|
Command
|
Set the packet numbering modulo.
|
x25 modulo modulus
|
Note Because the X.25 protocol requires the DTE and DCE to have identical modulo, if the interface is up, changes to the modulo will be held until the X.25 protocol RESTARTs the packet service.
Suppress the Calling Address
You can omit the calling (source) address in outgoing calls. This option is required for networks that expect only subaddresses in the calling address field. To suppress the calling address, perform the following task in interface configuration mode:
Task
|
Command
|
Omit the calling (source) X.121 address in Call Request packets.
|
x25 suppress-calling-address
|
Suppress the Called Address
You can omit the called (destination) address in outgoing calls. This option is required for networks that expect only subaddresses in the called address field. To suppress the called address, perform the following task in interface configuration mode:
Task
|
Command
|
Omit the called (destination) X.121 address in Call Request packets.
|
x25 suppress-called-address
|
Disable Packet-Level Restarts
By default, a packet-level Restart is performed when the link level is reset. This behavior can be disabled for networks that do not allow it, but disabling this behavior can cause anomalous packet layer behavior. To disable packet-level restarts, perform the following task in interface configuration mode:
Task
|
Command
|
Disable packet-level restarts.
|
no x25 linkrestart
|
Define the Virtual Circuit Packet Hold Queue Size
You can define the maximum number of packets that can be held while a virtual circuit is unable to send data. To define the size of the packet hold queue, perform the following task in interface configuration mode:
Task
|
Command
|
Define the virtual circuit packet hold queue size.
|
x25 hold-queue queue-size
|
Monitor and Maintain LAPB and X.25
To monitor and maintain X.25 and LAPB, perform any of the following tasks in EXEC mode:
Task
|
Command
|
Clear all virtual circuits at once (calls originated, terminated, and switched by the access server are cleared), or clear the single virtual circuit specified.
|
clear x25-vc type number [lcn]
|
Display operation statistics for an interface.
|
show interfaces serial number
|
Display the protocol-to-X.121 address map.
|
show x25 map
|
Display the one-to-one mapping of the host IP addresses and the remote BFE device's IP addresses.
|
show x25 remote-red
|
Display details of active virtual circuits.
|
show x25 vc [lcn]
|
Note The "X.25 Cause and Diagnostic Codes" appendix of the Debug Command Reference publication describes X.25 diagnostic codes that can appear in these show command displays.
LAPB and X.25 Configuration Examples
Use the examples in this section to help you understand how to configure LAPB and X.25 for your network. The examples provided are as follows:
•Typical LAPB Configuration Example
•Typical X.25 Configuration Example
•Virtual Circuit Ranges Example
•DDN X.25 Configuration Example
•BFE Emergency Mode Example
•Netboot over X.25 Example
•X.29 Access List Example
•X.3 Profile Example
Typical LAPB Configuration Example
In the following example, the frame size (N1), window size (k), and maximum retransmission (N2) parameters retain their default values. The encapsulation command sets DCE operation for IP packets only, and the lapb t1 command sets the retransmission timer to 4,000 milliseconds (4 seconds) for a link with a long delay or slow connecting DTE device.
Typical X.25 Configuration Example
The following example shows the complete configuration for a serial interface connected to a commercial X.25 PDN for routing the IP protocol. The IP subnetwork address 131.108.9.0 has been assigned for the X.25 network.
Note When routing IP over X.25, the X.25 network must be treated as a single IP network or subnetwork. Map entries for access servers with addresses on subnetworks other than the one on which the interface's IP address is stored are ignored by the routing software. Additionally, all access servers using the subnet number should have map entries for all others. There are also issues with the broadcast flag, which apply both to IP and to other protocols with dynamic routing.
ip address 172.30.9.1 255.255.255.0
! The "bandwidth" command is not part of the X.25
! configuration; it's especially important to understand that it doesn't
! have any connection with the X.25 entity of the same name.
!"bandwidth" commands are used by IP routing processes (currently only IGRP),
! to determine which lines are the best choices for traffic.
! Because the default is 1544, and X.25 service at that rate isn't generally
! available, most X.25 interfaces that are being used with IGRP in a
! real environment will have "bandwidth" settings.
! This is a 9.6 Kbaud line:
! These Level 3 parameters are default flow control values; they need to
! match the PDN defaults. The values used by an SVC are negotiable on a per-call basis:
! You must specify the X.121 address to be assigned to the X.25
! interface by the PDN.
! The following Level 3 parameters have been set to match the network.
! You generally need to change some Level 3 parameters, most often
! those listed below. You may not need to change any Level 2
! The following commands configure the X.25 map. If you want to exchange
! routing updates with any of the access servers, they would need
! "broadcast" flags.
! If the X.25 network is the only path to them, static routes are
! generally used to save on packet charges. If there is a redundant
! path, it might be desirable to run a dynamic routing protocol.
x25 map IP 172.30.9.3 31370019134 ACCEPT-REVERSE
! (ACCEPT-REVERSE allows collect calls)
x25 map IP 131.108.9.2 31370053087
! If the PDN cannot handle fast back-to-back frames, use the
!"transmitter-delay" command to slow down the interface:
Virtual Circuit Ranges Example
The following example sets the following virtual circuit ranges: 5 to 20 dedicated to incoming calls only (from the DCE to the DTE), 25 to 1024 for either incoming or outgoing calls, no virtual circuit range dedicated to outgoing calls (from the DTE to the DCE). Up to four permanent virtual circuits can be defined on virtual circuits 1 through 4.
DDN X.25 Configuration Example
The following example illustrates how to configure an access server interface to run DDN X.25:
ip address 172.30.7.50 255.255.255.240
x25 map IP 172.30.7.49 000000010300 BROADCAST
BFE Emergency Mode Example
In the following example, serial interface 0 is configured to require an EXEC command from the administrator before it participates in emergency mode. The host IP address is 172.30.0.12, and the address of the remote BFE unit is 172.30.0.1. When the BFE enters emergency mode, the access server will prompt the administrator for EXEC command bfe enter to direct the access server to participate in emergency mode.
ip address 172.30.0.2 255.0.0.0
x25 bfe-emergency decision
x25 remote-red 172.30.0.12 remote-black 172.30.0.1
Netboot over X.25 Example
When netbooting over X.25, you cannot netboot via a broadcast. You must netboot from a specific host. Also, an x25 map command must exist for the host that you netboot from. The x25 map command is used to map an IP address into an X.121 address. There must be an x25 map command that matches the IP address given on the boot system command line. The following is an example of such a configuration:
boot system gs3-bfx.83-2.0 172.30.13.111
ip address 172.30.126.200 255.255.255.0
x25 map IP 172.30.13.111 10002 broadcast
In this case, 10002 is the X.121 address of the remote access server that can get to host 172.30.13.111.
The remote access server must have the following x25 map entry:
x25 map IP 172.30.126.200 10004 broadcast
This entry allows the remote access server to return a boot image (from the netboot host) to the access server netbooting over X.25.
X.29 Access List Example
The following example illustrates an X.29 access lists. Incoming permit conditions are set for all IP hosts and LAT nodes that have specific characters in their names. All X.25 connections to a printer are denied. Outgoing connections are list restricted.
!Permit all IP hosts and LAT nodes beginning with "VMS".
!Deny X.25 connections to the printer on line 5.
access-list 1 permit 0.0.0.0 255.255.255.255
lat access-list 1 permit ^VMS.*
x29 access-list 1 deny .*
!Permit outgoing connections for other lines.
!Permit IP access with the network 131.108
access-list 2 permit 172.30.0.0 0.0.255.255
!Permit LAT access to the boojum/snark complexes.
lat access-list 2 permit ^boojum$
lat access-list 2 permit ^snark$
!Permit X.25 connections to Infonet hosts only.
x29 access-list 2 permit ^31370
X.3 Profile Example
The following profile script turns local edit mode on when the connection is made and establishes local echo and line termination upon receipt of a Return. The name "linemode" is used with the translate command to effect use of this script.
x29 profile linemode 2:1 3:2 15:1
translate tcp 172.30.1.26 x25 55551234 profile linemode
The X.3 PAD parameters are described in the "Configuring Protocol Translation" chapter in this publication.