Cisco IOS Wide-Area Networking Command Reference

x25 pvc rbp local

To configure a router to accept an incoming TCP connection on a specified TCP port, and to use record boundary preservation (RBP) over that session to transfer data between the TCP host and an X.25 permanent virtual circuit (PVC), use the x25 map rbp local command in interface configuration mode. To delete the PVC, use the no form of this command.

x25 pvc circuit rbp local port port [packetsize in-size out-size] [recordsize size] [windowsize in-size out-size] [q-bit]

no x25 pvc circuit

Syntax Description[

Defaults

No PVC is configured.

The PVC window and maximum packet sizes default to the interface default values.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

RBP enables X.25 hosts to exchange data with TCP/IP hosts via TCP sessions while maintaining X.25 packet boundaries.

When the Q-bit option is included in this command, X.25 Q-bit data packets can be received by the TCP/IP host; otherwise transmission of X.25 Q-bit data packets would bring down the TCP and X.25 sessions.

When connections that will be established by the TCP/IP host are configured, the local TCP port number must be unique, with the exception that the same TCP port number may be configured once on each of multiple X.25 interfaces that will not be active simultaneously. This includes situations in which one X.25 interface is configured as a backup interface for another X.25 interface.

When the x25 pvc rbp local command is configured, the router will listen for a TCP connection request to the configured TCP port. Until the connection request is received, the router will acknowledge any X.25 reset packets on the circuit. When the TCP connection request is received, the connection will be accepted, and the router will send an X.25 reset packet over the configured X.25 destination circuit. If the reset packet is not acknowledged, the TCP connection will be closed.

Since this command is associated with a specific X.25 circuit, only one connection may be active per command.

When a PVC is configured, the virtual circuit must be unique. Multiple commands referencing the same virtual circuit (matching logical channel identifier and interface) are not permitted.

When connections that will be established by the TCP/IP host are configured, the local TCP port number must be unique, with the exception that the same TCP port number may be configured once on each of multiple X.25 interfaces that will not be active simultaneously. This includes the case in which one X.25 interface is configured as a backup interface for another X.25 interface.

Examples

Interface serial2/1

 encapsulation x25

 x25 pvc 2 rbp local port 9999

Related Commands

x25 pvc rbp remote

To configure a router to establish a TCP session in response to data received on an X.25 permanent virtual circuit (PVC) and to use record boundary preservation (RBP) to transfer data between the X.25 host and the TCP session, use the x25 pvc rbp remote command in interface configuration mode. To delete the PVC, use the no form of this command.

x25 pvc circuit rbp remote host ip-address port port [packetsize in-size out-size] [source-interface interface] [recordsize size] [windowsize in-size out-size] q-bit

no x25 pvc circuit

Syntax Description

Defaults

The PVC window and maximum packet sizes default to the interface default values.

Command Modes

Interface configuration

Command History

Usage Guidelines

RBP enables X.25 hosts to exchange data with TCP/IP hosts via TCP sessions while maintaining X.25 packet boundaries.

When a PVC is configured, the virtual circuit must be unique. Multiple commands referencing the same virtual circuit (matching logical channel identifier and interface) are not permitted.

When the x25 pvc rbp remote command is configured, the router will wait until a data packet is received on a specific X.25 PVC. Until it receives a data packet, the router will acknowledge any X.25 reset packets on the circuit. When a data packet is received, the router will attempt to establish a TCP connection to a configured IP address and TCP port, using a dynamically assigned local TCP port number. If the connection attempt fails, the router will reset the PVC and wait for another data packet before reattempting to establish the TCP connection.

Since the x25 pvc rbp remote command is associated with a specific X.25 circuit, at most one connection may be active per command.

Examples

interface serial1/0

 encapsulation x25 

 x25 pvc 1 rbp remote host 10.0.0.1 port 9999

Related Commands

x25 relay-vc-number

To enable the relay of a virtual circuit (VC) number for switched calls between X.25 over TCP (XOT) and the interface on which the command is configured, use the x25 relay-vc-number command in interface configuration or X.25 profile configuration mode. To disable the relay of the VC number, use the no form of this command.

x25 relay-vc-number

no x25 relay-vc-number

Syntax Description

This command has no arguments or keywords.

Command Modes

Interface configuration (config-if)
X.25 profile configuration (config-x25)

Command History

Usage Guidelines

Use the x25 relay-vc-number command to enable the relay of the VC number for the switched calls between the XOT and the configured interface.

X.25 is a method of packet switching that is used for communication between user devices (such as routers, bridges, and host machines) and network devices (such as switching nodes and modems). User devices are called data terminal equipment (DTE), and network devices are called data circuit-terminating equipment (DCE).

Examples

The following examples show how to set the x25 relay-vc-number command for a Fast Ethernet interface and a serial interface.

Router(config)# interface fastethernet0/0

Router(config-if)# cmns enable

Router(config-if)# x25 relay-vc-number

Router(config)# interface serial1/0

Router(config-if)# x25 relay-vc-number

Related Commands

x25 remote-red

Note Effective with Cisco IOS Release 12.2, the x25 remote-red command is not available in Cisco IOS Software.

To set up the table that lists the Blacker Front End (BFE) nodes (host or gateways) to which the router will send packets, use the x25 remote-red command in interface configuration mode.

x25 remote-red host-ip-address remote-black blacker-ip-address

Syntax Description

Defaults

No table is set up.

Command Modes

Interface configuration (config-if)

Command History

Usage Guidelines

The table that results from this command provides the address translation information that the router sends to the BFE when it is in emergency mode.

Examples

The following example sets up a short table of BFE nodes for serial interface 0:

interface serial 0

 x25 remote-red 172.20.9.3 remote-black 172.20.9.13

 x25 remote-red 192.108.15.1 remote-black 192.108.15.26

Related Commands

x25 retry

To activate a secondary route while also retrying a failed primary route, use the x25 retry interface configuration command in conjunction with the ip route or backup interface commands. To discontinue implementing secondary X.25 routes and retrying of primary X.25 routes, use the no form of this command.

x25 retry interval seconds attempts count

no x25 retry interval seconds attempts count

Syntax Description

Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Usage Guidelines

The x25 retry command is triggered when no switched virtual circuits (SVCs) are up, and an outgoing call fails.

The retry attempts will continue until any of the following happens:

•The configured retry attempts limit is reached.

•The attempt to reestablish the link is successful.

•An incoming call is received on the subinterface.

•The X.25 packet layer on the interface is restarted.

If the number of retry attempts exceeds the configured limit, the interface will remain marked "down" until any of the following happens:

•An incoming call is received on the subinterface.

•The X.25 packet layer on the interface is restarted.

Examples

The following example shows the x25 retry command being configured on subinterface 1.1 with a retry interval of 60 seconds up to a maximum of 10 attempts:

Router(config)# interface serial1.1 point-to-point

Router(config-if)# x25 retry interval 60 attempts 10

Related Commands

x25 roa

To specify a sequence of packet network carriers, use the x25 roa command in global configuration mode. To remove the specified name, use the no form of this command.

x25 roa name number

no x25 roa name

Syntax Description

Defaults

No packet network carriers are specified.

Command Modes

Global configuration

Command History

Usage Guidelines

This command specifies a list of transit ROAs to use, referenced by name.

Examples

The following example sets an ROA name and then sends the list via the X.25 user facilities:

x25 roa green_list 23 35 36

interface serial 0

 x25 facility roa green_list

 x25 map ip 172.20.170.26 10 roa green_list

Related Commands

x25 rotary

To assign an X.121 address to a rotary group (and optionally, to specify that address to be the source address of calls originating from lines within the group), use the x25 rotary command in global configuration mode. To remove an X.121 address from a rotary group, use the no form of this command.

x25 rotary group-num x121-address [calling-address [rotary | line]

no x25 rotary group-num x121-address [calling-address [rotary | line]

Syntax Description

Command Default

No group X.121 address is defined.

Command Modes

Global configuration

Command History

Usage Guidelines

Each X.121 address can be associated with only one rotary group.

A rotary group cannot be configured with an X.121 address if it has "queued" or "queued-by-role" selection type.

Examples

The following example sets the rotary address to be used as the calling address:

Router(config)# x25 rotary 1 1111 calling-address rotary

Related Commands

x25 route

To create an entry in the X.25 routing table (to be consulted for forwarding incoming calls and for placing outgoing packet assembler/disassembler (PAD) or protocol translation calls), use the x25 route command in global configuration mode. To remove an entry from the table, use the no form of the command.

x25 route [#position] [selection-options] [modification-options] disposition-options [xot-keepalive-options]

no x25 route [#position] [selection-options] [modification-options] disposition-options [xot-keepalive-options]

Syntax Description

Defaults

No entry is created in the X.25 routing table.

Command Modes

Global configuration

Command History

Usage Guidelines

The enhanced x25 route command replaces the x25 map cmns command. The x25 route alias form of this command (supported in earlier releases) has been replaced by the x25 alias command.

The modification options are long-standing but newly applicable to all dispositions in Cisco IOS Release 11.3 and later.

Note The entire command must be entered on one line.

Selection Options

Selection arguments specify match criteria. When a call matches all selection criteria in an X.25 route, then the specified modification and disposition are used for the call.

As many as four selection options can be used to determine the route:

•Called X.121 network interface address (destination or source host address)

•Called address extension (destination NSAP address)

•X.25 packet's call user data (CUD) field

•Input interface from which the call was received (input-interface option)

Table 119 lists the selection options for the x25 route command. At least one selection or modification option must be specified.

Note The X.121 and NSAP addresses are specified as regular expressions. A common error is to specify the address digits without anchoring them to the beginning and end of the address. For example, the regular expression 1111 will match an X.121 address that has four successive 1s somewhere in the address; to specify the single X.121 address, the form ^1111$ must be used.

Regular expressions are used to allow pattern-matching operations on the addresses and user data. A common operation is to use prefix matching on the X.121 Data Network Identification Code (DNIC) field and route accordingly. The caret (^) is a special regular expression character that anchors the match at the beginning of the pattern. For example, the pattern ^3306 will match all X.121 addresses with a DNIC of 3306.

Modification Options

Addresses typically need to be modified when traffic from a private network that uses arbitrary X.121 addresses must transit a public data network, which must use its own X.121 addresses. The easiest way to meet the requirement is to specify in the x25 route command a way to modify the private address into a network X.121 address, or to modify a network X.121 address into a private address. The addresses are modified so that no change to the private addressing scheme is required.

The modification options use the standard UNIX regular expression substitution operations to change an X.25 field. A pattern match is applied to an address field, which is rewritten as directed by a rewrite pattern.

Table 120 lists the modification options for the x25 route command. At least one selection or modification option must be specified.

Note As of Cisco IOS Release 11.3, the substitute-source and substitute-dest options also apply to PAD calls.

A modification of the source address is directed by the rewrite string using one of three possible match patterns. If the source source-pattern selection option is defined, it is used with the source-rewrite string to construct the new source address; otherwise, a destination-pattern regular expression is used (for backward compatibility) or a wildcard regular expression (.*) is used. In the rewrite-source argument, the backslash character (\) indicates that the digit immediately following the argument selects a portion of the matched address to be inserted into the new called address.

A modification of the destination address is directed by the rewrite string using one of two possible match patterns. If the destination-pattern selection option is defined, it is used with the destination-rewrite string to construct the new destination address; otherwise, a wildcard regular expression (.*) is used. In the rewrite-dest argument, the backslash character (\) indicates that the digit immediately following the argument selects a portion of the original called address to be inserted into the new called address.

Pattern and Character Matching and Replacement for Selection and Modification Options

See Table 121, Table 122, and Table 123, respectively, for summaries of pattern matching, character matching, and pattern replacement elements. Note that up to nine pairs of parentheses can be used to identify patterns to be included in the modified string. A more complete description of the pattern-matching characters is found in the "Regular Expressions" appendix in the Cisco IOS Terminal Services Configuration Guide.

Disposition Option

The xot-source disposition option can improve the resilience of the TCP connection if, for instance, a loopback interface is specified. By default, a TCP connection's source IP address is that of the interface used to initiate the connection; a TCP connection will fail if either the source or destination IP address is no longer valid. Because a loopback interface never goes down, its IP address is always valid. Any TCP connections originated using a loopback interface can be maintained as long as a path exists to the destination IP address, which may also be the IP address of a loopback interface.

Using the continue keyword provides flexibility by reducing the number of X.25 route configurations necessary in the route table by breaking them into separate, simpler, and more manageable tasks. It allows the x25 route command to cumulatively hold all specified route entries and carry whatever selection or modification options you may have just specified on the command line. The route table lookup terminates when a matching route is found among the remaining entries in the route table. The continue disposition must be the last option on the x25 route command line.

Table 124 lists the disposition options for the x25 route command. You must select one of these options.

XOT-Keepalive Options

TCP maintains each connection using a keepalive mechanism that starts with a default time period and number of retry attempts. If a received XOT connection is dispatched using a route with explicit keepalive parameters, those values will be used for the TCP connection. If an XOT connection is sent using a route with explicit keepalive parameters, those values will be used for the TCP connection.

Table 125 lists and describes the xot-keepalive options for the x25 route command.

X.25 Routing Action When a Match Is Found

If a matching route is found, the incoming call is forwarded to the next hop depending on the routing entry. If no match is found, the call is cleared. If the route specifies a serial interface running X.25 or a broadcast interface running CMNS, the router attempts to forward the call to that host. If the interface is not operational, the subsequent routes are checked for forwarding to an operational interface. If the interface is operational but out of available virtual circuits, the call is cleared. Otherwise, the expected Clear Request or Call Accepted packet is forwarded back toward the originator. A call cannot be forwarded out the interface on which it arrived.

If the matching route specifies an XOT disposition, a TCP connection is established to port 1998 at the specified IP address, which must be an XOT host. The Call Request packet is forwarded to the remote host, which applies its own criteria to handle the call. If, upon receiving an XOT call on the remote host, a routing table entry is not present, or the destination is unavailable, a Clear Request is sent back and the TCP connection is closed. Otherwise, the call is handled and the expected Clear Request or Call Accepted packet is returned. Incoming calls received via XOT connections that match a routing entry specifying an XOT destination are cleared. This restriction prevents Cisco routers from establishing an XOT connection to another router that would establish yet another XOT connection.

X.25 Routing Action When No Match Is Found

If no match is found, the action taken is specific to the application. X.25 switching will clear the call if there is no match in the routing table. X.25 PAD and PAD-related applications, such as protocol translation using X.25, will route the call to the default X.25 interface, which is the first X.25 interface configured.

Examples

The following example uses regular expression pattern matching characters to match just the initial portion of the complete X.25 address. Any call with a destination address beginning with 3107 that is received on an interface other than serial 0 is forwarded to serial 0.

x25 route ^3107 interface serial 0

The following Annex G example routes the X.25 call to the specified Annex G DLCI link. You must include both interface number and DLCI number. It is this combination of both these numbers that indicates the logical X.25 interface over Frame Relay.

x25 route ^2222 interface serial 1 dlci 20

The following example prevents X.25 routing for calls that do not specify a source address:

x25 route source ^$ clear

The following example configures alternate XOT hosts for the routing entry. If the first address listed is not available, subsequent addresses are tried until a connection is made. If no connection can be formed, the call is cleared.

x25 route ^3106$ xot 172.20.2.5 172.20.7.10 172.10.7.9

The following example clears calls that contain a 3 in the source address. The disposition keyword clear is new.

x25 route source 3 clear

The following example clears calls that contain 33 in the source address:

x25 route source 33 clear

The following example clears a call to the destination address 9999:

x25 route ^9999$ clear

The following example specifies a route for specific source and destination addresses. (The ability to combine source and destination patterns is a new feature.)

x25 route ^9999$ source ^333$ interface serial 0

The following example routes the call to the XOT host at the specified IP address. The disposition keyword xot is new. In prior releases the keyword ip was used.

x25 route ^3333$ xot 172.21.53.61

The following DNS-based X.25 routing example shows an X.25 request to the DNS. The \0 pattern indicates that the entire incoming X.121 address is being used as the index into the DNS, which will return the required IP address.

x25 route ^.* xot dns \0 

The following example routes calls containing the destination extension address preamble 11.1234:

x25 route dest-ext ^11.1234.* interface serial 0

The following example rewrites the destination address as 9999. There must be a minimum of four 8s in the address. (8888888 will change to 9999.)

x25 route 8888 substitute-dest 9999 interface serial 0

The following example substitutes only part of the destination address. "^88" specifies the original destination string must begin with 88. "(.*)" indicates the string can end with any number, 0-9, and can be more than one digit. "99\1" changes the destination address to 99 plus whatever matches ".*" in the original destination address. For example, 8881 will change to 9981.

x25 route ^88(.*) substitute-dest 99\1 interface serial 0

The following example substitutes only part of the destination address and also removes a specified number of digits from the address. "^88" specifies the original destination string must begin with 88. "(..)" matches any two digits. "(.*)" specifies the string can end with any number, 0-9, and can occur zero or more times. Thus any address that starts with 88 and has four or more digits will be rewritten to start with 99 and omit the third and fourth digits. For example, 881234 will change to 9934.

x25 route ^88(..)(.*) substitute-dest 99\2 interface serial 0

The following example looks for a specified destination address and changes the source address. "9999" is the destination address. The original source address changes to "2222" because the call is made to the destination 9999.

x25 route ^9999$ substitute-source 2222 interface serial 0

The following example shows insertions and removals in the X.121 address as calls from the X.25 network get routed to X.25 devices. For a call coming from interface serial 0 with a called address starting with 2, the 2 is stripped off the called address and the call forwarded to serial interface 2. For a call coming from interface serial 2 with any calling address, a 2 will be inserted to its calling address and the call forwarded to serial interface 0.

x25 route ^02(.*) input-interface serial0 substitute-dest \1 interface serial2

x25 route input-interface serial2 source .* substitute-source 2\0 interface serial0

The following example shows how to insert the X.121 address to forward calls among local X.25 devices. For a call on interface 1 with a called address of 0255 and any calling address, the call is forwarded to serial interface 2 with a called address of 55 and a calling address inserted with 01. The continue keyword continues address substitution without address forwarding.

x25 route input-interface serial1 source .* substitute-source 01\0 continue

x25 route input-interface serial2 source .* substitute-source 02\0 continue

x25 route ^01(.*) substitute-dest \1 interface serial1

x25 route ^02(.*) substitute-dest \1 interface serial2

The following example rewrites the source address based on the source address. "9999" matches any destination address with four consecutive 9s. "^...(.*)" matches any source address with at least three digits; the command removes the first three digits and rewrites any digits after the first three as the new source address. For example, a call to 9999 from the source address 77721 will be forwarded using the calling address 21 and the called address 9999.

x25 route 9999 source ^...(.*) substitute-source \1 interface serial 0

The following example adds a digit to the source and destination addresses patterns. "09990" is the destination address pattern. The source can be any address. "9\0" specifies to add a leading 9 to the destination address pattern. "3\0" specifies to add a leading 3 to the source address pattern. For example, a call using source 03330 and destination 09990 will change to 303330 and 909990, respectively.

x25 route 09990 source .* substitute-dest 9\0 substitute-source 3\0 interface serial 0

Related Commands

x25 routing

To enable X.25 switching or tunneling, use the x25 routing command in global configuration mode. To disable the forwarding of X.25 calls, use the no form of this command.

x25 routing [acknowledge local | acknowledge end-to-end] [tcp-use-if-defs]

no x25 routing [acknowledge local | acknowledge end-to-end] [tcp-use-if-defs]

Syntax Description

Defaults

This command has no default values.

Command Modes

Global configuration

Command History

Usage Guidelines

The x25 routing command enables X.25 switching between the X.25 services (X.25, Connection-Mode Network Service [CMNS] and X.25 over TCP [XOT], and Annex G). X.25 calls will not be forwarded until this command is issued.

The acknowledge local and acknowledge end-to-end keywords are optional, with acknowledge end-to-end being the default. To confirm what type of acknowledgment has been set, use the show protocol command.

The tcp-use-if-defs keyword may be needed for receiving XOT calls from routers using older software versions. Normally, calls received over a TCP connection (remote routing reception) will have the flow control parameters (window sizes and maximum packet sizes) indicated, because proper operation of routed X.25 requires that these values match at both ends of the connection.

Some previous versions of Cisco IOS software, however, do not ensure that these values are present in all calls. In this case, the Cisco IOS software normally forces universally acceptable flow control values (window sizes of 2 and maximum packet sizes of 128) on the connection. Because some equipment disallows modification of the flow control values in the call confirm, the tcp-use-if-defs keyword causes the router to use the default flow control values of the outgoing interface and indicate the resulting values in the call confirm. This modified behavior may allow easier migration to newer versions of the Cisco IOS software.

Examples

The following example enables X.25 routing:

x25 routing

The following example enables X.25 routing with local acknowledgment:

x25 routing acknowledge local

x25 security call-conf address out

To suppress the addresses in transmitted X.25 Call Confirm packets or to specify that the addresses originally received in a Call packet are to be encoded in the Call Confirm packet, use the no x25 security call-conf address out command in interface configuration or X.25 profile configuration mode. To reenable standard X.25 procedure for handling addresses in Call Confirm packets, use the x25 security call-conf address out command.

x25 security call-conf address out

no x25 security call-conf address out source {suppress | unmodified} dest {suppress | unmodified}

Syntax Description

Defaults

Addresses presented in X.25 Call Confirm packets are determined according to X.25 protocol standards.

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

Network devices that implement nonstandard X.25 service may have special requirements for address encoding in Call Confirm packets. The no x25 security call-conf address out command enables you to control the source and destination addresses that are encoded in outgoing Call Confirm packets. You can suppress the addresses completely, or you can specify that the addresses originally presented in the received Call packet be encoded unmodified in the Call Confirm packet.

Caution X.25 specifies address signaling behavior as a security measure to ensure that connecting devices are given clear notice of a call setup that encountered redirection, deflection, or distribution to an alternate destination. Disabling these security features should be done only when the risks of doing so are understood and acceptable.

When address suppression is configured, any address block in the Call Confirm packet will specify the null address (zero digits) for the suppressed addresses.

X.25 Call Confirm address control can be configured on a main interface or an X.25 profile. When this functionality is configured on an interface, all Call Confirm packets sent over the services that use that interface will be affected, including SVCs that use a configuration from a subinterface. When this functionality is configured on an X.25 profile, all services using that profile will be affected.

Examples

The following example shows how to suppress both the source and destination addresses in Call Confirm packets:

interface serial 0

 no ip address

 encapsulation x25

 no x25 security call-conf address out source suppress dest suppress

Related Commands

x25 security clamn

To reenable the Called Line Address Modified Notification (CLAMN) security signaling facility when it has been disabled, use the x25 security clamn command in interface configuration mode. To disable the (CLAMN) security signaling facility in X.25 Call Confirm packets, use the no form of this command.

x25 security clamn

no x25 security clamn

Syntax Description

This command has no arguments or keywords.

Defaults

The X.25 CLAMN security signaling facility is enabled.

Command Modes

Interface configuration

Command History

Usage Guidelines

The X.25-class services use the CLAMN security signaling facility in X.25 Call Confirm packets to notify the originator of the Call that a security event occurred during X.25 Call setup. The encoding of this facility specifies the reason for the signal, and the X.25 Recommendation also permits the Call Confirm packet to encode a different destination address when it encodes this facility. There are a number of reasons that can be encoded by the CLAMN facility. The Cisco X.25 hunt group implementation will cause the router to signal the hunt group event back to the X.25 Call originator using the CLAMN facility.

Caution X.25 security signaling facilities are used to explicitly notify the connecting stations of events that might raise security issues if they were not signaled. Suppression of these facilities should be configured only when the attached equipment and network configurations are sufficiently secure that the signaled information is unnecessary.

If no X.25 security issues apply, a network administrator may configure an X.25-class service to suppress the signaling of the CLAMN facility in Call Confirm packets using the no x25 security clamn command on an interface or x25 profile. This configuration may be necessary if the attached device or eventual recipient of the Call Confirm will not participate in a connection when the CLAMN security facility is encoded.

The X.25 Recommendations specify that the CLAMN facility must be present in the X.25 Call Confirm packet if that packet encodes a destination address that is not the null address and that differs from the address encoded in the Call packet. Therefore, when the no x25 security clamn command is used to suppress the encoding of the CLAMN facility, it will also suppress the encoding of the destination address; that is, if the address block is encoded in the Call Confirm packet, the destination address will be encoded as the null address (zero digits).

This command can be configured with the International Telecommunication Union Telecommunication Standardization Sector (ITU-T.) 1980 X.25 recommendation mode with no error, although the 1980 mode does not define the CLAMN facility.

Examples

The following example shows how to suppress the CLAMN security signaling facility:

interface serial 0

  no ip address

  encapsulation x25

  no x25 security clamn

Related Commands

x25 security crcdn

To reenable the Call Redirection/Call Deflection Notification (CRCDN) security signaling facility when it has been disabled, use the x25 security crcdn command in interface configuration mode. To disable the CRCDN security signaling facility in X.25 Call packets, use the no form of this command.

x25 security crcdn

no x25 security crcdn

Syntax Description

This command has no arguments or keywords.

Defaults

The CRCDN security signaling facility is enabled.

Command Modes

Interface configuration

Command History

Usage Guidelines

The X.25-class services use the CRCDN security signaling facility in X.25 call packets to notify the destination of the Call that a security event occurred during call processing. The encoding of this facility specifies the reason for the signal and the destination address that originally occurred in the call. There are a number of reasons that can be encoded by the CRCDN facility. The Cisco X.25 hunt group implementation will cause the router to signal the hunt group event to the X.25 call destination using the CRCDN facility.

Caution X.25 security signaling facilities are used to explicitly notify the connecting stations of events that might raise security issues if they were not signaled. Suppression of these facilities should be configured only when the attached equipment and network configurations are sufficiently secure that the signaled information is unnecessary.

If no X.25 security issues apply, a network administrator may configure an X.25-class service to suppress the signaling of the CRCN facility in call packets using the no x25 security crcdn command on an interface or X.25 profile. This configuration may be necessary if the attached device or eventual recipient of the X.25 call will not participate in a connection when the CRCDN security facility is encoded.

This command can be configured with the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) 1980 X.25 recommendation mode with no error, although the 1980 mode will always suppress the CRCDN facility.

Examples

The following example shows how to suppress the CRCDN security signaling facility:

interface serial 0

  no ip address

  encapsulation x25

  no x25 security crcdn

Related Commands

x25 subscribe cug-service

To enable and control standard closed user group (CUG) service, use the x25 subscribe cug-service command in the appropriate interface, line, or X.25 profile configuration mode. To disable standard CUG service, use the no form of this command.

x25 subscribe cug-service [incoming-access] [outgoing-access] [suppress preferential | suppress all]

no x25 subscribe cug-service [incoming-access | outgoing-access] [suppress preferential | suppress all]

Syntax Description

Defaults

No incoming access and no outgoing access. (This is the most restrictive setting.)
CUG selection facilities are not suppressed.

Command Modes

Interface configuration
Line configuration
X.25 profile configuration

Command History

Usage Guidelines

When entering this command, specify the incoming-access or the outgoing-access keyword or both, unless you intend to have neither incoming nor outgoing access on the interface.

This command assumes that an X.25 network connection is being implemented and observes rules defined by X.25 and X.301 for CUG access. This command is enabled on a per-interface or per-line basis. Use this command to modify existing specified options without otherwise affecting the CUGs already defined.

The x25 subscribe cug-service command can be used to configure CUG security on synchronous X.25 data communications equipment (DCE) interfaces or terminal lines. A CUG service can be applied to console lines, auxiliary lines, standard asynchronous lines, and virtual terminal lines. A line configured for CUG service will apply CUG security to packet assembler/disassembler (PAD), X.28 mode, and protocol translation sessions. CUG protection is applied to incoming calls destined for the terminal line and call requests specified from the line.

The CUG selection facility suppression options are not available for terminal lines because incoming PAD calls are terminated by the line.

Use the x25 subscribe cug-service command with the suppress preferential or suppress all keywords to configure CUG selection facility suppression. The CUG selection facility suppression options are available on synchronous X.25 DCE interfaces only; they are not available on terminal lines because incoming PAD calls are terminated by the line.

The following restrictions apply to the x25 subscribe cug-service command:

•Disabling this command deconfigures all the CUGs defined for the device and disables all CUG-related commands, but it does not terminate the associated CUG switched virtual circuit (SVC) connections.

•The DTE cannot call the open part of the network unless the outgoing-access option is configured. Even if outgoing-access is permitted, the DCE will enforce any additional CUG requirements when handling an outgoing call (call request) from the DTE.

•The DTE will not receive calls from the open part of the network unless the incoming-access option is configured. Even if incoming-access is permitted, the DCE will enforce any additional CUG requirements before presenting an incoming call to the DTE.

Examples

CUG Service on a Terminal Line: Example

The following example shows the configuration of CUG behavior on asynchronous line 1 and virtual terminal lines 0 to 9. The users of virtual terminal lines 0 to 9 have access only within the corporate CUGs designated for engineering (CUG 1102 or 1103); any call from a network X.25-class service destined for the line will be refused unless the inbound point of presence (POP) has validated it as a member of one of those two CUGs.

line vty 0 9

 Location Company A. Engineering Access

 x25 subscribe cug-service

 x25 subscribe local-cug 2 network-cug 1102 preferential

 x25 subscribe local-cug 3 network-cug 1103

CUG Service with CUG Selection Facility Suppression and Incoming Access: Example

In the following example, CUG selection facility suppression and incoming access are configured for all CUGs, including the preferred CUG on the X.25 profile:

x25 profile CUG-SUPRS-ALL dce 

 x25 subscribe cug-service incoming-access suppress all 

 x25 subscribe local-cug 0 network-cug 10 preferential 

 x25 subscribe local-cug 20 network-cug 202 

 x25 subscribe local-cug 40 network-cug 40 

CUG Service with Incoming and Outgoing Access: Example

The following example shows subscribing to both incoming and outgoing CUG service on the interface:

interface serial0

 encapsulation x25 dce

 x25 subscribe cug-service incoming-access outgoing-access

Related Commands

x25 subscribe flow-control

To control flow control parameter negotiation facilities in call setup packets, use the x25 subscribe flow-control command in interface or X.25 profile configuration mode. To have flow control parameter negotiation facilities included in call setup (outgoing) packets only when their values differ from the default values, use the no form of this command.

x25 subscribe flow-control {always | never}

no x25 subscribe flow-control

Syntax Description

Defaults

Flow control parameter negotiation facilities are included only when the parameter values differ from the default values.

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

This command has three states—default behavior (no x25 subscribe flow-control), facilities always included, or facilities never included (flow control parameter negotiation is not enabled).

This command controls inclusion of the X.25 flow control parameter negotiation facilities in call setup packets. By default, these facilities are included in call setup packets only when their values differ from the default values.

Configuring the no x25 subscribe flow-control command restores the default behavior. This only includes facilities outbound call setup packets when the requested values do not match the interface defaults.

This command can also be used in X.25 profile configuration mode.

Examples

The following example shows flow control parameter negotiation disabled on serial interface 1/4:

Router(config)# interface serial 1/4

Router(config-if)# x25 subscribe flow-control never

Related Commands

x25 subscribe local-cug

To configure subscription to a specific closed user group (CUG), use the x25 subscribe local-cug command in interface configuration or line configuration mode. To remove the CUG subscription, use the no form of this command.

x25 subscribe local-cug number network-cug number [no-incoming | no-outgoing | preferential]

no x25 subscribe local-cug number network-cug number [no-incoming | no-outgoing | preferential]

Syntax Description

Defaults

Incoming and outgoing access.
Preferential (if this is the only CUG specified).

Command Modes

Interface configuration
Line configuration

Command History

Usage Guidelines

The first x25 subscribe local-cug command in a group of configurations will automatically enable CUG service behavior on the interface or line, if it is not already enabled, with the default setting of no public access.

The x25 subscribe cug-service command can be used to configure CUG subscription on X.25 synchronous data communications equipment (DCE) interfaces, console lines, auxiliary lines, standard asynchronous lines, and virtual terminal lines. A line configured for CUG service will apply CUG security to packet assembler/disassembler (PAD), X.28 mode, and protocol translation sessions. CUG protection is applied to incoming calls destined for the terminal line and call requests specified from the line.

A CUG number has only local significance. Because CUG service is a cooperative process among the network attachments (DCE devices), the local CUG number may have to be translated into a number that is significant to the network as a whole. For instance, two DTE devices may use CUG numbers 1 and 5 to refer to the global CUG number 1043 of the network. In this instance, both DCE devices would be configured to translate between the local CUG number of their DTE and the network CUG number. Duplicate network CUG identifiers are permitted for different local CUG identifiers.

A DTE subscription to a CUG that also includes the no-incoming option prevents incoming calls on that CUG (however, the DTE may still receive calls within other CUGs to which it is subscribed, or from the open network if incoming public access is subscribed).

CUG subscription of a DTE will not permit an outgoing call (call request) from the CUG if the no-outgoing option is configured.

The CUG will be assumed to be set to preferential (preferred) if there is only one CUG subscribed on that interface.

Examples

X.25 CUG Subscription on an Interface: Example

The following example subscribes local CUGs 5000, 100, 200, and 300 to networks 55, 11, 22, and 33, respectively, with local CUG 5000 being set as the preferred CUG:

Router(config)# interface serial0

Router(config-if)# encapsulation x25 dce

Router(config-if)# x25 subscribe cug-service incoming-access outgoing-access

Router(config-if)# x25 subscribe local-cug 5000 network-cug 55 preferential

Router(config-if)# x25 subscribe local-cug 100 network-cug 11

Router(config-if)# x25 subscribe local-cug 200 network-cug 22

Router(config-if)# x25 subscribe local-cug 300 network-cug 33

X.25 CUG Subscription on a Terminal Line: Example

The following example shows the configuration of CUG behavior on asynchronous line 1 and virtual terminal lines 0 to 9. The users of virtual terminal lines 0 to 9 have access only within the corporate CUGs designated for engineering (CUG 1102 or 1103); any call from a network X.25-class service destined for the line will be refused unless the inbound POP has validated it as a member of one of those two CUGs.

Router(config)# line vty 0 9

Router(config-line)# Location Company A. Engineering Access

Router(config-line)# x25 subscribe cug-service

Router(config-line)# x25 subscribe local-cug 2 network-cug 1102 preferential

Router(config-line)# x25 subscribe local-cug 3 network-cug 1103

Related Commands

x25 subscribe packetsize

To set permitted and target ranges for packet size during flow control negotiation, use the x25 subscribe packetsize command in interface configuration mode. To revert to the default packet size ranges, use the no form of this command.

x25 subscribe packetsize {[permit wmin wmax] [target wmin wmax]}

no x25 subscribe packetsize {[permit wmin wmax] [target wmin wmax]}

Syntax Description

Defaults

None

Command Modes

Interface configuration

Command History

Usage Guidelines

The x25 subscribe packetsize command lets you specify the range of permitted and target values for packet size. These are called flow control parameter negotiation facilities. You can specify the permitted minimum and maximum packet sizes and target values for packet transmission (16 to 4096 as a power of two). Setting these values outside the permitted range will result in connection failure. The router attempts to negotiate values within the target range, but will only allow values outside the target range to be negotiated as long as the negotiation complies with the procedure defined in X.25 recommendations.

This command should be configured separately on both the data terminal equipment (DTE) and data circuit-terminating equipment (DCE), so that the permit range will be compatible and calls will be able to pass through the network. The target range is less critical. It only needs to be set on the Cisco router conducting the switching.

The effective ranges will be further constrained by other configuration options including the selection of normal (modulo 8) or extended (modulo 128) sequence numbers, the maximum packet size supported by the interface, and the x25 subscribe flow-control command.

Examples

The following example shows X.25 local acknowledgment being configured on serial interface 1/4, with packet size ranges being set at a permitted rate of 64 (minimum) and 1024 (maximum) and target rate of 128 (minimum) and 1024 (maximum):

Router(config)# x25 routing acknowledge local

Router(config)# interface serial 1/4

Router(config-if)# encapsulation x25 dte

Router(config-if)# x25 subscribe packetsize permit 64 1024 target 128 1024

Related Commands

x25 subscribe throughput

To enable a router to negotiate X.25 throughput for end devices, use the x25 subscribe throughput command in interface configuration mode. To disable this feature, use the no form of this command.

x25 subscribe throughput {never | basic}

no x25 subscribe throughput

Syntax Description

Command Default

No X.25 throughput negotiation is performed by the router for end devices.

Command Modes

Interface configuration

Command History

Examples

In this example, the end device never expects the throughput facility field to be present in incoming call setup packets:

Router> enable

Router# configure terminal

Router(config)# interface serial2/0

Router(config-if)# x25 subscribe throughput never

Router(config-if)# exit

In this example, the end device always expects the throughput facility field to be present in incoming call setup packets:

Router> enable

Router# configure terminal

Router(config)# interface serial0/0

Router(config-if)# x25 subscribe throughput basic

Router(config-if)# exit

In this example, the active throughput negotiation capability on the just-illustrated interface (Serial 0/0) is disabled:

Router(config)# interface serial0/0

Router(config-if)# no x25 subscribe throughput

Router(config-if)# exit

Related Commands

x25 subscribe windowsize

To set permitted and target ranges for window size during flow control negotiation, use the x25 subscribe windowsize command in interface configuration mode. To revert to the default window size ranges, use the no form of this command.

x25 subscribe windowsize {[permit wmin wmax] [target wmin wmax]}

no x25 subscribe windowsize {[permit wmin wmax] [target wmin wmax]}

Syntax Description

Defaults

This command has no default values.

Command Modes

Interface configuration

Command History

Usage Guidelines

The x25 subscribe windowsize command lets you specify the range of permitted and target values for window size. These are called flow control values. You can specify the permitted minimum and maximum window size permitted and target values for packet transmission (1 to 127) at one time. Setting these values outside the permitted range may result in connection failure. The router attempts to negotiate values within the target range, but will only allow values outside the target range to be negotiated as long as the negotiation complies with the procedure defined in X.25 recommendations.

The effective ranges will be further constrained by other configuration options including the selection of normal (modulo 8) or extended (modulo 128) sequence numbers, the maximum window size supported by the interface, and the x25 subscribe flow-control command.

Examples

The following example shows X.25 local acknowledgment being configured on serial interface 1/4, with window size ranges being set at a permitted rate of 1 (minimum) and 7 (maximum) and target rate of 2 (minimum) and 4 (maximum):

Router(config)# x25 routing acknowledge local

Router(config)# interface serial 1/4

Router(config-if)# encapsulation x25 dte

Router(config-if)# x25 subscribe windowsize permit 1 7 target 2 4

Related Commands

x25 suppress-called-address

To omit the destination address in outgoing calls, use the x25 suppress-called-address command in interface configuration mode. To reset this command to the default state, use the no form of this command.

x25 suppress-called-address

no x25 suppress-called-address

Syntax Description

This command has no arguments or keywords.

Defaults

The called address is sent.

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

This command omits the called (destination) X.121 address in Call Request packets and is required for networks that expect only subaddresses in the Called Address field.

Examples

The following example suppresses or omits the called address in Call Request packets:

interface serial 0

 x25 suppress-called-address

x25 suppress-calling-address

To omit the source address in outgoing calls, use the x25 suppress-calling-address command in interface configuration mode. To reset this command to the default state, use the no form of this command.

x25 suppress-calling-address

no x25 suppress-calling-address

Syntax Description

This command has no arguments or keywords.

Defaults

The calling address is sent.

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

This command omits the calling (source) X.121 address in Call Request packets and is required for networks that expect only subaddresses in the Calling Address field.

Examples

The following example suppresses or omits the calling address in Call Request packets:

interface serial 0

 x25 suppress-calling-address

x25 t10

To set the value of the Restart Indication retransmission timer (T10) on data communications equipment (DCE) devices, use the x25 t10 command in interface configuration mode.

x25 t10 seconds

Syntax Description

Defaults

60 seconds

Command Modes

Interface configuration
X.25 profile configuration

Command History

Examples

The following example sets the T10 timer to 30 seconds:

interface serial 0

 x25 t10 30

x25 t11

To set the value of the Incoming Call timer (T11) on data communications equipment (DCE) devices, use the x25 t11 command in interface configuration mode.

x25 t11 seconds

Syntax Description

Defaults

180 seconds

Command Modes

Interface configuration
X.25 profile configuration

Command History

Examples

The following example sets the T11 timer to 90 seconds:

interface serial 0

 x25 t11 90

x25 t12

To set the value of the Reset Indication retransmission timer (T12) on data communications equipment (DCE) devices, use the x25 t12 command in interface configuration mode.

x25 t12 seconds

Syntax Description

Defaults

60 seconds

Command Modes

Interface configuration
X.25 profile configuration

Command History

Examples

The following example sets the T12 timer to 30 seconds:

interface serial 0

 x25 t12 30

x25 t13

To set the value of the Clear Indication retransmission timer (T13) on data communications equipment (DCE) devices, use the x25 t13 command in interface configuration mode.

x25 t13 seconds

Syntax Description

Defaults

60 seconds

Command Modes

Interface configuration
X.25 profile configuration

Command History

Examples

The following example sets the T13 timer to 30 seconds:

interface serial 0

 x25 t13 30

x25 t20

To set the value of the Restart Request retransmission timer (T20) on data terminal equipment (DTE) devices, use the x25 t20 command in interface configuration mode.

x25 t20 seconds

Syntax Description

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Examples

The following example sets the T20 timer to 90 seconds:

interface serial 0

 x25 t20 90

x25 t21

To set the value of the Call Request timer (T21) on data terminal equipment (DTE) devices, use the x25 t21 command in interface configuration mode.

x25 t21 seconds

Syntax Description

Defaults

200 seconds

Command Modes

Interface configuration

Command History

Examples

The following example sets the T21 timer to 100 seconds:

interface serial 0

 x25 t21 100

x25 t22

To set the value of the Reset Request retransmission timer (T22) on data terminal equipment (DTE) devices, use the x25 t22 command in interface configuration mode.

x25 t22 seconds

Syntax Description

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Examples

The following example sets the T22 timer to 90 seconds:

interface serial 0

 x25 t22 90

x25 t23

To set the value of the Clear Request retransmission timer (T23) on data terminal equipment (DTE) devices, use the x25 t23 command in interface configuration mode.

x25 t23 seconds

Syntax Description

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Examples

The following example sets the T23 timer to 90 seconds:

interface serial 0

 x25 t23 90

x25 threshold

To set the data packet acknowledgment threshold, use the x25 threshold command in interface configuration mode.

x25 threshold delay-count

Syntax Description

Defaults

0 (which disables the acknowledgment threshold)

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

This command instructs the router to send acknowledgment packets when it is not busy sending other packets, even if the number of input packets has not reached the input window size count.

The router sends an acknowledgment packet when the number of input packets reaches the count you specify, providing there are no other packets to send. For example, if you specify a count of 1, the router will send an acknowledgment per input packet if it is unable to "piggyback" the acknowledgment of an outgoing data packet. This command improves line responsiveness at the expense of bandwidth.

This command only applies to encapsulated traffic over X.25 (datagram transport), not to routed traffic.

Examples

The following example sends an explicit Receiver Ready acknowledgment when it has received 5 data packets that it has not acknowledged:

interface serial 1

 x25 threshold 5

Related Commands

x25 use-source-address

To override the X.121 addresses of outgoing calls forwarded over a specific interface, use the x25 use-source-address command in interface configuration mode. To prevent updating the source addresses of outgoing calls, use the no form of this command.

x25 use-source-address

no x25 use-source-address

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

Some X.25 calls, when forwarded by the X.25 switching support, need the calling (source) X.121 address updated to that of the outgoing interface. This update is necessary when you are forwarding calls from private data networks to public data networks (PDNs).

Examples

The following example shows how to prevent updating the source addresses of outgoing X.25 calls on serial interface 0 once calls have been forwarded:

interface serial 0

 no x25 use-source-address

x25 version

To specify the X.25 behavior set that is to be used for X.25-class services (X.25, Annex G, and CMNS) and X.25 profiles, use the x25 version command in interface configuration mode or X.25 profile configuration mode. To restore the default value (the 1984 X.25 behavior set), use the no form of this command.

x25 version {1980 | 1984 | 1988 | 1993}

no x25 version

Syntax Description

Defaults

The behavior set defined by the CCITT 1984 X.25 recommendation is used.

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

The x25 version command is typically used to access functionality that is available in other X.25 behavior sets and to prevent problems that arise when a network is attached to X.25 devices that use nonstandard or older behavior sets. Table 126 describes some common problems that can be solved by specifying a particular X.25 behavior set.

Examples

The following example configures an interface to use the 1980 X.25 behavior set:

Router# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# interface serial 3/2

Router(config-if)# x25 version 1980

Router(config-if)# end

The following example enables CMNS on Ethernet interface 0/0 and configures the interface to use the 1988 X.25 behavior set:

Router# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

Router(config)# interface Ethernet0/0

Router(config-if)# cmns enable

Router(config-if)# x25 version 1988

Router(config-if)# end

The following example configures an X.25 profile to use the 1993 X.25 behavior set:

Router(config)# x25 profile annexg dxe

Router(config-if)# x25 version 1993

Router(config-if)# end

x25 win

To change the default incoming window size to match that of the network, use the x25 win command in interface configuration mode.

x25 win packets

Syntax Description

Defaults

2 packets

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

This command determines the default number of packets a virtual circuit can receive before sending an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the largest number that the network allows.

Note Set x25 win and x25 wout to the same value unless your network supports asymmetric input and output window sizes.

Examples

The following example specifies that 5 packets may be received before an X.25 acknowledgment is sent:

interface serial 1

 x25 win 5

Related Commands

x25 wout

To change the default outgoing window size to match that of the network, use the x25 wout command in interface configuration mode.

x25 wout packets

Syntax Description

Defaults

2 packets

Command Modes

Interface configuration
X.25 profile configuration

Command History

Usage Guidelines

This command determines the default number of packets a virtual circuit can send before waiting for an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the largest number that the network allows.

Note Set x25 win and x25 wout to the same value unless your network supports asymmetric input and output window sizes.

Examples

The following example specifies a default limit of 5 for the number of outstanding unacknowledged packets for virtual circuits:

interface serial 1

 x25 wout 5

Related Commands

x29 access-list

To limit access to the access server from certain X.25 hosts, use the x29 access-list command in global configuration mode. To delete an entire access list, use the no form of this command.

x29 access-list access-list-number {deny | permit} x121-address

no x29 access-list access-list-number

Syntax Description

Defaults

No access lists are defined.

Command Modes

Global configuration

Command History

Usage Guidelines

The service pad global configuration command must be configured before the x29 access-list command can be used.

An access list can contain any number of access list items. The list items are processed in the order in which you entered them, with the first match causing the permit or deny condition. If an X.121 address does not match any of the regular expressions in the access list, access is denied.

Access lists take advantage of the message field defined by Recommendation X.29, which describes procedures for exchanging data between two PADs, or between a PAD and a DTE device.

The UNIX-style regular expression characters allow for pattern matching of characters and character strings in the address. Various pattern-matching constructions are available that allow many addresses to be matched by a single regular expressions. For more information, refer to the "Regular Expressions" appendix in the Cisco IOS Terminal Services Configuration Guide.

The access lists must be applied to a vty with the access-class command.

Examples

The following example permits connections to hosts with addresses beginning with the string 31370:

x29 access-list 2 permit ^31370

Related Commands

x29 profile

To create a packet assembler/disassembler (PAD) profile script for use by the translate command, use the x29 profile command in global configuration mode.

x29 profile {default | name} parameter:value [parameter:value]

Syntax Description

Defaults

The default PAD profile script is used. The default for inbound connections is:

2:0 4:1 15:0 7:21

Command Modes

Global configuration

Command History

Usage Guidelines

The service pad global configuration command must be configured before the x29 profile command can be used.

When an X.25 connection is established, the access server acts as if an X.29 Set Parameter packet had been sent containing the parameters and values set by the x29 profile command and sets the access server accordingly.

For incoming PAD connections, the Protocol Translator uses a default PAD profile to set the remote X.3 PAD parameters unless a profile script is defined with the translate command.

Note If you set the X.29 profile to "default," the profile is applied to all incoming X.25 PAD calls, including the calls used for protocol translation.

Examples

The following profile script turns local edit mode on when the connection is made and establishes local echo and line termination upon receipt of a Return packet. The name linemode is used with the translate command to effect use of this script.

x29 profile linemode 2:1 3:2 15:1

To override the default PAD profile, create a PAD profile script named "default" by using the following command:

x29 profile default 2:1 4:1 15:0 4:0

Related Commands

x29 inviteclear-time

To configure the time taken by the router to wait before responding to the X.29 invite clear message, use the x29 inviteclear-time command in global configuration mode. To disable the configuration, use the no form of this command.

x29 inviteclear-time seconds

no x29 inviteclear-time seconds

Syntax Description

Command Default

The router waits 30 seconds before responding to X.29 invite clear messages.

Command Modes

Global configuration (config)

Command History

Examples

The following example shows how to configure the response time of 6 seconds for the router to wait before responding to the X.29 invite clear message:

Router# enable

Router(config)# x29 inviteclear-time 6

Related Commands

xconnect

To bind an attachment circuit to a pseudowire, and to configure an Any Transport over MPLS (AToM) static pseudowire, use the xconnect command in one of the supported configuration modes. To restore the default values, use the no form of this command.

xconnect peer-ip-address vc-id {encapsulation {l2tpv3 [manual] | mpls [manual]} | pw-class pw-class-name} [pw-class pw-class-name] [sequencing {transmit | receive | both}]

no xconnect

Cisco uBR10012 Router and Cisco uBR7200 Series Universal Broadband Routers

xconnect peer-ip-address vc-id encapsulation mpls [pw-type]

no xconnect peer-ip-address vc-id encapsulation mpls [pw-type]

Syntax Description

Command Default

The attachment circuit is not bound to the pseudowire.

Command Modes

Connect configuration (config-conn)
Interface configuration (config-if)
ATM PVC l2transport configuration (cfg-if-atm-l2trans-pvc)

Command History

Usage Guidelines

The use of the xconnect command and the interface configuration mode bridge-group commands is not supported on the same physical interface.

The combination of the peer-ip-address and vcid arguments must be unique on the router. Each xconnect configuration must have a unique combination of peer-ip-address and vcid configuration.

Note If the remote router is a Cisco 12000 series Internet router, the peer-ip-address argument must specify a loopback address on that router.

The same vcid value that identifies the attachment circuit must be configured using the xconnect command on the local and remote PE router. The VC ID creates the binding between a pseudowire and an attachment circuit.

With the introduction of VPLS Autodiscovery in Cisco IOS Release 12.2(33)SRB, the remote router ID need not be the LDP router ID. The address you specify can be any IP address on the peer, as long as it is reachable. When VPLS Autodiscovery discovers peer routers for the VPLS, the peer router addresses might be any routable address.

Note The VPLS Autodiscovery feature is not supported with L2TPv3.

For L2TPv3, to manually configure the settings used in the attachment circuit, use the manual keyword in the xconnect command. This configuration is called a static session. The router is placed in xconnect configuration mode, and you can then configure the following options:

•Local and remote session identifiers (using the l2tp id command) for local and remote PE routers at each end of the session.

•Size of the cookie field used in the L2TPv3 headers of incoming (sent) packets from the remote PE peer router (using the l2tp cookie local command).

•Size of the cookie field used in the L2TPv3 headers of outgoing (received) L2TP data packets (using the l2tp cookie remote command).

•Interval used between sending hello keepalive messages (using the l2tp hello command).

For L2TPv3, if you do not enter the encapsulation l2tpv3 manual keywords in the xconnect command, the data encapsulation type for the L2TPv3 session is taken from the encapsulation type configured for the pseudowire class specified with the pseudowire-class pw-class-name command.

The pw-class keyword with the pw-class-name value binds the xconnect configuration of an attachment circuit to a specific pseudowire class. In this way, the pseudowire class configuration serves as a template that contains settings used by all attachment circuits bound to it with the xconnect command.

Software prior to Cisco IOS Release 12.2(33)SRB configured pseudowires dynamically using Label Distribution Protocol (LDP) or another directed control protocol to exchange the various parameters required for these connections. In environments that do not or cannot use directed control protocols, the xconnect command allows provisioning an AToM static pseudowire. Use the manual keyword in the xconnect command to place the router in xconnect configuration mode. MPLS pseudowire labels are configured using the mpls label and (optionally) mpls control-word commands in xconnect configuration mode.

The following restrictions apply only if EARL modes are either PFC3B or PFC3BXL and you are running Cisco IOS Release 12.2(33)SXI4 or later releases on your router:

•SPAN is not allowed on an inband port if any physical interface has xconnect configured.

•SPAN is not allowed on a physical interface that also has xconnect configured.

•If an inband port has SPAN configured, then configuring xconnect on any physical interface results in a warning message. You should not proceed with this configuration because it can create an infinite packet loop.

•If a physical port has SPAN configured and you add xconnect on that same interface, a warning message is displayed and we strongly recommend that you do not proceed with such a configuration.

Examples

The following example configures xconnect service for an Ethernet interface by binding the Ethernet circuit to the pseudowire named 123 with a remote peer 10.0.3.201. The configuration settings in the pseudowire class named vlan-xconnect are used.

Router(config)# interface Ethernet0/0.1

Router(config-if)# xconnect 10.0.3.201 123 pw-class vlan-xconnect

The following example enters xconnect configuration mode and manually configures L2TPv3 parameters for the attachment circuit:

Router(config)# interface Ethernet 0/0

Router(config-if)# xconnect 10.0.3.201 123 encapsulation l2tpv3 manual pw-class ether-pw

Router(config-if-xconn) l2tp id 222 111

Router(config-if-xconn) l2tp cookie local 4 54321

Router(config-if-xconn) l2tp cookie remote 4 12345

Router(config-if-xconn) l2tp hello l2tp-defaults

The following example enters xconnect configuration mode and manually configures an AToM static pseudowire. The example shows the configuration for only one side of the connection; the configurations on each side of the connection must be symmetrical.

Router# configure terminal

Router(config)# interface Ethernet1/0

Router(config-if)# no ip address

Router(config-if)# xconnect 10.131.191.252 100 encapsulation mpls manual pw-class mpls

Router(config-if-xconn)# mpls label 100 150

Router(config-if-xconn)# exit

Router(config-if)# exit

The following example shows how to bind an attachment circuit to a pseudowire and configure an AToM service on a Cisco uBR10012 router:

Router# configure terminal

Router(config)# cable l2vpn 0000.396e.6a68 customer1

Router(config-l2vpn)# service instance 2000 Ethernet

Router(config-ethsrv)# xconnect 101.1.0.2 221 encapsulation mpls pw-type 4

Related Commands

xconnect backup force-switchover

To manually force a switchover to an attachment circuit or a pseudowire peer, use the xconnect backup force-switchover command in privileged EXEC mode.

xconnect backup force-switchover interface {interface-info | peer ip-address vcid}

Syntax Description

Command Default

The pseudowire VC will not be changed.

Command Modes

Privileged EXEC (#)

Command History

Usage Guidelines

You can perform a switchover only to an available member in the redundancy group. That is, if the member being specified in the xconnect backup force-switchover command is not available, the command will be rejected.

Examples

The following example shows a Multiprotocol Label Switching (MPLS) xconnect with two redundant peers. The primary xconnect is using IP address 10.55.55.1, VC ID 500.

Router(config)# interface fastethernet1/0

Router(config-if)# xconnect 10.55.55.1 500 encapsulation mpls

Router(config-if-xconn)# backup peer 10.55.55.2 501

!

Router# xconnect backup force-switchover peer 10.55.55.2 501

Entering the xconnect backup force-switchover command will cause the router to switch to the pseudowire with an IP address of 10.55.55.2, VC ID 501.

To switch back to the primary pseudowire, enter the following command:

Router# xconnect backup force-switchover peer 10.55.55.1 500

If the xconnect cannot be switched over to the redundant pseudowire specified by the user, the standard redundancy algorithm will run and select either the primary or the highest secondary VC, depending on current availability.

The following example shows a local switching connection with two redundant peers. The primary xconnect is VLAN subinterface FastEthernet0/1.1 using 802.1Q tag 10. The xconnect is currently established with one of the backup peers when the manual switchover is issued to the primary xconnect.

Router(config)# interface FastEthernet0/0

!

Router(config)# interface FastEthernet0/1.1

Router(config-if)# encapsulation dot1Q 10

!

Router(config)# connect eth-vln FastEthernet0/0 FastEthernet0/1.1 interworking ethernet

Router(config-if)# backup peer 10.55.55.2 501

!

Router# xconnect backup force-switchover interface FastEthernet0/1.1

Entering the xconnect backup force-switchover command will cause the router to switch back to the VLAN subinterface FastEthernet0/1.1. If the xconnect cannot be switched over to the primary VLAN subinterface specified by the user, the standard redundancy algorithm will run and select the highest secondary VC, depending on current availability.

Related Commands

xconnect encapsulation mpls

To configure scalable EoMPLS [SEoMPLS] on a service instance, use the xconnect encapsulation mpls command in service instance mode. To delete the scalable EoMPLS [SEoMPLS] on a service instance, use the no form of this command.

xconnect peer-id vc-id encapsulation mpls

no xconnect peer-id vc-id encapsulation mpls

Syntax Description

Command Default

There are no point-to-point connections configured.

Command Modes

Service instance

Command History

Usage Guidelines

On the ingress side, after proper encapsulation manipulations, packet is tunneled in a EoMPLS VC and transmitted on the core.

The xconnect under service instance is always Scalable EoMPLS. Under the main interface, the type is determined by the line card (hardware or Scalable EoMPLS). We recommend to keep the implementation as scalable EoMPLS for the main interface, to avoid differences in service. The main interface and the service instance xconnect can not coexist in the same physical interface.

Examples

The following example shows how to configure scalable EoMPLS on a service instance:

Router(config-if-srv)# xconnect 10.0.0.1 123 encapsulation mpls

Related Commands

xconnect logging redundancy

To enable system message log (syslog) reporting of the status of the xconnect redundancy group, use the xconnect logging redundancy command in global configuration mode. To disable syslog reporting of the status of the xconnect redundancy group, use the no form of this command.

xconnect logging redundancy

no xconnect logging redundancy

Syntax Description

This command has no arguments or keywords.

Command Default

Syslog reporting of the status of the xconnect redundancy group is disabled.

Command Modes

Global configuration (config)

Command History

Usage Guidelines

Use this command to enable syslog reporting of the status of the xconnect redundancy group.

Examples

The following example enables syslog reporting of the status of the xconnect redundancy group and shows the messages that are generated during switchover events:

Router(config)# xconnect logging redundancy

Activating the primary member:

00:01:07: %XCONNECT-5-REDUNDANCY: Activating primary member 10.55.55.2:1000

Activating the backup member:

00:01:05: %XCONNECT-5-REDUNDANCY: Activating secondary member 10.55.55.3:1001

Related Commands

xot access-group

To control access to X.25 over TCP (XOT) and allow IP addresses permitted by the access list to have unique X.25 configuration, use the xot access-group command in global configuration mode. To delete an XOT access group, use the no form of this command.

xot access-group access-list-number [profile profile-name]

no xot access-group access-list-number

Syntax Description

Defaults

No XOT access group is defined, and default X.25 parameter settings apply to XOT connections.

Command Modes

Global configuration

Command History

Usage Guidelines

The xot access-group command allows you to create XOT access groups by associating an IP access list with XOT. The access list provides a pass or fail indicator of whether a particular IP address is authorized.

Only standard IP access lists are supported.

XOT access groups are sorted by access-group number. When a new XOT connection is made, the IP address is tested against the access list of the first access group. If the IP address does not match the first list, the second list is tested, and so on.

The xot access-group command disables the legacy XOT functionality and enables the new XOT access behavior. If you enter the xot access-group after the legacy XOT context has been created, the message "Active connection(s) will terminate [confirm]" will be displayed if any XOT connections are active. If the message is confirmed, any active XOT connections using the legacy context will be detached. The legacy context will then be deleted.

Deleting an XOT access group by entering the no xot access-group command will cause the message "Active connection(s) will terminate [confirm]" to be displayed if any connections are active. Confirming the message will cause active connections using the access list to be detached and the associated XOT context to be deleted.

XOT access groups can be associated with X.25 profiles. By this means, the IP addresses specified in the access list can have a unique X.25 configuration. An access group can be associated with one X.25 profile. If an access group is not associated with an X.25 profile, then the XOT connections associated with the access group will use the default X.25 configuration.

The X.25 profile must already exist and must specify a data exchange equipment (DXE) station type before it can be associated with an XOT access group. The station type of a profile cannot be changed once the profile is created.

An X.25 profile can be associated with multiple access groups.

Examples

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections: Example

In the following example, an access list is defined to permit all XOT connections. All XOT connections will use the X.25 configuration defined in the X.25 profile called "NEW-DEFAULT".

! Create a DXE station type profile with any name and configure the X.25 parameters under 
! the named profile 

!

x25 profile NEW-DEFAULT dxe 

 x25 address 12345 

 x25 modulo 128 

 x25 win 15 

 x25 wout 15 

 x25 ips 256 

 x25 ops 256 

!

! Define an IP standard access list to permit any XOT connection

!

access-list 10 permit any

!

! Apply the access list and X.25 profile to all XOT connections 

!

xot access-group 10 profile NEW-DEFAULT

Restricted XOT Access with Multiple X.25 Parameter Configurations: Example

In the following example, XOT connections permitted by access list 10 will use the default X.25 configuration. XOT connections permitted by access list 22 will use the X.25 configuration that is defined in the X.25 profile named TRANSPAC.

! Define the IP access lists by specifying an IP access list number and access condition

!

ip access-list standard 10 

 permit 10.0.155.9 

 deny any 

ip access-list standard 22 

 permit 171.69.0.0 0.0.255.255 log 

 deny any

!

! Apply the default X.25 configuration to XOT connections permitted by access list 10

!

xot access-group 10 

!

! Configure an X.25 profile with station type DXE

!

x25 profile TRANSPAC dxe 

 x25 modulo 128 

 x25 win 80 

 x25 wout 80 

 x25 default pad

! Apply the X.25 profile to XOT connections permitted by access list 22

!

xot access-group 22 profile TRANSPAC

Related Commands