Cisco IOS Wide-Area Networking Configuration Guide, Release 12.4T
X.25 over TCP Profiles
Downloads: This chapterpdf (PDF - 149.0KB) The complete bookPDF (PDF - 6.69MB) | Feedback

X.25 over TCP Profiles

Table Of Contents

X.25 over TCP Profiles

Feature Overview

X.25 over TCP Profiles Functional Description

XOT Access Groups

X.25 Profiles for XOT

Benefits

Restrictions

Related Documents

Supported Platforms

Supported Standards and MIBs and RFCs

Prerequisites

Configuration Tasks

Configuring an XOT Access Group

Verifying XOT Access Groups

Troubleshooting Tips

Configuration Examples

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

Restricted XOT Access with Default X.25 Parameters for All XOT Connections Example

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

Glossary


X.25 over TCP Profiles


Feature History

Release
Modification

12.2(8)T

This feature was introduced.


This document describes the X.25 over TCP Profiles feature in Cisco IOS Release 12.2(8)T. It includes the following sections:

Feature Overview

Supported Platforms

Supported Standards and MIBs and RFCs

Prerequisites

Configuration Tasks

Configuration Examples

Glossary

Feature Overview

Cisco's X.25 over TCP (XOT) service was originally developed as an X.25 class of service that was only designed to switch X.25 traffic across an IP network. This functionality allowed network administrators to connect X.25 devices across the rich connectivity and media features available to IP traffic. XOT uses a set of default parameters to make this type of network easy to design.

When XOT's capabilities were enhanced to support packet assembler/disassembler (PAD) traffic on an XOT session, network designers saw a need to be able to configure parameters for increased flexibility. For instance, because XOT does not have any physical interfaces that an administrator can configure, PAD over XOT sessions cannot be configured with interface map or facility commands to establish a PAD connection using nondefault values.

The introduction of X.25 profiles for XOT allows the network designer the added flexibility to control the X.25 class services of XOT for PAD and XOT switching usage.

Another important aspect of this feature is that it affords you to associate access lists with XOT connections, enabling you to apply security on the basis of IP addresses and to have a unique X.25 configuration for specified IP addresses.

X.25 over TCP Profiles Functional Description

XOT Access Groups

X.25 Profiles for XOT

XOT Access Groups

The X.25 over TCP Profiles feature introduces the xot access-group command, which allows you to create XOT access groups by associating IP access lists with XOT. An access list provides a pass or fail indicator of whether a particular IP address is authorized.

Only standard IP access lists are supported. Standard IP access lists use the remote address, which can be either a source or destination address, depending on where a call originated. For outgoing XOT calls, the destination IP address is tested against the access lists. For incoming XOT calls, the source IP address is tested.

The XOT access groups are sorted by access-group number. When a new XOT connection is made, the IP address is tested against the access list of the first access group. If the IP address does not match the first list, the second list is tested, and so on.

Deleting an access list while it is still associated with XOT will cause the access list to be skipped when a new XOT connection is evaluated. If the access list has been deleted and is being recreated, any XOT access not yet permitted (because the commands have not been configured) will be denied.

A nonexistent access list will deny all access in the same way that an access list configured to "deny all" will. The result is that a call fails to match that access list and moves on to the next XOT access-group entry. If the deleted access list is the last one on the access-group list, then the call is rejected.

The xot access-group command disables the legacy XOT behavior and enables the new XOT access behavior. If you enter the xot access-group command after the legacy XOT context has been created, the message "Active connection(s) will terminate [confirm]" will be displayed if any XOT connections are active. If the message is confirmed, any active XOT connections using the legacy context will be detached and the legacy context will be deleted.

Deleting an XOT access group by entering the no xot access-group command will also cause the message "Active connection(s) will terminate [confirm]" to be displayed if any connections are active. Confirming the message will cause active connections using the access list to be detached and the associated XOT context to be deleted.

X.25 Profiles for XOT

XOT access groups can be associated with X.25 profiles. By this means, the IP addresses specified in the access list can have a unique X.25 configuration. An access group can be associated with one X.25 profile. If an access group is not associated with an X.25 profile, then the XOT connections associated with the access group will use the default X.25 configuration.

An X.25 profile must already have been created and must specify a data exchange equipment (DXE) station type before it can be associated with an XOT access group. An X.25 profile can be associated with multiple access groups.

The station type of a profile cannot be changed once the profile has been created.

An X.25 profile cannot be deleted as long as it is associated with one or more XOT access groups.

Application of X.25 Profiles on XOT Switched Virtual Circuits

The X.25 parameter settings will be applied to incoming or an outgoing XOT switched virtual circuits (SVCs) according to the following rules:

1. If one or more access lists are applied to XOT, an XOT call will be rejected unless it matches at least one of the access lists.

2. The first access list that permits the XOT connection defines the X.25 settings that apply to the XOT connection. If an X.25 profile was associated with the first qualifying access list, the X.25 settings from that profile are used. If an X.25 profile was not associated with the qualifying access list, the default X.25 settings are used.

3. If no access lists are applied to XOT, the default X.25 settings are used.

Application of X.25 Profiles on Remote Switched XOT Permanent Virtual Circuits

The X.25 parameter settings will be applied to remote switched XOT permanent virtual circuits (PVCs) according to the following rules:

1. If the destination of the XOT PVC does not pass any of the access lists because the access lists have not been defined, the PVC setup will be retried every 20 seconds until the access list is defined.

2. The PVC setup retry will be canceled if the XOT PVC is deleted.

3. The first access list that includes the destination of the XOT PVC defines the X.25 settings that apply to the XOT PVC setup. If an X.25 profile was associated with the qualifying access list, the X.25 settings from that profile are used. If an X.25 profile was not associated with the qualifying access list, the default X.25 settings are used.

Benefits

The X.25 over TCP Profiles feature

Enables you to apply X.25 profiles to XOT connections so you can configure the X.25 parameters for use by the XOT service.

Allows a Cisco router to have multiple X.25 configurations that can be used for XOT connection.

Allows IP access lists to be associated with XOT, enabling you to apply security on the basis of IP addresses.

Allows the IP addresses specified in the access list to have a unique X.25 configuration.

Restrictions

An X.25 profile must already have been created and must specify a DXE station type before it can be referenced by the XOT command. To create an X.25 profile with a DXE station type, use the x25 profile command with the dxe keyword in global configuration mode.

Closed user group (CUG) service cannot be configured for XOT. CUG behavior is defined to occur at the boundary between user and network. XOT connections are defined as internetwork connections. The CUG facility in a switched Call or Call Confirm packet can only be passed transparently over XOT.

Named and extended access lists are not supported by XOT access groups.

LAPB parameters do not apply to XOT and are ignored if configured under an X.25 profile applied to XOT connections. For information about why LAPB parameters do not apply to XOT, see RFC 1613, Cisco Systems X.25 over TCP (XOT).

The x25 subscribe flow-control command with the never keyword should not be configured in an X.25 profile that will be used for XOT connections. The never keyword means that negotiation of flow-control parameters is disabled and that flow-control parameters will not be included with call setup packets and will not be permitted on inbound packets. Because XOT always sends window and packet size facilities in call setup packets, the application of the x25 subscribe flow-control never command to XOT services will cause calls to fail.

Related Documents

For more information about configuring X.25, see the following documents:

The chapter "Configuring X.25" in the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.2

The chapter "X.25 Commands" in the Cisco IOS Wide-Area Networking Command Reference, Release 12.2

For information about configuring IP access lists, see the following documents:

The chapter "Configuring IP Services" in the Cisco IOS IP Configuration Guide, Release 12.2.

The chapter "IP Services Commands" in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.

Supported Platforms

Cisco 805 Serial Router

Cisco 1400 series

Cisco 1600 series

Cisco 1751

Cisco 2600 series

Cisco 3600 series

Cisco 3725

Cisco 3745

Cisco 7100 series

Cisco 7200 series

Cisco 7500 series

Cisco MC3810

XOT is available on any Cisco router that runs Cisco IOS software and supports X.25.

Determining Platform Support Through Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.

To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Supported Standards and MIBs and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

RFC 1613, Cisco Systems X.25 over TCP

Prerequisites

The configuration tasks in the following sections assume you know how to configure IP access lists and X.25 profiles.

Configuration Tasks

Configuring an XOT Access Group (required)

Verifying XOT Access Groups (optional)

Configuring an XOT Access Group

To configure an XOT access group and associate an X.25 profile with it, use the following command in global configuration mode:

Command
Purpose

Router(config)# xot access-group access-list-number [profile profile-name]

Creates an XOT access group.


Verifying XOT Access Groups

To verify XOT access group configuration and performance, perform the tasks in the following steps. For descriptions of the output fields, see the command pages later in this document.


Step 1 Use the show x25 xot command with the access-group keyword to find out which X.25 profiles are associated with each XOT access group.

Router# show x25 xot access-group
 
   
 xot access-group 1 using built-in default configuration
 xot access-group 10 using x.25 profile xot-cisco
 xot access-group 55 using x.25 profile xot-sita
 
   

Step 2 Use the show x25 profile command to view the X.25 parameter settings that apply to XOT connections.

Router# show x25 profile
 
   
X.25 profile name: XOT-DEFAULT 
In use by: 
  Access-group 2 
  Access-group 10 
PROFILE dxe/DTE, address 12345, state R/Inactive, modulo 128, timer 0 
Defaults: idle VC timeout 0 
input/output window sizes 20/20, packet sizes 256/256 
Timers: T20 180, T21 200, T22 180, T23 180 
Channels: Incoming-only none, Two-way 1-4095, Outgoing-only none 
 
   

Step 3 Use the show x25 context command with the xot keyword to display information about the operational state of XOT links.

Router# show x25 context xot 
 
   
XOT Access-group 2 
PROFILE mod128 station DXE/DTE, address 2222, state R1, modulo 128, timer 0 
      Defaults: idle VC timeout 0 
        input/output window sizes 80/80, packet sizes 256/256 
      Timers: T20 180, T21 200, T22 180, T23 180 
      RESTARTs 0/0 CALLs 5+0/7+0/0+0 DIAGs 0/0 
XOT Access-group 3 
station DXE/DTE, address <none>, state R1, modulo 8, timer 0 
      Defaults: idle VC timeout 0 
        input/output window sizes 2/2, packet sizes 128/128 
      Timers: T20 180, T21 200, T22 180, T23 180 
      RESTARTs 0/0 CALLs 21+0/50+0/0+0 DIAGs 0/0 D

Troubleshooting Tips

To troubleshoot XOT connections, use the following commands in EXEC mode:

Command
Purpose

Router# debug x25 events

Displays information about all X.25 traffic except data and resource record packets.

Router# show x25 services

Displays information pertaining to X.25 services.


Configuration Examples

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

Restricted XOT Access with Default X.25 Parameters for All XOT Connections Example

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

In the following example, an access list is defined to permit all XOT connections. All XOT connections will use the X.25 configuration defined in the X.25 profile called "NEW-DEFAULT".

! Create a DXE station type profile with any name and configure the X.25 parameters under 
! the named profile 
!
x25 profile NEW-DEFAULT dxe 
 x25 address 12345 
 x25 modulo 128 
 x25 win 15 
 x25 wout 15 
 x25 ips 256 
 x25 ops 256 
!
! Define an IP standard access list to permit any XOT connection
!
access-list 10 permit any
!
! Apply the access list and X.25 profile to all XOT connections 
!
xot access-group 10 profile NEW-DEFAULT

Restricted XOT Access with Default X.25 Parameters for All XOT Connections Example

In the following example, an X.25 profile is not associated with the access group, so the default X.25 configuration will be applied to all permitted XOT connections.

! Define an IP access list by specifying an IP access list number and access condition 
!
access-list 12 permit 192.89.55.0 0.0.0.255
!
! Apply the access list to XOT connections
!
xot access-group 12

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

In the following example, XOT connections permitted by access list 10 will use the default X.25 configuration. XOT connections permitted by access list 22 will use the X.25 configuration that is defined in the X.25 profile "TRANSPAC".

! Define the IP access lists by specifying an IP access list number and access condition
!
ip access-list standard 10 
 permit 10.0.155.9 
 deny any 
ip access-list standard 22 
 permit 171.69.0.0 0.0.255.255 log 
 deny any
!
! Apply the default X.25 configuration to XOT connections permitted by access list 10
!
xot access-group 10 
!
! Configure an X.25 profile with station type DXE
!
x25 profile TRANSPAC dxe 
 x25 modulo 128 
 x25 win 80 
 x25 wout 80 
 x25 default pad
!
! Apply the X.25 profile to XOT connections permitted by access list 22
!
xot access-group 22 profile TRANSPAC

Glossary

access list—List kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router).

CMNS—Connection Mode Network Service. Extends local X.25 switching to a variety of media (Ethernet, FDDI, Token Ring).

CUG—closed user group. A collection of DTE devices for which the network controls access between members and between members and nonmembers. A DTE may subscribe to zero, one, or more CUGs. A DTE that does not subscribe to a CUG is referred to as being in the open part of the network.

DCE—data communications equipment. Devices and connections of a communications network that make up the network end of the user-to-network interface. The DCE provides a physical connection to the network, forwards traffic, and provides a clocking signal used to synchronize data transmission between DCE and DTE devices. Modems and interface cards are examples of DCE.

DTE—data terminal equipment. Device at the user end of a user-network interface that serves as a data source, destination, or both. DTE connects to a data network through a DCE device (for example, a modem) and typically uses clocking signals generated by the DCE. DTE includes such devices as computers, protocol translators, and multiplexers.

HDLC—high-level data link control. Bit-oriented synchronous data link layer protocol developed by ISO. HDLC specifies a data encapsulation method on synchronous serial links using frame characters and checksums.

LAPB—Link Access Procedure, Balanced. Data link layer protocol in the X.25 protocol stack. LAPB is a bit-oriented protocol derived from high-level data link control (HDLC).

PVC—permanent virtual circuit. Virtual circuit that is permanently established.

SVC—switched virtual circuit. Virtual circuit that is dynamically established on demand and is torn down when transmission is complete.

X.25—ITU-T standard that defines how connections between DTE and DCE are maintained for remote terminal access and computer communications in PDNs. X.25 specifies LAPB, a data-link-layer protocol, and PLP, a network-layer protocol.

X.25 profile—Bundled X.25 and LAPB commands that can be applied to specific connections.

XOT—X.25 over TCP.