Cisco IOS Software Releases 12.2 T

Table Of Contents

X.25 over TCP Profiles

Feature Overview

X.25 over TCP Profiles Functional Description

XOT Access Groups

X.25 Profiles for XOT

Benefits

Restrictions

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuring an XOT Access Group

Verifying XOT Access Groups

Troubleshooting Tips

Configuration Examples

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

Restricted XOT Access with Default X.25 Parameters for All XOT Connections Example

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

Command Reference

show x25 context

show x25 profile

show x25 xot

xot access-group

Glossary

X.25 over TCP Profiles

---

Feature History

Release	Modification
12.2(8)T	This feature was introduced.

This document describes the X.25 over TCP Profiles feature in Cisco IOS Release 12.2(8)T. It includes the following sections:

•Feature Overview

•Supported Platforms

•Supported Standards, MIBs, and RFCs

•Prerequisites

•Configuration Tasks

•Configuration Examples

•Command Reference

•Glossary

Feature Overview

Cisco's X.25 over TCP (XOT) service was originally developed as an X.25 class of service that was only designed to switch X.25 traffic across an IP network. This functionality allowed network administrators to connect X.25 devices across the rich connectivity and media features available to IP traffic. XOT uses a set of default parameters to make this type of network easy to design.

When XOT's capabilities were enhanced to support packet assembler/disassembler (PAD) traffic on an XOT session, network designers saw a need to be able to configure parameters for increased flexibility. For instance, because XOT does not have any physical interfaces that an administrator can configure, PAD over XOT sessions cannot be configured with interface map or facility commands to establish a PAD connection using nondefault values.

The introduction of X.25 profiles for XOT allows the network designer the added flexibility to control the X.25 class services of XOT for PAD and XOT switching usage.

Another important aspect of this feature is that it affords you to associate access lists with XOT connections, enabling you to apply security on the basis of IP addresses and to have a unique X.25 configuration for specified IP addresses.

X.25 over TCP Profiles Functional Description

The following sections provide a functional description of the X.25 over TCP Profiles feature:

•XOT Access Groups

•X.25 Profiles for XOT

XOT Access Groups

The X.25 over TCP Profiles feature introduces the xot access-group command, which allows you to create XOT access groups by associating IP access lists with XOT. An access list provides a pass or fail indicator of whether a particular IP address is authorized.

Only standard IP access lists are supported. Standard IP access lists use the remote address, which can be either a source or destination address, depending on where a call originated. For outgoing XOT calls, the destination IP address is tested against the access lists. For incoming XOT calls, the source IP address is tested.

The XOT access groups are sorted by access-group number. When a new XOT connection is made, the IP address is tested against the access list of the first access group. If the IP address does not match the first list, the second list is tested, and so on.

Deleting an access list while it is still associated with XOT will cause the access list to be skipped when a new XOT connection is evaluated. If the access list has been deleted and is being recreated, any XOT access not yet permitted (because the commands have not been configured) will be denied.

A nonexistent access list will deny all access in the same way that an access list configured to "deny all" will. The result is that a call fails to match that access list and moves on to the next XOT access-group entry. If the deleted access list is the last one on the access-group list, then the call is rejected.

The xot access-group command disables the legacy XOT behavior and enables the new XOT access behavior. If you enter the xot access-group command after the legacy XOT context has been created, the message "Active connection(s) will terminate [confirm]" will be displayed if any XOT connections are active. If the message is confirmed, any active XOT connections using the legacy context will be detached and the legacy context will be deleted.

Deleting an XOT access group by entering the no xot access-group command will also cause the message "Active connection(s) will terminate [confirm]" to be displayed if any connections are active. Confirming the message will cause active connections using the access list to be detached and the associated XOT context to be deleted.

X.25 Profiles for XOT

XOT access groups can be associated with X.25 profiles. By this means, the IP addresses specified in the access list can have a unique X.25 configuration. An access group can be associated with one X.25 profile. If an access group is not associated with an X.25 profile, then the XOT connections associated with the access group will use the default X.25 configuration.

An X.25 profile must already have been created and must specify a data exchange equipment (DXE) station type before it can be associated with an XOT access group. An X.25 profile can be associated with multiple access groups.

The station type of a profile cannot be changed once the profile has been created.

An X.25 profile cannot be deleted as long as it is associated with one or more XOT access groups.

Application of X.25 Profiles on XOT Switched Virtual Circuits

The X.25 parameter settings will be applied to incoming or an outgoing XOT switched virtual circuits (SVCs) according to the following rules:

1. If one or more access lists are applied to XOT, an XOT call will be rejected unless it matches at least one of the access lists.

2. The first access list that permits the XOT connection defines the X.25 settings that apply to the XOT connection. If an X.25 profile was associated with the first qualifying access list, the X.25 settings from that profile are used. If an X.25 profile was not associated with the qualifying access list, the default X.25 settings are used.

3. If no access lists are applied to XOT, the default X.25 settings are used.

Application of X.25 Profiles on Remote Switched XOT Permanent Virtual Circuits

The X.25 parameter settings will be applied to remote switched XOT permanent virtual circuits (PVCs) according to the following rules:

1. If the destination of the XOT PVC does not pass any of the access lists because the access lists have not been defined, the PVC setup will be retried every 20 seconds until the access list is defined.

2. The PVC setup retry will be canceled if the XOT PVC is deleted.

3. The first access list that includes the destination of the XOT PVC defines the X.25 settings that apply to the XOT PVC setup. If an X.25 profile was associated with the qualifying access list, the X.25 settings from that profile are used. If an X.25 profile was not associated with the qualifying access list, the default X.25 settings are used.

Benefits

The X.25 over TCP Profiles feature

•Enables you to apply X.25 profiles to XOT connections so you can configure the X.25 parameters for use by the XOT service.

•Allows a Cisco router to have multiple X.25 configurations that can be used for XOT connection.

•Allows IP access lists to be associated with XOT, enabling you to apply security on the basis of IP addresses.

•Allows the IP addresses specified in the access list to have a unique X.25 configuration.

Restrictions

•An X.25 profile must already have been created and must specify a DXE station type before it can be referenced by the XOT command. To create an X.25 profile with a DXE station type, use the x25 profile command with the dxe keyword in global configuration mode.

•Closed user group (CUG) service cannot be configured for XOT. CUG behavior is defined to occur at the boundary between user and network. XOT connections are defined as internetwork connections. The CUG facility in a switched Call or Call Confirm packet can only be passed transparently over XOT.

•Named and extended access lists are not supported by XOT access groups.

•LAPB parameters do not apply to XOT and are ignored if configured under an X.25 profile applied to XOT connections. For information about why LAPB parameters do not apply to XOT, see RFC 1613, Cisco Systems X.25 over TCP (XOT).

•The x25 subscribe flow-control command with the never keyword should not be configured in an X.25 profile that will be used for XOT connections. The never keyword means that negotiation of flow-control parameters is disabled and that flow-control parameters will not be included with call setup packets and will not be permitted on inbound packets. Because XOT always sends window and packet size facilities in call setup packets, the application of the x25 subscribe flow-control never command to XOT services will cause calls to fail.

Related Documents

For more information about configuring X.25, see the following documents:

•The chapter "Configuring X.25" in the Cisco IOS Wide-Area Networking Configuration Guide, Release 12.2

•The chapter "X.25 Commands" in the Cisco IOS Wide-Area Networking Command Reference, Release 12.2

For information about configuring IP access lists, see the following documents:

•The chapter "Configuring IP Services" in the Cisco IOS IP Configuration Guide, Release 12.2.

•The chapter "IP Services Commands" in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.2.

Supported Platforms

•Cisco 805 Serial Router

•Cisco 1400 series

•Cisco 1600 series

•Cisco 1751

•Cisco 2600 series

•Cisco 3600 series

•Cisco 3725

•Cisco 3745

•Cisco 7100 series

•Cisco 7200 series

•Cisco 7500 series

•Cisco MC3810

XOT is available on any Cisco router that runs Cisco IOS software and supports X.25.

Determining Platform Support Through Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.

To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB website on Cisco.com at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

RFCs

RFC 1613, Cisco Systems X.25 over TCP

Prerequisites

The configuration tasks in the following sections assume you know how to configure IP access lists and X.25 profiles.

Configuration Tasks

See the following sections for configuration tasks for the X.25 over TCP Profiles feature. Each task in the list is identified as either required or optional.

•Configuring an XOT Access Group (required)

•Verifying XOT Access Groups (optional)

Configuring an XOT Access Group

To configure an XOT access group and associate an X.25 profile with it, use the following command in global configuration mode:

Command	Purpose
Router(config)# xot access-group access-list-number [profile profile-name]	Creates an XOT access group.

Verifying XOT Access Groups

To verify XOT access group configuration and performance, perform the tasks in the following steps. For descriptions of the output fields, see the command pages later in this document.

---

Step 1 Use the show x25 xot command with the access-group keyword to find out which X.25 profiles are associated with each XOT access group.

Router# show x25 xot access-group

 xot access-group 1 using built-in default configuration

 xot access-group 10 using x.25 profile xot-cisco

 xot access-group 55 using x.25 profile xot-sita

Step 2 Use the show x25 profile command to view the X.25 parameter settings that apply to XOT connections.

Router# show x25 profile

X.25 profile name: XOT-DEFAULT 

In use by: 

  Access-group 2 

  Access-group 10 

PROFILE dxe/DTE, address 12345, state R/Inactive, modulo 128, timer 0 

Defaults: idle VC timeout 0 

input/output window sizes 20/20, packet sizes 256/256 

Timers: T20 180, T21 200, T22 180, T23 180 

Channels: Incoming-only none, Two-way 1-4095, Outgoing-only none 

Step 3 Use the show x25 context command with the xot keyword to display information about the operational state of XOT links.

Router# show x25 context xot 

XOT Access-group 2 

PROFILE mod128 station DXE/DTE, address 2222, state R1, modulo 128, timer 0 

      Defaults: idle VC timeout 0 

        input/output window sizes 80/80, packet sizes 256/256 

      Timers: T20 180, T21 200, T22 180, T23 180 

      RESTARTs 0/0 CALLs 5+0/7+0/0+0 DIAGs 0/0 

XOT Access-group 3 

station DXE/DTE, address <none>, state R1, modulo 8, timer 0 

      Defaults: idle VC timeout 0 

        input/output window sizes 2/2, packet sizes 128/128 

      Timers: T20 180, T21 200, T22 180, T23 180 

      RESTARTs 0/0 CALLs 21+0/50+0/0+0 DIAGs 0/0 D

---

Troubleshooting Tips

To troubleshoot XOT connections, use the following commands in EXEC mode:

Command	Purpose
Router# debug x25 events	Displays information about all X.25 traffic except data and resource record packets.
Router# show x25 services	Displays information pertaining to X.25 services.

Configuration Examples

This section provides the following configuration examples:

•Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

•Restricted XOT Access with Default X.25 Parameters for All XOT Connections Example

•Restricted XOT Access with Multiple X.25 Parameter Configurations Example

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

In the following example, an access list is defined to permit all XOT connections. All XOT connections will use the X.25 configuration defined in the X.25 profile called "NEW-DEFAULT".

! Create a DXE station type profile with any name and configure the X.25 parameters under 
! the named profile 

!

x25 profile NEW-DEFAULT dxe 

 x25 address 12345 

 x25 modulo 128 

 x25 win 15 

 x25 wout 15 

 x25 ips 256 

 x25 ops 256 

!

! Define an IP standard access list to permit any XOT connection

!

access-list 10 permit any

!

! Apply the access list and X.25 profile to all XOT connections 

!

xot access-group 10 profile NEW-DEFAULT

Restricted XOT Access with Default X.25 Parameters for All XOT Connections Example

In the following example, an X.25 profile is not associated with the access group, so the default X.25 configuration will be applied to all permitted XOT connections.

! Define an IP access list by specifying an IP access list number and access condition 

!

access-list 12 permit 192.89.55.0 0.0.0.255

!

! Apply the access list to XOT connections

!

xot access-group 12

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

In the following example, XOT connections permitted by access list 10 will use the default X.25 configuration. XOT connections permitted by access list 22 will use the X.25 configuration that is defined in the X.25 profile "TRANSPAC".

! Define the IP access lists by specifying an IP access list number and access condition

!

ip access-list standard 10 

 permit 10.0.155.9 

 deny any 

ip access-list standard 22 

 permit 171.69.0.0 0.0.255.255 log 

 deny any

!

! Apply the default X.25 configuration to XOT connections permitted by access list 10

!

xot access-group 10 

!

! Configure an X.25 profile with station type DXE

!

x25 profile TRANSPAC dxe 

 x25 modulo 128 

 x25 win 80 

 x25 wout 80 

 x25 default pad

!

! Apply the X.25 profile to XOT connections permitted by access list 22

!

xot access-group 22 profile TRANSPAC

Command Reference

This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

New Commands

•xot access-group

Modified Commands

•show x25 context

•show x25 profile

•show x25 xot

show x25 context

To view operating configuration status details of an X.25 link, use the show x25 context command in EXEC mode.

show x25 context [xot | interface {serial number [dlci number] | cmns-interface-type number [mac mac-address]]}

Syntax Description

xot	(Optional) Displays information specific to X.25 over TCP (XOT) contexts.
serial number	(Optional) Specific serial interface.
dlci number	(Optional) Specific DLCI link.
cmns-interface-type number	(Optional) Local Connection Mode Network Service (CMNS) interface type and number. CMNS interface types are Ethernet, Token Ring, and FDDI. The interface numbering scheme depends on the router interface hardware.
mac mac-address	(Optional) Hardware address of the CMNS interface.

Command Modes

EXEC

Command History

Release	Modification
12.0(3)T	This command was introduced.
12.1(5)T	This command was modified to display information about X.25 failover.
12.2(8)T	The xot keyword was added to display information specific to XOT contexts.

Examples

XOT Example

The following is sample output from the show x25 context command with the xot keyword:

Router# show x25 context xot 

XOT Access-group 2 

PROFILE mod128 station DXE/DTE, address 2222, state R1, modulo 128, timer 0 

      Defaults: idle VC timeout 0 

        input/output window sizes 80/80, packet sizes 256/256 

      Timers: T20 180, T21 200, T22 180, T23 180 

      RESTARTs 0/0 CALLs 5+0/7+0/0+0 DIAGs 0/0 

XOT Access-group 3 

station DXE/DTE, address <none>, state R1, modulo 8, timer 0 

      Defaults: idle VC timeout 0 

        input/output window sizes 2/2, packet sizes 128/128 

      Timers: T20 180, T21 200, T22 180, T23 180 

      RESTARTs 0/0 CALLs 21+0/50+0/0+0 DIAGs 0/0 

Serial Interface Example

The following is sample output from the show x25 context command:

Router# show x25 context interface serial1

Serial1 DLCI 20 

PROFILE DCE, address <none>, state R1, modulo 8, timer 0

      Defaults: idle VC timeout 0

        input/output window sizes 2/2, packet sizes 128/128

      Timers: T10 60, T11 180, T12 60, T13 60

      Channels: Incoming-only none, Two-way 1-1024, Outgoing-only none

      RESTARTs 1/0 CALLs 0+0/0+0/0+0 DIAGs 0/0

  LAPB DCE, state CONNECT, modulo 8, k 7, N1 12056, N2 20

      T1 3000, T2 0, interface outage (partial T3) 0, T4 0

      VS 7, VR 6, tx NR 6, Remote VR 7, Retransmissions 0

      Queues: U/S frames 0, I frames 0, unack. 0, reTx 0

      IFRAMEs 111/118 RNRs 0/0 REJs 0/0 SABM/Es 14/1 FRMRs 0/0 DISCs 0/0

X.25 Failover Example

The following is sample output from the show x25 context command when the X.25 Failover feature is configured. The "Fail-over delay" field appears when the primary interface has gone down and come back up again. The number of seconds indicates the time remaining until the secondary interface will reset.

Router# show x25 context

Serial1 DLCI 33

  PROFILE dxe/DCE, address 3032, state R1, modulo 8, timer 0

      Defaults:idle VC timeout 0

        input/output window sizes 2/2, packet sizes 128/128

      Timers:T20 180, T21 200, T22 180, T23 180

      Channels:Incoming-only none, Two-way 1-4095, Outgoing-only none

      RESTARTs 12/0 CALLs 5+4/0+0/0+0 DIAGs 0/0

      Fail-over delay:16 seconds remaining on Dialer0

  LAPB dxe/DCE, state CONNECT, modulo 8, k 7, N1 12056, N2 20

      T1 3000, T2 0, interface outage (partial T3) 0, T4 0

      VS 1, VR 1, tx NR 1, Remote VR 1, Retransmissions 0

      Queues:U/S frames 0, I frames 0, unack. 0, reTx 0

      IFRAMEs 97/88 RNRs 0/0 REJs 0/0 SABM/Es 55490/12 FRMRs 186/0 DISCs

Table 1 describes significant fields shown in the display.

Table 1 show x25 context Field Descriptions 

Field	Description
XOT Access-group	Number of the XOT access group.
PROFILE	X.25 profile associated with the XOT access group.
address	Address to which the interface is connected.
state	State of the interface. Possible values are as follows: R1— normal ready state R2—DTE1 restarting state R3—DCE2 restarting state If the state is R2 or R3, the interface is awaiting acknowledgment of a Restart packet.
modulo	Modulo packet sequence numbering scheme.
timer	Interface timer value (zero unless the interface state is R2 or R3).
Defaults: idle VC timeout	Inactivity time before clearing the virtual circuit.
input/output window sizes	Default window sizes (in packets) for the interface. The x25 facility interface configuration command can be used to override these default values for the switched virtual circuits originated by the router.
packet sizes	Default maximum packet sizes (in bytes) for the interface. The x25 facility interface configuration command can be used to override these default values for the switched virtual circuits originated by the router.
Timers	Values of the X.25 timers are as follows: T10 through T13 for a DCE device T20 through T23 for a DTE device
Channels	Virtual circuit ranges for this interface.
RESTARTs	Restart packet statistics for the interface using the format Sent/Received.
CALLs	(number of successful calls sent + calls failed)/(calls received + calls failed)/(calls forwarded + calls failed). Calls forwarded are counted as calls sent.
DIAGs	Number of diagnostic messages sent and received.
Fail-over delay	Number of seconds remaining until secondary interface resets.

1 DTE = data terminal equipment 2 DCE = data communications equipment

Related Commands

Command	Description
show x25 profile	Displays information about configured X.25 profiles.
show x25 vc	Displays information about active X.25 virtual circuits.
x25 profile	Configures an X.25 profile without allocating any hardware-specific information.

show x25 profile

To view details of X.25 profiles on your router, use the show x25 profile command in EXEC mode.

show x25 profile [name]

Syntax Description

name	(Optional) Name of X.25 profile.

Command Modes

EXEC

Command History

Release	Modification
12.0(3)T	This command was introduced.
12.2(8)T	This command was modified to display the XOT access groups associated with an X.25 profile.

Usage Guidelines

When the X.25 profile name is not specified, the output shows all configured profiles for a given interface.

Examples

The following sample output from the show x25 profile command displays details about the X.25 profile called "XOT-DEFAULT":

Router# show x25 profile XOT-DEFAULT

X.25 profile name: XOT-DEFAULT 

In use by: 

  Access-group 2 

  Access-group 10 

PROFILE dxe/DTE, address 12345, state R/Inactive, modulo 128, timer 0 

Defaults: idle VC timeout 0 

input/output window sizes 20/20, packet sizes 256/256 

Timers: T20 180, T21 200, T22 180, T23 180 

Channels: Incoming-only none, Two-way 1-4095, Outgoing-only none 

The following sample output from the show x25 profile command displays all profiles configured on the same interface:

Router# show x25 profile

X.25 profile name:NetworkNodeA

  Number of references:2 

  In use by:

      Annex G:Serial1 DLCI 20

      Annex G:Serial1 DLCI 30

  PROFILE DCE, address <none>, state R/Inactive, modulo 128, timer 0

      Defaults:idle VC timeout 5

        input/output window sizes 2/2, packet sizes 128/128

      Timers:T10 60, T11 180, T12 60, T13 60

      Channels:Incoming-only none, Two-way 1-128, Outgoing-only none

  LAPB DCE, modulo 8, k 7, N1 default, N2 20

      T1 3000, T2 0, interface outage (partial T3) 0, T4 0

X.25 profile name:NetworkNodeB

  Number of references:1 

  In use by:

      Annex G:Serial1 DLCI 40

  PROFILE DTE, address 1111, state R/Inactive, modulo 8, timer 0

      Defaults:idle VC timeout 0

        input/output window sizes 2/2, packet sizes 128/128

      Timers:T20 180, T21 200, T22 180, T23 180

      Channels:Incoming-only none, Two-way 1-1024, Outgoing-only none

LAPB DTE, modulo 8, k 7, N1 default, N2 20

      T1 3000, T2 0, interface outage (partial T3) 0, T4 0

Table 2 describes significant fields shown in the display.

Table 2 show x25 profile Field Descriptions 

Field	Description
Number of references	Number of X.25 connections using this profile.
In use by	Shows the interface, XOT access group, and X.25 service using this profile.
address	Address to which interface is connected.
state	State of the interface. Possible values are as follows: R1— normal ready state R2—DTE1 restarting state R3—DCE2 restarting state If the state is R2 or R3, the interface is awaiting acknowledgment of a Restart packet.
modulo	Value that determines the packet sequence numbering scheme used.
timer	Interface timer value (zero unless the interface state is R2 or R3).
Defaults: idle VC timeout	Inactivity time before clearing the virtual circuit.
input/output window sizes	Default window sizes (in packets) for the interface. The x25 facility interface configuration command can be used to override these default values for the switched virtual circuits originated by the router.
packet sizes	Default maximum packet sizes (in bytes) for the interface. The x25 facility interface configuration command can be used to override these default values for the switched virtual circuits originated by the router.
Timers	Values of the X.25 timers are as follows: T10 through T13 for a DCE device T20 through T23 for a DTE device
Channels:	Virtual circuit ranges for this interface.

1 DTE = data terminal equipment 2 DCE = data communications equipment

Related Commands

Command	Description
show x25 context	Displays details of an Annex G DLCI link.
show x25 vc	Displays information about active X.25 virtual circuits.
x25 profile	Configures an X.25 profile without allocating any hardware-specific information.

show x25 xot

To display information for all X.25 over TCP (XOT) virtual circuits that match a given criterion, use the show x25 xot command in EXEC mode.

show x25 xot [local ip-address [port port]] [remote ip-address [port port] | access-group [access-group-number]]

Syntax Description

local ip-address [port port]	(Optional) Local IP address and optional port number.
remote ip-address [port port]	(Optional) Remote IP address and optional port number.
access-group	(Optional) Displays configuration information about XOT access groups.
[access-group-number]	(Optional) Displays configuration information about a specific XOT access group.

Command Modes

EXEC

Command History

Release	Modification
11.2	This command was introduced.
12.2(8)T	Access group options were added.

Examples

The following show x25 xot sample output displays information about all XOT virtual circuits:

Router# show x25 xot

SVC 11,  State: D1,  Interface: [10.2.2.2,1998/10.2.2.1,11002]

  Started 00:00:08, last input 00:00:08, output 00:00:08

  Line: 0   con 0    Location:  Host: 5678

  111 connected to 5678 PAD <--> XOT 2.2.2.2,1998

  Window size input: 2, output: 2

  Packet size input: 128, output: 128

  PS: 2  PR: 3  ACK: 3  Remote PR: 2  RCNT: 0  RNR: no

  P/D state timeouts: 0  timer (secs): 0

  data bytes 54/18 packets 2/3 Resets 0/0 RNRs 0/0 REJs 0/0 INTs 0/0\

The following example shows sample output for the show x25 xot command with the access-group keyword:

Router# show x25 xot access-group

 xot access-group 1 using built-in default configuration

 xot access-group 10 using x.25 profile ocean

 xot access-group 55 using x.25 profile river

Related Commands

Command	Description
show x25 interface	Displays information about VCs that use an X.25 interface and, optionally, about a specified VC.
show x25 services	Displays information pertaining to the X.25 services.

xot access-group

To control access to X.25 over TCP (XOT) and allow IP addresses permitted by the access list to have unique X.25 configuration, use the xot access-group command in global configuration mode. To delete an XOT access group, use the no form of this command.

xot access-group access-list-number [profile profile-name]

no xot access-group access-list-number

Syntax Description

access-list-number	Number of a standard IP access list. The range is from 1 to 99.
profile profile_name	(Optional) X.25 profile to be associated with the access group.

Defaults

No XOT access group is defined, and default X.25 parameter settings apply to XOT connections.

Command Modes

Global configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.

Usage Guidelines

The xot access-group command allows you to create XOT access groups by associating an IP access list with XOT. The access list provides a pass or fail indicator of whether a particular IP address is authorized.

Only standard IP access lists are supported.

XOT access groups are sorted by access-group number. When a new XOT connection is made, the IP address is tested against the access list of the first access group. If the IP address does not match the first list, the second list is tested, and so on.

The xot access-group command disables the legacy XOT functionality and enables the new XOT access behavior. If you enter the xot access-group after the legacy XOT context has been created, the message "Active connection(s) will terminate [confirm]" will be displayed if any XOT connections are active. If the message is confirmed, any active XOT connections using the legacy context will be detached. The legacy context will then be deleted.

Deleting an XOT access group by entering the no xot access-group command will cause the message "Active connection(s) will terminate [confirm]" to be displayed if any connections are active. Confirming the message will cause active connections using the access list to be detached and the associated XOT context to be deleted.

XOT access groups can be associated with X.25 profiles. By this means, the IP addresses specified in the access list can have a unique X.25 configuration. An access group can be associated with one X.25 profile. If an access group is not associated with an X.25 profile, then the XOT connections associated with the access group will use the default X.25 configuration.

The X.25 profile must already exist and must specify a data exchange equipment (DXE) station type before it can be associated with an XOT access group. The station type of a profile cannot be changed once the profile is created.

An X.25 profile can be associated with multiple access groups.

Examples

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

In the following example, an access list is defined to permit all XOT connections. All XOT connections will use the X.25 configuration defined in the X.25 profile called "NEW-DEFAULT".

! Create a DXE station type profile with any name and configure the X.25 parameters under 
! the named profile 

!

x25 profile NEW-DEFAULT dxe 

 x25 address 12345 

 x25 modulo 128 

 x25 win 15 

 x25 wout 15 

 x25 ips 256 

 x25 ops 256 

!

! Define an IP standard access list to permit any XOT connection

!

access-list 10 permit any

!

! Apply the access list and X.25 profile to all XOT connections 

!

xot access-group 10 profile NEW-DEFAULT

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

In the following example, XOT connections permitted by access list 10 will use the default X.25 configuration. XOT connections permitted by access list 22 will use the X.25 configuration that is defined in the X.25 profile "TRANSPAC".

! Define the IP access lists by specifying an IP access list number and access condition

!

ip access-list standard 10 

 permit 10.0.155.9 

 deny any 

ip access-list standard 22 

 permit 171.69.0.0 0.0.255.255 log 

 deny any

!

! Apply the default X.25 configuration to XOT connections permitted by access list 10

!

xot access-group 10 

!

! Configure an X.25 profile with station type DXE

!

x25 profile TRANSPAC dxe 

 x25 modulo 128 

 x25 win 80 

 x25 wout 80 

 x25 default pad

! Apply the X.25 profile to XOT connections permitted by access list 22

!

xot access-group 22 profile TRANSPAC

Related Commands

Command	Description
access-list (IP standard)	Defines a standard IP access list.
show x25 context	Displays operating configuration status details of an X.25 link.
show x25 profile	Displays details of X.25 profiles on your router.
show x25 xot	Displays information for all XOT virtual circuits that match a given criterion.
x25 profile	Configures an X.25 profile without allocating any hardware-specific information.

Glossary

access list—List kept by routers to control access to or from the router for a number of services (for example, to prevent packets with a certain IP address from leaving a particular interface on the router).

CMNS—Connection Mode Network Service. Extends local X.25 switching to a variety of media (Ethernet, FDDI, Token Ring).

CUG—closed user group. A collection of DTE devices for which the network controls access between members and between members and nonmembers. A DTE may subscribe to zero, one, or more CUGs. A DTE that does not subscribe to a CUG is referred to as being in the open part of the network.

DCE—data communications equipment. Devices and connections of a communications network that make up the network end of the user-to-network interface. The DCE provides a physical connection to the network, forwards traffic, and provides a clocking signal used to synchronize data transmission between DCE and DTE devices. Modems and interface cards are examples of DCE.

DTE—data terminal equipment. Device at the user end of a user-network interface that serves as a data source, destination, or both. DTE connects to a data network through a DCE device (for example, a modem) and typically uses clocking signals generated by the DCE. DTE includes such devices as computers, protocol translators, and multiplexers.

HDLC—high-level data link control. Bit-oriented synchronous data link layer protocol developed by ISO. HDLC specifies a data encapsulation method on synchronous serial links using frame characters and checksums.

LAPB—Link Access Procedure, Balanced. Data link layer protocol in the X.25 protocol stack. LAPB is a bit-oriented protocol derived from high-level data link control (HDLC).

PVC—permanent virtual circuit. Virtual circuit that is permanently established.

SVC—switched virtual circuit. Virtual circuit that is dynamically established on demand and is torn down when transmission is complete.

X.25—ITU-T standard that defines how connections between DTE and DCE are maintained for remote terminal access and computer communications in PDNs. X.25 specifies LAPB, a data-link-layer protocol, and PLP, a network-layer protocol.

X.25 profile—Bundled X.25 and LAPB commands that can be applied to specific connections.

XOT—X.25 over TCP.