Table Of Contents

x25 remote-red

x25 retry

x25 roa

x25 route

x25 routing

x25 security clamn

x25 security crcdn

x25 subscribe cug-service

x25 subscribe flow-control

x25 subscribe local-cug

x25 subscribe packetsize

x25 subscribe windowsize

x25 suppress-called-address

x25 suppress-calling-address

x25 t10

x25 t11

x25 t12

x25 t13

x25 t20

x25 t21

x25 t22

x25 t23

x25 threshold

x25 use-source-address

x25 win

x25 wout

x29 access-list

x29 profile

xot access-group

x25 remote-red

This command is no longer supported.

x25 retry

To activate a secondary route while also retrying a failed primary route, use the x25 retry interface configuration command in conjunction with the ip route or backup interface commands. To discontinue implementing secondary X.25 routes and retrying of primary X.25 routes, use the no form of this command.

x25 retry interval seconds attempts count

no x25 retry interval seconds attempts count

Syntax Description

interval	Keyword defining interval between attempts.
seconds	Number of seconds between attempts.
attempts	Keyword defining number of attempts.
count	Number of attempts to reestablish the closed link before discontinuing.

Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(5)T	This command was introduced.

Usage Guidelines

The x25 retry command is triggered when no switched virtual circuits (SVCs) are up, and an outgoing call fails.

The retry attempts will continue until any of the following happens:

•The configured retry attempts limit is reached.

•The attempt to reestablish the link is successful.

•An incoming call is received on the subinterface.

•The X.25 packet layer on the interface is restarted.

If the number of retry attempts exceeds the configured limit, the interface will remain marked "down" until any of the following happens:

•An incoming call is received on the subinterface.

•The X.25 packet layer on the interface is restarted.

Examples

The following example shows the x25 retry command being configured on subinterface 1.1 with a retry interval of 60 seconds up to a maximum of 10 attempts:

Router(config)# interface serial1.1 point-to-point

Router(config-if)# x25 retry interval 60 attempts 10

Related Commands

Command	Description
backup interface	Configures an interface as a secondary or dial backup interface.
clear x25	Restarts an X.25 or CMNS service, clears an SVC, or resets a PVC.
ip route	Establishes static routes and defines the next hop for large-scale dialout.

x25 roa

To specify a sequence of packet network carriers, use the x25 roa global configuration command. To remove the specified name, use the no form of this command.

x25 roa name number

no x25 roa name

Syntax Description

name	Recognized Operating Agency (ROA, formerly called a Recognized Private Operating Agency, or RPOA), which must be unique with respect to all other ROA names. It is used in the x25 facility and x25 map interface configuration commands.
number	A sequence of 1 or more numbers used to describe an ROA; up to 10 numbers are accepted.

Defaults

No packet network carriers are specified.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

This command specifies a list of transit ROAs to use, referenced by name.

Examples

The following example sets an ROA name and then sends the list via the X.25 user facilities:

x25 roa green_list 23 35 36

interface serial 0

 x25 facility roa green_list

 x25 map ip 172.20.170.26 10 roa green_list

Related Commands

Command	Description
x25 facility	Forces facilities on a per-call basis for calls originated by the router (switched calls are not affected).
x25 map	Sets up the LAN protocols-to-remote host mapping.

x25 route

To create an entry in the X.25 routing table (to be consulted for forwarding incoming calls and for placing outgoing packet assembler/disassembler (PAD) or protocol translation calls), use the appropriate form of the x25 route global configuration command. To remove an entry from the table, use the no form of the command.

x25 route [#position] [selection-options] [modification-options] disposition-options [xot-keepalive-options]

no x25 route [#position] [selection-options] [modification-options] disposition-options [xot-keepalive-options]

Syntax Description

#position	(Optional) A pound sign (#) followed by a number designates the position in the routing table at which to insert the new entry. If no value for the position argument is given, the entry is appended to the end of the routing table.
selection-options	(Optional) The selection options identify when the subsequent modification and disposition options apply to an X.25 call; any or all variables may be specified for a route. For selection keyword and argument options, see Table 79 in the "Usage Guidelines" section. For selection and modification pattern and character matching and replacement see Table 81, Table 82, and Table 83 in the "Usage Guidelines" section. Although each individual selection criterion is optional, at least one selection or modification option must be specified in the x25 route command.
modification-options	(Optional) The modification options modify the source or destination addresses of the selected calls. The standard regular expression substitution rules are used, where a match pattern and rewrite string direct the construction of a new string. For modification keyword and argument options, see Table 80 in the "Usage Guidelines" section. For selection and modification pattern and character matching and replacement see Table 81, Table 82, and Table 83 in the "Usage Guidelines" section. Although each individual modification is optional, at least one selection or modification option must be specified in the x25 route command.
disposition-options	Specifies the disposition of a call matching the specified selection pattern. For disposition keyword and argument options, see Table 84 in the "Usage Guidelines" section.
xot-keepalive-options	(Optional) The XOT-keepalive options specify an X.25 over TCP (XOT) keepalive period and number of XOT-keepalive retries. XOT relies on TCP to detect when the underlying connection is dead. TCP detects a dead connection when sent data goes unacknowledged for a given number of attempts over a period of time. For XOT-keepalive keyword and argument options, see Table 85 in the "Usage Guidelines" section.

Defaults

No entry is created in the X.25 routing table.

Command Modes

Global configuration

Command History

Release	Modification
11.3	The following modifications were made: •The selection option keywords source and dest-ext and the interface disposition to a Connection-Mode Network Service (CMNS) destination was added. In prior releases, CMNS routing information was implied by maps defining a network service access point (NSAP) prefix for a CMNS host's MAC address. •The clear interface disposition option was added. In prior releases, the disposition was implicit in a route to the Null 0 interface.
12.0(3)T	The interface-based calling address insertion and removal feature was introduced.
12.0(5)T	The following modifications were made: •For the DNS-Based X.25 Routing feature, the dns keyword and pattern argument (see Table 83) were added. •The enhanced x25 route command replaces the x25 map cmns command. The x25 route alias form of this command (supported in earlier releases) was replaced by the x25 alias command.

Usage Guidelines

The enhanced x25 route command replaces the x25 map cmns command. The x25 route alias form of this command (supported in earlier releases) has been replaced by the x25 alias command.

The modification options are long-standing but newly applicable to all dispositions in Cisco IOS Release 11.3 and later.

---

Note The entire command must be entered on one line.

---

Selection Options

Selection arguments specify match criteria. When a call matches all selection criteria in an X.25 route, then the specified modification and disposition are used for the call.

As many as four selection options can be used to determine the route:

•Called X.121 network interface address (destination or source host address)

•Called address extension (destination NSAP address)

•X.25 packet's call user data (CUD) field

•Input interface from which the call was received (input-interface option)

Table 79 lists the selection options for the x25 route command. At least one selection or modification option must be specified.

Table 79 x25 route Selection Options 

Selection Option	Description
cud user-data-pattern	(Optional) CUD pattern, which is specified as a regular expression of printable ASCII text. The CUD field may be present in a call packet. The first few bytes (commonly 4 bytes long) identify a protocol; the specified pattern is applied to any user data after the protocol identification.
destination-pattern	(Optional) Destination address pattern, which is a regular expression that can represent either one X.121 address (such as ^1111000$) or any address in a group of X.121 addresses (such as ^1111.*).
dest-ext nsap-destination-pattern	(Optional) NSAP destination address pattern, which is a regular expression that can represent either an NSAP destination address (such as ^11.1111.0000$) or an NSAP prefix (such as ^11.1111.*). Note A period (.) in the pattern is interpreted as a character wildcard, which will not interfere with a match to the actual period in the NSAP; if desired, an explicit character match may be used (such as ^11\.1111\..*).
hunt-group name	Routes the selected call to the X.25 hunt group. The chosen router may vary depending on the hunt group configuration.
input interface interface number	(Optional) Specifies interface number on which the call will be received.
source source-pattern	(Optional) Source address pattern, which is a regular expression that can represent either one X.121 source address (such as ^2222000$) or any address in a group of X.121 addresses (such as ^2222.*).

---

Note The X.121 and NSAP addresses are specified as regular expressions. A common error is to specify the address digits without anchoring them to the beginning and end of the address. For example, the regular expression 1111 will match an X.121 address that has four successive 1s somewhere in the address; to specify the single X.121 address, the form ^1111$ must be used.

---

Regular expressions are used to allow pattern-matching operations on the addresses and user data. A common operation is to use prefix matching on the X.121 Data Network Identification Code (DNIC) field and route accordingly. The caret (^) is a special regular expression character that anchors the match at the beginning of the pattern. For example, the pattern ^3306 will match all X.121 addresses with a DNIC of 3306.

Modification Options

Addresses typically need to be modified when traffic from a private network that uses arbitrary X.121 addresses must transit a public data network, which must use its own X.121 addresses. The easiest way to meet the requirement is to specify in the x25 route command a way to modify the private address into a network X.121 address, or to modify a network X.121 address into a private address. The addresses are modified so that no change to the private addressing scheme is required.

The modification options use the standard UNIX regular expression substitution operations to change an X.25 field. A pattern match is applied to an address field, which is rewritten as directed by a rewrite pattern.

Table 80 lists the modification options for the x25 route command. At least one selection or modification option must be specified.

Table 80 x25 route Modification Options

Modification Option	Description
substitute-dest rewrite-dest	(Optional) Called X.121 address rewrite pattern. The destination address, destination-pattern, and this rewrite-dest pattern are used to form a new destination address. If no destination-pattern is specified, a default match pattern of .* is used. See Table 81 and Table 82 for summaries of pattern and character matching, respectively. See Table 83 for a summary of pattern rewrite elements.
substitute-source rewrite-source	(Optional) Calling X.121 address rewrite pattern. The source address, source-pattern, and this rewrite-source pattern are used to form a new source address. If no source-pattern is specified, any destination-pattern match pattern is used. If neither match pattern is specified, a default match pattern of .* is used. See Table 81 and Table 82 for summaries of pattern and character matching, respectively. See Table 83 for a summary of pattern rewrite elements.

---

Note As of Cisco IOS Release 11.3, the substitute-source and substitute-dest options also apply to PAD calls.

---

A modification of the source address is directed by the rewrite string using one of three possible match patterns. If the source source-pattern selection option is defined, it is used with the source-rewrite string to construct the new source address; otherwise, a destination-pattern regular expression is used (for backward compatibility) or a wildcard regular expression (.*) is used. In the rewrite-source argument, the backslash character (\) indicates that the digit immediately following the argument selects a portion of the matched address to be inserted into the new called address.

A modification of the destination address is directed by the rewrite string using one of two possible match patterns. If the destination-pattern selection option is defined, it is used with the destination-rewrite string to construct the new destination address; otherwise, a wildcard regular expression (.*) is used. In the rewrite-dest argument, the backslash character (\) indicates that the digit immediately following the argument selects a portion of the original called address to be inserted into the new called address.

Pattern and Character Matching and Replacement for Selection and Modification Options

See Table 81, Table 82, and Table 83, respectively, for summaries of pattern matching, character matching, and pattern replacement elements. Note that up to nine pairs of parentheses can be used to identify patterns to be included in the modified string. A more complete description of the pattern-matching characters is found in the "Regular Expressions" appendix in the Cisco IOS Terminal Services Configuration Guide.

Table 81 Pattern Matching for x25 route Selection and Modification Options

Pattern	Description
*	Matches 0 or more occurrences of the preceding character.
+	Matches 1 or more occurrences of the preceding character.
?	Matches 0 or 1 occurrences of the preceding character.1

1 Precede the question mark with Ctrl-V to prevent the question mark from being interpreted as a help command.

  

Table 82 Character Matching for x25 route Selection and Modification Options

Character	Description
^	Matches the beginning of the input string.
$	Matches the end of the input string.
\char	Matches the single character char specified.
.	Matches any single character.

 

Table 83 Pattern Replacements for x25 route Selection and Modification Options

Pattern	Description
\0	The pattern is replaced by the entire original address.
\1...9	The pattern is replaced by strings that match the first through ninth parenthetical part of the X.121 address.

Disposition Option

The xot-source disposition option can improve the resilience of the TCP connection if, for instance, a loopback interface is specified. By default, a TCP connection's source IP address is that of the interface used to initiate the connection; a TCP connection will fail if either the source or destination IP address is no longer valid. Because a loopback interface never goes down, its IP address is always valid. Any TCP connections originated using a loopback interface can be maintained as long as a path exists to the destination IP address, which may also be the IP address of a loopback interface.

Using the continue keyword provides flexibility by reducing the number of X.25 route configurations necessary in the route table by breaking them into separate, simpler, and more manageable tasks. It allows the x25 route command to cumulatively hold all specified route entries and carry whatever selection or modification options you may have just specified on the command line. The route table lookup terminates when a matching route is found among the remaining entries in the route table. The continue disposition must be the last option on the x25 route command line.

Table 84 lists the disposition options for the x25 route command. You must select one of these options.

Table 84 x25 route Disposition Options 

Disposition Option	Description
clear	Terminates the call.
continue	(Optional) Combines sequential route table lookups, holding onto any "selections" and "modifications" specified on the x25 route statement.
hunt-group name	Routes the selected call to the X.25 hunt group. The chosen route may vary depending on the hunt group configuration.
interface interface number	Routes the selected call to the specified X.25 serial interface.
interface interface number dlci number	(Optional) Routes the X.25 call to the specified Annex G link. You must include the interface number and enter the data link connection identifier (DLCI) number. You only need to do this if you want the router to accept switched calls, as well as originate them.
interface cmns-interface mac mac-address	Routes the selected call out the specified broadcast interface via CMNS to the LAN destination station. The broadcast interface type can be Ethernet, Token Ring, or FDDI. The interface numbering scheme depends on the router interface hardware.
xot ip-address [ip2-address [...[ip6-address]]] [xot-source interface]	Routes the selected call to the XOT host at the specified IP address. Subsequent IP addresses are tried, in sequence, only if XOT is unable to establish a TCP connection with a prior address.
xot dns pattern	Used with DNS-based X.25 routing, this option consults the DNS to get up to six destination IP addresses using whatever lookup pattern you choose (see Table 83).

XOT-Keepalive Options

TCP maintains each connection using a keepalive mechanism that starts with a default time period and number of retry attempts. If a received XOT connection is dispatched using a route with explicit keepalive parameters, those values will be used for the TCP connection. If an XOT connection is sent using a route with explicit keepalive parameters, those values will be used for the TCP connection.

Table 85 lists and describes the xot-keepalive options for the x25 route command.

Table 85 x25 route XOT-Keepalive Options

XOT-Keepalive Option	Description
xot-keepalive-period seconds	Number of seconds between keepalives for XOT connections. The default is 60 seconds.
xot-keepalive-tries count	Number of times TCP keepalives should be sent before dropping the connection. The default value is 4 times.

X.25 Routing Action When a Match Is Found

If a matching route is found, the incoming call is forwarded to the next hop depending on the routing entry. If no match is found, the call is cleared. If the route specifies a serial interface running X.25 or a broadcast interface running CMNS, the router attempts to forward the call to that host. If the interface is not operational, the subsequent routes are checked for forwarding to an operational interface. If the interface is operational but out of available virtual circuits, the call is cleared. Otherwise, the expected Clear Request or Call Accepted packet is forwarded back toward the originator. A call cannot be forwarded out the interface on which it arrived.

If the matching route specifies an XOT disposition, a TCP connection is established to port 1998 at the specified IP address, which must be an XOT host. The Call Request packet is forwarded to the remote host, which applies its own criteria to handle the call. If, upon receiving an XOT call on the remote host, a routing table entry is not present, or the destination is unavailable, a Clear Request is sent back and the TCP connection is closed. Otherwise, the call is handled and the expected Clear Request or Call Accepted packet is returned. Incoming calls received via XOT connections that match a routing entry specifying an XOT destination are cleared. This restriction prevents Cisco routers from establishing an XOT connection to another router that would establish yet another XOT connection.

X.25 Routing Action When No Match Is Found

If no match is found, the action taken is specific to the application. X.25 switching will clear the call if there is no match in the routing table. X.25 PAD and PAD-related applications, such as protocol translation using X.25, will route the call to the default X.25 interface, which is the first X.25 interface configured.

Examples

The following example uses regular expression pattern matching characters to match just the initial portion of the complete X.25 address. Any call with a destination address beginning with 3107 that is received on an interface other than serial 0 is forwarded to serial 0.

x25 route ^3107 interface serial 0

The following Annex G example routes the X.25 call to the specified Annex G DLCI link. You must include both interface number and DLCI number. It is this combination of both these numbers that indicates the logical X.25 interface over Frame Relay.

x25 route ^2222 interface serial 1 dlci 20

The following example prevents X.25 routing for calls that do not specify a source address:

x25 route source ^$ clear

The following example configures alternate XOT hosts for the routing entry. If the first address listed is not available, subsequent addresses are tried until a connection is made. If no connection can be formed, the call is cleared.

x25 route ^3106$ xot 172.20.2.5 172.20.7.10 172.10.7.9

The following example clears calls that contain a 3 in the source address. The disposition keyword clear is new.

x25 route source 3 clear

The following example clears calls that contain 33 in the source address:

x25 route source 33 clear

The following example clears a call to the destination address 9999:

x25 route ^9999$ clear

The following example specifies a route for specific source and destination addresses. (The ability to combine source and destination patterns is a new feature.)

x25 route ^9999$ source ^333$ interface serial 0

The following example routes the call to the XOT host at the specified IP address. The disposition keyword xot is new. In prior releases the keyword ip was used.

x25 route ^3333$ xot 172.21.53.61

The following DNS-based X.25 routing example shows an X.25 request to the DNS. The \0 pattern indicates that the entire incoming X.121 address is being used as the index into the DNS, which will return the required IP address.

x25 route ^.* xot dns \0 

The following example routes calls containing the destination extension address preamble 11.1234:

x25 route dest-ext ^11.1234.* interface serial 0

The following example rewrites the destination address as 9999. There must be a minimum of four 8s in the address. (8888888 will change to 9999.)

x25 route 8888 substitute-dest 9999 interface serial 0

The following example substitutes only part of the destination address. "^88" specifies the original destination string must begin with 88. "(.*)" indicates the string can end with any number, 0-9, and can be more than one digit. "99\1" changes the destination address to 99 plus whatever matches ".*" in the original destination address. For example, 8881 will change to 9981.

x25 route ^88(.*) substitute-dest 99\1 interface serial 0

The following example substitutes only part of the destination address and also removes a specified number of digits from the address. "^88" specifies the original destination string must begin with 88. "(..)" matches any two digits. "(.*)" specifies the string can end with any number, 0-9, and can occur zero or more times. Thus any address that starts with 88 and has four or more digits will be rewritten to start with 99 and omit the third and fourth digits. For example, 881234 will change to 9934.

x25 route ^88(..)(.*) substitute-dest 99\2 interface serial 0

The following example looks for a specified destination address and changes the source address. "9999" is the destination address. The original source address changes to "2222" because the call is made to the destination 9999.

x25 route ^9999$ substitute-source 2222 interface serial 0

The following example shows insertions and removals in the X.121 address as calls from the X.25 network get routed to X.25 devices. For a call coming from interface serial 0 with a called address starting with 2, the 2 is stripped off the called address and the call forwarded to serial interface 2. For a call coming from interface serial 2 with any calling address, a 2 will be inserted to its calling address and the call forwarded to serial interface 0.

x25 route ^02(.*) input-interface serial0 substitute-dest \1 interface serial2

x25 route input-interface serial2 source .* substitute-source 2\0 interface serial0

The following example shows how to insert the X.121 address to forward calls among local X.25 devices. For a call on interface 1 with a called address of 0255 and any calling address, the call is forwarded to serial interface 2 with a called address of 55 and a calling address inserted with 01. The continue keyword continues address substitution without address forwarding.

x25 route input-interface serial1 source .* substitute-source 01\0 continue

x25 route input-interface serial2 source .* substitute-source 02\0 continue

x25 route ^01(.*) substitute-dest \1 interface serial1

x25 route ^02(.*) substitute-dest \1 interface serial2

The following example rewrites the source address based on the source address. "9999" matches any destination address with four consecutive 9s. "^...(.*)" matches any source address with at least three digits; the command removes the first three digits and rewrites any digits after the first three as the new source address. For example, a call to 9999 from the source address 77721 will be forwarded using the calling address 21 and the called address 9999.

x25 route 9999 source ^...(.*) substitute-source \1 interface serial 0

The following example adds a digit to the source and destination addresses patterns. "09990" is the destination address pattern. The source can be any address. "9\0" specifies to add a leading 9 to the destination address pattern. "3\0" specifies to add a leading 3 to the source address pattern. For example, a call using source 03330 and destination 09990 will change to 303330 and 909990, respectively.

x25 route 09990 source .* substitute-dest 9\0 substitute-source 3\0 interface serial 0

Related Commands

Command	Description
show x25 route	Displays the X.25 routing table.

x25 routing

To enable X.25 switching or tunneling, use the x25 routing global configuration command. To disable the forwarding of X.25 calls, use the no form of this command.

x25 routing [acknowledge local | acknowledge end-to-end] [tcp-use-if-defs]

no x25 routing [acknowledge local | acknowledge end-to-end] [tcp-use-if-defs]

Syntax Description

acknowledge local	(Optional) Sets local acknowledgment on the router.
acknowledge end-to-end	(Optional) Sets end-to-end acknowledgment. (Default acknowledge setting.)
tcp-use-if-defs	(Optional) Accepts calls received over TCP.

Defaults

This command has no default values.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.
12.0(7)T	The following keywords were added: •acknowledge end-to-end •acknowledge local

Usage Guidelines

The x25 routing command enables X.25 switching between the X.25 services (X.25, Connection-Mode Network Service [CMNS] and X.25 over TCP [XOT], and Annex G). X.25 calls will not be forwarded until this command is issued.

The acknowledge local and acknowledge end-to-end keywords are optional, with acknowledge end-to-end being the default. To confirm what type of acknowledgment has been set, use the show protocol command.

The tcp-use-if-defs keyword may be needed for receiving XOT calls from routers using older software versions. Normally, calls received over a TCP connection (remote routing reception) will have the flow control parameters (window sizes and maximum packet sizes) indicated, because proper operation of routed X.25 requires that these values match at both ends of the connection.

Some previous versions of Cisco IOS software, however, do not ensure that these values are present in all calls. In this case, the Cisco IOS software normally forces universally acceptable flow control values (window sizes of 2 and maximum packet sizes of 128) on the connection. Because some equipment disallows modification of the flow control values in the call confirm, the tcp-use-if-defs keyword causes the router to use the default flow control values of the outgoing interface and indicate the resulting values in the call confirm. This modified behavior may allow easier migration to newer versions of the Cisco IOS software.

Examples

The following example enables X.25 routing:

x25 routing

The following example enables X.25 routing with local acknowledgment:

x25 routing acknowledge local

x25 security clamn

To reenable the Called Line Address Modified Notification (CLAMN) security signaling facility when it has been disabled, use the x25 security clamn command in interface configuration mode. To disable the (CLAMN) security signaling facility in X.25 Call Confirm packets, use the no form of this command.

x25 security clamn

no x25 security clamn

Syntax Description

This command has no arguments or keywords.

Defaults

The X.25 CLAMN security signaling facility is enabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(13)T	This command was introduced.

Usage Guidelines

The X.25-class services use the CLAMN security signaling facility in X.25 Call Confirm packets to notify the originator of the Call that a security event occurred during X.25 Call setup. The encoding of this facility specifies the reason for the signal, and the X.25 Recommendation also permits the Call Confirm packet to encode a different destination address when it encodes this facility. There are a number of reasons that can be encoded by the CLAMN facility. The Cisco X.25 hunt group implementation will cause the router to signal the hunt group event back to the X.25 Call originator using the CLAMN facility.

---

Warning X.25 security signaling facilities are used to explicitly notify the connecting stations of events that might raise security issues if they were not signaled. Suppression of these facilities should be configured only when the attached equipment and network configurations are sufficiently secure that the signaled information is unnecessary.

---

If no X.25 security issues apply, a network administrator may configure an X.25-class service to suppress the signaling of the CLAMN facility in Call Confirm packets using the no x25 security clamn command on an interface or x25 profile. This configuration may be necessary if the attached device or eventual recipient of the Call Confirm will not participate in a connection when the CLAMN security facility is encoded.

The X.25 Recommendations specify that the CLAMN facility must be present in the X.25 Call Confirm packet if that packet encodes a destination address that is not the null address and that differs from the address encoded in the Call packet. Therefore, when the no x25 security clamn command is used to suppress the encoding of the CLAMN facility, it will also suppress the encoding of the destination address; that is, if the address block is encoded in the Call Confirm packet, the destination address will be encoded as the null address (zero digits).

This command can be configured with the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) 1980 X.25 recommendation mode with no error, although the 1980 mode does not define the CLAMN facility.

Examples

The following example shows how to suppress the CLAMN security signaling facility:

interface serial 0

  no ip address

  encapsulation x25

  no x25 security clamn

Related Commands

Command	Description
no x25 security crcdn	Disables the CRCDN security signaling facility in X.25 Call packets transmitted.

x25 security crcdn

To reenable the Call Redirection/Call Deflection Notification (CRCDN) security signaling facility when it has been disabled, use the x25 security crcdn command in interface configuration mode.To disable the CRCDN security signaling facility in X.25 Call packets, use the no form of this command.

x25 security crcdn

no x25 security crcdn

Syntax Description

This command has no arguments or keywords.

Defaults

The CRCDN security signaling facility is enabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(13)T	This command was introduced.

Usage Guidelines

The X.25-class services use the CRCDN security signaling facility in X.25 call packets to notify the destination of the Call that a security event occurred during call processing. The encoding of this facility specifies the reason for the signal and the destination address that originally occurred in the call. There are a number of reasons that can be encoded by the CRCDN facility. The Cisco X.25 hunt group implementation will cause the router to signal the hunt group event to the X.25 call destination using the CRCDN facility.

---

Warning X.25 security signaling facilities are used to explicitly notify the connecting stations of events that might raise security issues if they were not signaled. Suppression of these facilities should be configured only when the attached equipment and network configurations are sufficiently secure that the signaled information is unnecessary.

---

If no X.25 security issues apply, a network administrator may configure an X.25-class service to suppress the signaling of the CRCN facility in call packets using the no x25 security crcdn command on an interface or X.25 profile. This configuration may be necessary if the attached device or eventual recipient of the X.25 call will not participate in a connection when the CRCDN security facility is encoded.

This command can be configured with the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) 1980 X.25 recommendation mode with no error, although the 1980 mode will always suppress the CRCDN facility.

Examples

The following example shows how to suppress the CRCDN security signaling facility:

interface serial 0

  no ip address

  encapsulation x25

  no x25 security crcdn

Related Commands

Command	Description
no x25 subscribe cug-service	Disables the CLAMN security signaling facility in X.25 Call Confirm packets and suppresses any destination address.

x25 subscribe cug-service

To enable and control standard closed user group (CUG) service, use the x25 subscribe cug-service command in the appropriate interface, line, or X.25 profile configuration mode. To disable standard CUG service, use the no form of this command.

x25 subscribe cug-service [incoming-access | outgoing-access] [suppress preferential | suppress all]

no x25 subscribe cug-service [incoming-access | outgoing-access] [suppress preferential | suppress all]

Syntax Description

incoming-access	(Optional) Allows incoming access from the open network to the data terminal equipment (DTE) device.
outgoing-access	(Optional) Allows outgoing access from the data terminal equipment (DTE) device to the open network.
suppress preferential	(Optional) Suppresses CUG selection facility for the preferred CUG. This option is not available when configuring terminal lines.
suppress all	(Optional) Suppresses CUG selection facility for all CUGs. This option is not available when configuring terminal lines.

Defaults

No incoming access and no outgoing access. (This is the most restrictive setting.)
CUG selection facilities are not suppressed.

Command Modes

Interface configuration
Line configuration
X.25 profile configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.
12.1(5)T	The suppress preferential and suppress all keywords were added to enable CUG selection facility suppression.
12.2(13)T	This command was modified to configure support for X.25 CUG service on terminal lines.

Usage Guidelines

When entering this command, specify the incoming-access or the outgoing-access keyword or both, unless you intend to have neither incoming nor outgoing access on the interface.

This command assumes that an X.25 network connection is being implemented and observes rules defined by X.25 and X.301 for CUG access. This command is enabled on a per-interface or per-line basis. Use this command to modify existing specified options without otherwise affecting the CUGs already defined.

The x25 subscribe cug-service command can be used to configure CUG security on synchronous X.25 data communications equipment (DCE) interfaces or terminal lines. A CUG service can be applied to console lines, auxiliary lines, standard asynchronous lines, and virtual terminal lines. A line configured for CUG service will apply CUG security to packet assembler/disassembler (PAD), X.28 mode, and protocol translation sessions. CUG protection is applied to incoming calls destined for the terminal line and call requests specified from the line.

The CUG selection facility suppression options are not available for terminal lines because incoming PAD calls are terminated by the line.

Use the x25 subscribe cug-service command with the suppress preferential or suppress all keywords to configure CUG selection facility suppression. The CUG selection facility suppression options are available on synchronous X.25 DCE interfaces only; they are not available on terminal lines because incoming PAD calls are terminated by the line.

The following restrictions apply to the x25 subscribe cug-service command:

•Disabling this command deconfigures all the CUGs defined for the device and disables all CUG-related commands, but it does not terminate the associated CUG switched virtual circuit (SVC) connections.

•The DTE cannot call the open part of the network unless the outgoing-access option is configured. Even if outgoing-access is permitted, the DCE will enforce any additional CUG requirements when handling an outgoing call (call request) from the DTE.

•The DTE will not receive calls from the open part of the network unless the incoming-access option is configured. Even if incoming-access is permitted, the DCE will enforce any additional CUG requirements before presenting an incoming call to the DTE.

Examples

CUG Service on a Terminal Line Example

The following example shows the configuration of CUG behavior on asynchronous line 1 and virtual terminal lines 0 to 9. The users of virtual terminal lines 0 to 9 have access only within the corporate CUGs designated for engineering (CUG 1102 or 1103); any call from a network X.25-class service destined for the line will be refused unless the inbound point of presence (POP) has validated it as a member of one of those two CUGs.

line vty 0 9

 Location Company A. Engineering Access

 x25 subscribe cug-service

 x25 subscribe local-cug 2 network-cug 1102 preferential

 x25 subscribe local-cug 3 network-cug 1103

CUG Service with CUG Selection Facility Suppression and Incoming Access Example

In the following example, CUG selection facility suppression and incoming access are configured for all CUGs, including the preferred CUG on the X.25 profile:

x25 profile CUG-SUPRS-ALL dce 

 x25 subscribe cug-service incoming-access suppress all 

 x25 subscribe local-cug 0 network-cug 10 preferential 

 x25 subscribe local-cug 20 network-cug 202 

 x25 subscribe local-cug 40 network-cug 40 

CUG Service with Incoming and Outgoing Access Example

The following example shows subscribing to both incoming and outgoing CUG service on the interface:

interface serial0

 encapsulation x25 dce

 x25 subscribe cug-service incoming-access outgoing-access

Related Commands

Command	Description
show x25 cug	Displays information about all CUGs or specific CUGs.
x25 facility	Forces facilities on a per-call basis for calls originated by the router.
x25 map	Sets the maximum number of virtual circuits that a protocol can have open simultaneously to one host.
x25 subscribe local-cug	Configures subscription to a specific CUG.

x25 subscribe flow-control

To control flow control parameter negotiation facilities in call setup packets, use the x25 subscribe flow-control interface configuration command. To have flow control parameter negotiation facilities included in call setup (outgoing) packets only when their values differ from the default values, use the no form of this command.

x25 subscribe flow-control {always | never}

no x25 subscribe flow-control

Syntax Description

always	Flow control parameter negotiation facilities are enabled and the flow control parameters are always included with call setup packets and are optional on inbound packets.
never	Flow control parameter negotiation facilities are disabled and the flow control parameters are never included with call setup packets, and are not permitted on inbound packets. Negotiation of flow control parameters is disabled.

Defaults

Flow control parameter negotiation facilities are included only when the parameter values differ from the default values.

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.

Usage Guidelines

This command has three states—default behavior (no x25 subscribe flow-control), facilities always included, or facilities never included (flow control parameter negotiation is not enabled).

This command controls inclusion of the X.25 flow control parameter negotiation facilities in call setup packets. By default, these facilities are included in call setup packets only when their values differ from the default values.

Configuring the no x25 subscribe flow-control command restores the default behavior. This only includes facilities outbound call setup packets when the requested values do not match the interface defaults.

This command can also be used in X.25 profile configuration mode.

Examples

The following example shows flow control parameter negotiation disabled on serial interface 1/4:

Router(config)# interface serial 1/4

Router(config-if)# x25 subscribe flow-control never

Related Commands

Command	Description
x25 profile	Configures an X.25 profile without allocating any hardware-specific information.
x25 routing	Enables X.25 switching or tunneling.
x25 subscribe packetsize	Sets permitted and target ranges for packet size during flow control negotiation.
x25 subscribe windowsize	Sets permitted and target ranges for window size during flow control negotiation.

x25 subscribe local-cug

To configure subscription to a specific closed user group (CUG), use the x25 subscribe local-cug command in interface configuration or line configuration mode. To remove the CUG subscription, use the no form of this command.

x25 subscribe local-cug number network-cug number [no-incoming | no-outgoing | preferential]

no x25 subscribe local-cug number network-cug number [no-incoming | no-outgoing | preferential]

Syntax Description

number	Specific local CUG number (0 to 9999).
network-cug	Network translated CUG identifier.
number	Specific network CUG number (0 to 9999).
no-incoming	(Optional) Bars calls to data terminal equipment (DTE) within the specified CUG, unless x25 subscribe cug-service incoming-access is configured.
no-outgoing	(Optional) Bars calls from DTE within the specified CUG, unless x25 subscribe cug-service outgoing-access is configured.
preferential	(Optional) Specified on only one CUG, which is the assumed CUG when none is provided in call setup. (A single CUG listed at the interface is automatically considered a preferred CUG.)

Defaults

Incoming and outgoing access.
Preferential (if this is the only CUG specified).

Command Modes

Interface configuration
Line configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.
12.2(13)T	This command was modified to configure X.25 CUG subscription on terminal lines.

Usage Guidelines

The first x25 subscribe local-cug command in a group of configurations will automatically enable CUG service behavior on the interface or line, if it is not already enabled, with the default setting of no public access.

The x25 subscribe cug-service command can be used to configure CUG subscription on X.25 synchronous data communications equipment (DCE) interfaces, console lines, auxiliary lines, standard asynchronous lines, and virtual terminal lines. A line configured for CUG service will apply CUG security to packet assembler/disassembler (PAD), X.28 mode, and protocol translation sessions. CUG protection is applied to incoming calls destined for the terminal line and call requests specified from the line.

A CUG number has only local significance. Because CUG service is a cooperative process among the network attachments (DCE devices), the local CUG number may have to be translated into a number that is significant to the network as a whole. For instance, two DTE devices may use CUG numbers 1 and 5 to refer to the global CUG number 1043 of the network. In this instance, both DCE devices would be configured to translate between the local CUG number of their DTE and the network CUG number. Duplicate network CUG identifiers are permitted for different local CUG identifiers.

A DTE subscription to a CUG that also includes the no-incoming option prevents incoming calls on that CUG (however, the DTE may still receive calls within other CUGs to which it is subscribed, or from the open network if incoming public access is subscribed).

CUG subscription of a DTE will not permit an outgoing call (call request) from the CUG if the no-outgoing option is configured.

The CUG will be assumed to be set to preferential (preferred) if there is only one CUG subscribed on that interface.

Examples

X.25 CUG Subscription on an Interface Example

The following example subscribes local CUGs 5000, 100, 200, and 300 to networks 55, 11, 22, and 33, respectively, with local CUG 5000 being set as the preferred CUG:

Router(config)# interface serial0

Router(config-if)# encapsulation x25 dce

Router(config-if)# x25 subscribe cug-service incoming-access outgoing-access

Router(config-if)# x25 subscribe local-cug 5000 network-cug 55 preferential

Router(config-if)# x25 subscribe local-cug 100 network-cug 11

Router(config-if)# x25 subscribe local-cug 200 network-cug 22

Router(config-if)# x25 subscribe local-cug 300 network-cug 33

X.25 CUG Subscription on a Terminal Line Example

The following example shows the configuration of CUG behavior on asynchronous line 1 and virtual terminal lines 0 to 9. The users of virtual terminal lines 0 to 9 have access only within the corporate CUGs designated for engineering (CUG 1102 or 1103); any call from a network X.25-class service destined for the line will be refused unless the inbound POP has validated it as a member of one of those two CUGs.

Router(config)# line vty 0 9

Router(config-line)# Location Company A. Engineering Access

Router(config-line)# x25 subscribe cug-service

Router(config-line)# x25 subscribe local-cug 2 network-cug 1102 preferential

Router(config-line)# x25 subscribe local-cug 3 network-cug 1103

Related Commands

Command	Description
show x25 cug	Displays information about all or specific (defined by the local or network CUG number) CUGs.
x25 facility	Forces facilities on a per-call basis for calls originated by the router (switched calls are not affected).
x25 map	Sets the maximum number of virtual circuits a protocol can have open simultaneously to one host.
x25 subscribe cug-service	Enables and controls standard CUG behavior on an X.25 DCE interface.

x25 subscribe packetsize

To set permitted and target ranges for packet size during flow control negotiation, use the x25 subscribe packetsize interface configuration command. To revert to the default packet size ranges, use the no form of this command.

x25 subscribe packetsize {permit pmin pmax | target pmin pmax}

no x25 subscribe packetsize {permit pmin pmax | target pmin pmax}

Syntax Description

permit	Permitted packet-size range identifier.
pmin	Minimum setting for packet size range (16 to 4096 by a power of two).
pmax	Maximum setting for packet size range (16 to 4096 by a power of two).
target	Target packet-size range identifier.

Defaults

None

Command Modes

Interface configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.

Usage Guidelines

The x25 subscribe packetsize command lets you specify the range of permitted and target values for packet size. These are called flow control parameter negotiation facilities. You can specify the permitted minimum and maximum packet sizes and target values for packet transmission (16 to 4096 as a power of two). Setting these values outside the permitted range will result in connection failure. The router attempts to negotiate values within the target range, but will only allow values outside the target range to be negotiated as long as the negotiation complies with the procedure defined in X.25 recommendations.

This command should be configured separately on both the data terminal equipment (DTE) and data circuit-terminating equipment (DCE), so that the permit range will be compatible and calls will be able to pass through the network. The target range is less critical. It only needs to be set on the Cisco router conducting the switching.

The effective ranges will be further constrained by other configuration options including the selection of normal (modulo 8) or extended (modulo 128) sequence numbers, the maximum packet size supported by the interface, and the x25 subscribe flow-control command.

Examples

The following example shows X.25 local acknowledgment being configured on serial interface 1/4, with packet size ranges being set at a permitted rate of 64 (minimum) and 1024 (maximum) and target rate of 128 (minimum) and 1024 (maximum):

Router(config)# x25 routing acknowledge local

Router(config)# interface serial 1/4

Router(config-if)# encapsulation x25 dte

Router(config-if)# x25 subscribe packetsize permit 64 1024 target 128 1024

Related Commands

Command	Description
x25 routing	Enables X.25 switching or tunneling.
x25 subscribe windowsize	Sets permitted and target ranges for window size during flow control negotiation.
x25 subscribe flow-control	Controls flow control parameter negotiation facilities in call setup packets.

x25 subscribe windowsize

To set permitted and target ranges for window size during flow control negotiation, use the x25 subscribe windowsize interface configuration command. To revert to the default window size ranges, use the no form of this command.

x25 subscribe windowsize {permit wmin wmax | target wmin wmax}

no x25 subscribe windowsize {permit wmin wmax | target wmin wmax}

Syntax Description

permit	Permitted window size range identifier.
wmin	Minimum setting for window size range (1 to 127).
wmax	Maximum setting for window size range (1 to 127).
target	Target window-size range identifier.

Defaults

This command has no default values.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.

Usage Guidelines

The x25 subscribe windowsize command lets you specify the range of permitted and target values for window size. These are called flow control values. You can specify the permitted minimum and maximum window size permitted and target values for packet transmission (1 to 127) at one time. Setting these values outside the permitted range may result in connection failure. The router attempts to negotiate values within the target range, but will only allow values outside the target range to be negotiated as long as the negotiation complies with the procedure defined in X.25 recommendations.

The effective ranges will be further constrained by other configuration options including the selection of normal (modulo 8) or extended (modulo 128) sequence numbers, the maximum window size supported by the interface, and the x25 subscribe flow-control command.

Examples

The following example shows X.25 local acknowledgment being configured on serial interface 1/4, with window size ranges being set at a permitted rate of 1 (minimum) and 7 (maximum) and target rate of 2 (minimum) and 4 (maximum):

Router(config)# x25 routing acknowledge local

Router(config)# interface serial 1/4

Router(config-if)# encapsulation x25 dte

Router(config-if)# x25 subscribe windowsize permit 1 7 target 2 4

Related Commands

Command	Description
x25 routing	Enables X.25 switching or tunneling.
x25 subscribe flow-control	Controls flow control parameter negotiation facilities in call setup packets.
x25 subscribe packetsize	Sets permitted and target ranges for packet size during flow control negotiation.

x25 suppress-called-address

To omit the destination address in outgoing calls, use the x25 suppress-called-address interface configuration command. To reset this command to the default state, use the no form of this command.

x25 suppress-called-address

no x25 suppress-called-address

Syntax Description

This command has no arguments or keywords.

Defaults

The called address is sent.

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.
11.3	This command was modified to include packet assembler/disassembler (PAD) calls.

Usage Guidelines

This command omits the called (destination) X.121 address in Call Request packets and is required for networks that expect only subaddresses in the Called Address field.

Examples

The following example suppresses or omits the called address in Call Request packets:

interface serial 0

 x25 suppress-called-address

x25 suppress-calling-address

To omit the source address in outgoing calls, use the x25 suppress-calling-address interface configuration command. To reset this command to the default state, use the no form of this command.

x25 suppress-calling-address

no x25 suppress-calling-address

Syntax Description

This command has no arguments or keywords.

Defaults

The calling address is sent.

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.
11.3	This command was modified to include packet assembler/disassembler (PAD) calls.

Usage Guidelines

This command omits the calling (source) X.121 address in Call Request packets and is required for networks that expect only subaddresses in the Calling Address field.

Examples

The following example suppresses or omits the calling address in Call Request packets:

interface serial 0

 x25 suppress-calling-address

x25 t10

To set the value of the Restart Indication retransmission timer (T10) on data communications equipment (DCE) devices, use the x25 t10 interface configuration command.

x25 t10 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

60 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T10 timer to 30 seconds:

interface serial 0

 x25 t10 30

x25 t11

To set the value of the Incoming Call timer (T11) on data communications equipment (DCE) devices, use the x25 t11 interface configuration command.

x25 t11 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T11 timer to 90 seconds:

interface serial 0

 x25 t11 90

x25 t12

To set the value of the Reset Indication retransmission timer (T12) on data communications equipment (DCE) devices, use the x25 t12 interface configuration command.

x25 t12 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

60 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T12 timer to 30 seconds:

interface serial 0

 x25 t12 30

x25 t13

To set the value of the Clear Indication retransmission timer (T13) on data communications equipment (DCE) devices, use the x25 t13 interface configuration command.

x25 t13 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

60 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T13 timer to 30 seconds:

interface serial 0

 x25 t13 30

x25 t20

To set the value of the Restart Request retransmission timer (T20) on data terminal equipment (DTE) devices, use the x25 t20 interface configuration command.

x25 t20 seconds

Syntax Description

seconds

Time in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T20 timer to 90 seconds:

interface serial 0

 x25 t20 90

x25 t21

To set the value of the Call Request timer (T21) on data terminal equipment (DTE) devices, use the x25 t21 interface configuration command.

x25 t21 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

200 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T21 timer to 100 seconds:

interface serial 0

 x25 t21 100

x25 t22

To set the value of the Reset Request retransmission timer (T22) on data terminal equipment (DTE) devices, use the x25 t22 interface configuration command.

x25 t22 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

ExamplesL

The following example sets the T22 timer to 90 seconds:

interface serial 0

 x25 t22 90

x25 t23

To set the value of the Clear Request retransmission timer (T23) on data terminal equipment (DTE) devices, use the x25 t23 interface configuration command.

x25 t23 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T23 timer to 90 seconds:

interface serial 0

 x25 t23 90

x25 threshold

To set the data packet acknowledgment threshold, use the x25 threshold interface configuration command.

x25 threshold delay-count

Syntax Description

delay-count

Value between zero and the input window size. A value of 1 sends one Receiver Ready acknowledgment per packet.

Defaults

0 (which disables the acknowledgment threshold)

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
11.2	This command was introduced.

Usage Guidelines

This command instructs the router to send acknowledgment packets when it is not busy sending other packets, even if the number of input packets has not reached the input window size count.

The router sends an acknowledgment packet when the number of input packets reaches the count you specify, providing there are no other packets to send. For example, if you specify a count of 1, the router will send an acknowledgment per input packet if it is unable to "piggyback" the acknowledgment of an outgoing data packet. This command improves line responsiveness at the expense of bandwidth.

This command only applies to encapsulated traffic over X.25 (datagram transport), not to routed traffic.

Examples

The following example sends an explicit Receiver Ready acknowledgment when it has received 5 data packets that it has not acknowledged:

interface serial 1

 x25 threshold 5

Related Commands

Command	Description
x25 win	Changes the default incoming window size to match that of the network.
x25 wout	Changes the default outgoing window size to match that of the network.

x25 use-source-address

To override the X.121 addresses of outgoing calls forwarded over a specific interface, use the x25 use-source-address interface configuration command. To prevent updating the source addresses of outgoing calls, use the no form of this command.

x25 use-source-address

no x25 use-source-address

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

Some X.25 calls, when forwarded by the X.25 switching support, need the calling (source) X.121 address updated to that of the outgoing interface. This update is necessary when you are forwarding calls from private data networks to public data networks (PDNs).

Examples

The following example shows how to prevent updating the source addresses of outgoing X.25 calls on serial interface 0 once calls have been forwarded:

interface serial 0

 no x25 use-source-address

x25 win

To change the default incoming window size to match that of the network, use the x25 win interface configuration command.

x25 win packets

Syntax Description

packets

Packet count that can range from 1 to one less than the window modulus.

Defaults

2 packets

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

This command determines the default number of packets a virtual circuit can receive before sending an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the largest number that the network allows.

---

Note Set x25 win and x25 wout to the same value unless your network supports asymmetric input and output window sizes.

---

Examples

The following example specifies that 5 packets may be received before an X.25 acknowledgment is sent:

interface serial 1

 x25 win 5

Related Commands

Command	Description
x25 modulo	Sets the window modulus.
x25 threshold	Sets the data packet acknowledgment threshold.
x25 wout	Changes the default outgoing window size to match that of the network.

x25 wout

To change the default outgoing window size to match that of the network, use the x25 wout interface configuration command.

x25 wout packets

Syntax Description

packets

Packet count that can range from 1 to one less than the window modulus.

Defaults

2 packets

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

This command determines the default number of packets a virtual circuit can send before waiting for an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the largest number that the network allows.

---

Note Set x25 win and x25 wout to the same value unless your network supports asymmetric input and output window sizes.

---

Examples

The following example specifies a default limit of 5 for the number of outstanding unacknowledged packets for virtual circuits:

interface serial 1

 x25 wout 5

Related Commands

Command	Description
x25 modulo	Sets the window modulus.
x25 threshold	Sets the data packet acknowledgment threshold.
x25 win	Changes the default incoming window size to match that of the network.

x29 access-list

To limit access to the access server from certain X.25 hosts, use the x29 access-list global configuration command. To delete an entire access list, use the no form of this command.

x29 access-list access-list-number {deny | permit} x121-address

no x29 access-list access-list-number

Syntax Description

access-list-number	Number of the access list. It can be a value between 1 and 199.
deny	Denies access and clears call requests immediately.
permit	Permits access to the protocol translator.
x121-address	If applied as an inbound access class, specifies the X.121 address that can or cannot have access (with or without regular expression pattern-matching characters). The X.121 address is the source address of the incoming packet. If applied as an outbound access class, then the address specifies a destination to where connections are allowed.

Defaults

No access lists are defined.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

The service pad global configuration command must be configured before the x29 access-list command can be used.

An access list can contain any number of access list items. The list items are processed in the order in which you entered them, with the first match causing the permit or deny condition. If an X.121 address does not match any of the regular expressions in the access list, access is denied.

Access lists take advantage of the message field defined by Recommendation X.29, which describes procedures for exchanging data between two PADs, or between a PAD and a DTE device.

The UNIX-style regular expression characters allow for pattern matching of characters and character strings in the address. Various pattern-matching constructions are available that allow many addresses to be matched by a single regular expressions. For more information, refer to the "Regular Expressions" appendix in the Cisco IOS Terminal Services Configuration Guide.

The access lists must be applied to a vty with the access-class command.

Examples

The following example permits connections to hosts with addresses beginning with the string 31370:

x29 access-list 2 permit ^31370

Related Commands

Command	Description
access-class	Restricts incoming and outgoing connections between a particular vty (into a Cisco device) and the addresses in an access list.
service pad	Enables all PAD commands and connections between PAD devices and access servers.

x29 profile

To create a packet assembler/disassembler (PAD) profile script for use by the translate command, use the x29 profile global configuration command.

x29 profile {default | name} parameter:value [parameter:value]

Syntax Description

default	Specifies default profile script.
name	Name of the PAD profile script.
parameter:value	X.3 PAD parameter number and value separated by a colon. You can specify multiple parameter-value pairs on the same line.

Defaults

The default PAD profile script is used. The default for inbound connections is:

2:0 4:1 15:0 7:21

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

The service pad global configuration command must be configured before the x29 profile command can be used.

When an X.25 connection is established, the access server acts as if an X.29 Set Parameter packet had been sent containing the parameters and values set by the x29 profile command and sets the access server accordingly.

For incoming PAD connections, the Protocol Translator uses a default PAD profile to set the remote X.3 PAD parameters unless a profile script is defined with the translate command.

---

Note If you set the X.29 profile to "default," the profile is applied to all incoming X.25 PAD calls, including the calls used for protocol translation.

---

Examples

The following profile script turns local edit mode on when the connection is made and establishes local echo and line termination upon receipt of a Return packet. The name linemode is used with the translate command to effect use of this script.

x29 profile linemode 2:1 3:2 15:1

To override the default PAD profile, create a PAD profile script named "default" by using the following command:

x29 profile default 2:1 4:1 15:0 4:0

Related Commands

Command	Description
service pad	Enables all PAD commands and connections between PAD devices and access servers.
translate x25	Translates an X.25 connection request automatically to another outgoing protocol connection type.

xot access-group

To control access to X.25 over TCP (XOT) and allow IP addresses permitted by the access list to have unique X.25 configuration, use the xot access-group command in global configuration mode. To delete an XOT access group, use the no form of this command.

xot access-group access-list-number [profile profile-name]

no xot access-group access-list-number

Syntax Description

access-list-number	Number of a standard IP access list. The range is from 1 to 99.
profile profile-name	(Optional) X.25 profile to be associated with the access group.

Defaults

No XOT access group is defined, and default X.25 parameter settings apply to XOT connections.

Command Modes

Global configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.

Usage Guidelines

The xot access-group command allows you to create XOT access groups by associating an IP access list with XOT. The access list provides a pass or fail indicator of whether a particular IP address is authorized.

Only standard IP access lists are supported.

XOT access groups are sorted by access-group number. When a new XOT connection is made, the IP address is tested against the access list of the first access group. If the IP address does not match the first list, the second list is tested, and so on.

The xot access-group command disables the legacy XOT functionality and enables the new XOT access behavior. If you enter the xot access-group after the legacy XOT context has been created, the message "Active connection(s) will terminate [confirm]" will be displayed if any XOT connections are active. If the message is confirmed, any active XOT connections using the legacy context will be detached. The legacy context will then be deleted.

Deleting an XOT access group by entering the no xot access-group command will cause the message "Active connection(s) will terminate [confirm]" to be displayed if any connections are active. Confirming the message will cause active connections using the access list to be detached and the associated XOT context to be deleted.

XOT access groups can be associated with X.25 profiles. By this means, the IP addresses specified in the access list can have a unique X.25 configuration. An access group can be associated with one X.25 profile. If an access group is not associated with an X.25 profile, then the XOT connections associated with the access group will use the default X.25 configuration.

The X.25 profile must already exist and must specify a data exchange equipment (DXE) station type before it can be associated with an XOT access group. The station type of a profile cannot be changed once the profile is created.

An X.25 profile can be associated with multiple access groups.

Examples

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

In the following example, an access list is defined to permit all XOT connections. All XOT connections will use the X.25 configuration defined in the X.25 profile called "NEW-DEFAULT".

! Create a DXE station type profile with any name and configure the X.25 parameters under 
! the named profile 

!

x25 profile NEW-DEFAULT dxe 

 x25 address 12345 

 x25 modulo 128 

 x25 win 15 

 x25 wout 15 

 x25 ips 256 

 x25 ops 256 

!

! Define an IP standard access list to permit any XOT connection

!

access-list 10 permit any

!

! Apply the access list and X.25 profile to all XOT connections 

!

xot access-group 10 profile NEW-DEFAULT

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

In the following example, XOT connections permitted by access list 10 will use the default X.25 configuration. XOT connections permitted by access list 22 will use the X.25 configuration that is defined in the X.25 profile "TRANSPAC".

! Define the IP access lists by specifying an IP access list number and access condition

!

ip access-list standard 10 

 permit 10.0.155.9 

 deny any 

ip access-list standard 22 

 permit 171.69.0.0 0.0.255.255 log 

 deny any

!

! Apply the default X.25 configuration to XOT connections permitted by access list 10

!

xot access-group 10 

!

! Configure an X.25 profile with station type DXE

!

x25 profile TRANSPAC dxe 

 x25 modulo 128 

 x25 win 80 

 x25 wout 80 

 x25 default pad

! Apply the X.25 profile to XOT connections permitted by access list 22

!

xot access-group 22 profile TRANSPAC

Related Commands

Command	Description
access-list (IP standard)	Defines a standard IP access list.
show x25 context	Displays operating configuration status details of an X.25 link.
show x25 profile	Displays details of X.25 profiles on your router.
show x25 xot	Displays information for all XOT virtual circuits that match a given criterion.
x25 profile	Configures an X.25 profile without allocating any hardware-specific information.