Table Of Contents

x25 ops

x25 pad-access

x25 profile

x25 pvc (encapsulation)

x25 pvc (switched PVC to SVC)

x25 pvc (switched)

x25 pvc (XOT)

x25 pvc rbp local

x25 pvc rbp remote

x25 remote-red

x25 retry

x25 roa

x25 route

x25 routing

x25 security clamn

x25 security crcdn

x25 subscribe cug-service

x25 subscribe flow-control

x25 subscribe local-cug

x25 subscribe packetsize

x25 subscribe windowsize

x25 suppress-called-address

x25 suppress-calling-address

x25 t10

x25 t11

x25 t12

x25 t13

x25 t20

x25 t21

x25 t22

x25 t23

x25 threshold

x25 use-source-address

x25 win

x25 wout

x29 access-list

x29 profile

xot access-group

x25 ops

To set the interface default maximum output packet size to match that of the network, use the x25 ops interface configuration command.

x25 ops bytes

Syntax Description

bytes

Byte count that is one of the following: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.

Defaults

128 bytes

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

X.25 networks use maximum output packet sizes set by the network administrator. Larger packet sizes are better because smaller packets require more overhead processing. To send a packet larger than the X.25 packet size over an X.25 virtual circuit, the Cisco IOS software must break the packet into two or more X.25 packets with the more data bit (M-bit) set. The receiving device collects all packets with the M-bit set and reassembles the original packet.

---

Note Set the x25 ips and x25 ops commands to the same value unless your network supports asymmetry between input and output packets.

---

Examples

The following example sets the default maximum packet sizes to 512:

interface serial 1

 x25 ips 512

 x25 ops 512

Related Commands

Command	Description
x25 ips	Sets the interface default maximum input packet size to match that of the network.

x25 pad-access

To cause the packet assembler/disassembler (PAD) software to accept PAD connections only from statically mapped X.25 hosts, use the x25 pad-access interface configuration command. To disable checking maps on PAD connections, use the no form of this command.

x25 pad-access

no x25 pad-access

Syntax Description

This command has no arguments or keywords.

Defaults

Accept PAD connections from any host.

Command Modes

Interface configuration

Command History

Release	Modification
10.2	This command was introduced.

Usage Guidelines

By default, all PAD connection attempts are processed for session creation or protocol translation, subject to the configuration of those functions. If you use the x25 pad-access command, PAD connections are processed only for incoming calls with a source address that matches a statically mapped address configured with the x25 map pad interface configuration command. PAD connections are refused for any incoming calls with a source address that has not been statically mapped.

Examples

The following example restricts incoming PAD access on the interface to attempts from the host with the X.121 address 000000010300:

interface serial 1

 x25 pad-access

 x25 map pad 000000010300

Related Commands

Command	Description
service pad	Enables all PAD commands and connections between PAD devices and access servers.
x25 map pad	Configures an X.121 address mapping for PAD access over X.25.
x29 access-list	Limits access to the access server from certain X.25 hosts.
x29 profile	Creates a PAD profile script for use by the translate command.

x25 profile

To configure an X.25 profile without allocating any hardware specific information, use the x25 profile command in global configuration mode. To delete this profile, use the no form of this command.

x25 profile name {dce | dte | dxe}

no x25 profile name

Syntax Description

name	X.25 profile name that you assign.
dce	Indicates a data communications equipment (DCE) interface.
dte	Indicates a data terminal equipment (DTE) interface.
dxe	Indicates a data exchange equipment (DXE) interface.

Defaults

dte

Command Modes

Global configuration

Command History

Release	Modification
12.0(3)T	This command was introduced.
12.0(7)T	The x25 subscribe flow-control command was added to the X.25 profile configuration mode X.25 options.

Usage Guidelines

You can enable many X.25 commands in X.25 profile configuration mode. Table 71 lists the following X.25 commands in X.25 profile configuration mode, which you may use to create your X.25 profile.

Table 71 x25 profile Configuration Mode X.25 Options 

Command	Description
x25 accept-reverse	Accepts all reverse charged calls.
x25 address	Sets interface X.121 address.
x25 alias	Defines an alias address pattern.
x25 aodi	Enables AODI (Always On/Direct ISDN) Service.
x25 default	Sets protocol for calls with unknown Call User Data.
x25 facility	Sets explicit facilities for originated calls.
x25 hic	Sets highest incoming channel.
x25 hoc	Sets highest outgoing channel.
x25 hold-queue	Sets limit on packets queued per circuit.
x25 hold-vc-timer	Sets time to prevent calls to a failed destination.
x25 htc	Sets highest two-way channel.
x25 idle	Sets inactivity time before clearing switched virtual circuit (SVC).
x25 lic	Sets lowest incoming channel.
x25 linkrestart	Restarts when Link Access Procedure, Balanced (LAPB) resets.
x25 loc	Sets lowest outgoing channel.
x25 ltc	Sets lowest two-way channel.
x25 map	Maps protocol addresses to X.121 address.
x25 modulo	Sets operating standard.
x25 nonzero-dte-cause	Allows non-zero DTE cause codes.
x25 nvc	Sets maximum virtual circuits (VCs) simultaneously open to one host per protocol.
x25 ops	Sets default maximum output packet size.
x25 subscribe flow-control	Controls flow control parameter negotiation facilities in call setup packets.
x25 suppress-called-address	Omits destination address in outgoing calls.
x25 suppress-calling-address	Omits source address in outgoing calls.
x25 t10	Sets DCE Restart Request retransmission timer.
x25 t11	Sets DCE Call Request retransmission timer.
x25 t12	Sets DCE Reset Request retransmission timer.
x25 t13	Sets DCE Clear Request retransmission timer.
x25 threshold	Sets packet count acknowledgment threshold.
x25 use-source-address	Uses local source address for forwarded calls.
x25 win	Sets default input window (maximum unacknowledged packets).
x25 wout	Sets default output window (maximum unacknowledged packets).

Table 72 lists LAPB commands in X.25 configuration mode, which you may use to create your X.25 profile.

Table 72 x25 profile lapb Options 

Command	Description
interface-outage	Interface outage deadband (partial T3).
k	Maximum number of outstanding frames (window size).
modulo	Set frame numbering modulus.
N2	Maximum number of attempts to transmit a frame.
T1	Retransmission timer.
T2	Explicit acknowledge deferral timer.
T4	Keepalive timer.

Examples

The following example shows the NetworkNodeA profile being set as a DCE interface, and with x25 htc, x25 idle, x25 accept-reverse, and x25 modulo commands enabled:

Router(config)# x25 profile NetworkNodeA dce

Router(config-x25)# x25 htc 128

Router(config-x25)# x25 idle 5

Router(config-x25)# x25 accept-reverse

Router(config-x25)# x25 modulo 128

Related Commands

Command	Description
show x25 profile	Displays information about configured X.25 profiles.

x25 pvc (encapsulation)

To establish an encapsulation permanent virtual circuit (PVC), use the encapsulating version of the x25 pvc command in interface configuration mode. To delete the PVC, use the no form of this command with the appropriate channel number.

x25 pvc circuit protocol address [protocol2 address2 [...[protocol9 address9]]] x121-address
[option]

no x25 pvc circuit

Syntax Description

circuit	Virtual-circuit channel number, which must be less than the virtual circuits assigned to the switched virtual circuits (SVCs).
protocol	Protocol type, entered by keyword. Supported protocols are listed in Table 73. As many as nine protocol and address pairs can be specified in one command line.
address	Protocol address of the host at the other end of the PVC.
x121-address	X.121 address.
option	(Optional) Provides additional functionality or allows X.25 parameters to be specified for the PVC. Can be any of the options listed in Table 74.

Defaults

The PVC window and maximum packet sizes default to the interface default values.

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.
12.2(13)T	The apollo, vines, and xns arguments were removed because Apollo Domain, Banyan VINES, and Xerox Network Systems are no longer available in the Cisco IOS software.

Usage Guidelines

PVCs are not supported for ISO Connection-Mode Network Service (CMNS).

You no longer need to specify a datagram protocol-to-address mapping before you can set up a PVC; a map is implied from the PVC configuration. Configurations generated by the router will no longer specify a map for encapsulating PVCs.

When configuring a PVC to carry CLNS traffic, use the X.121 address as the subnetwork point of attachment (SNPA) to associate the PVC with a CLNS neighbor configuration. When configuring a PVC to carry transparent bridge traffic, the X.121 address is required to identify the remote host to the bridging function. Other encapsulation PVCs do not require an X.121 address.

Table 73 lists supported protocols.

Table 73 Protocols Supported by X.25 PVCs 

Keyword	Protocol
appletalk	AppleTalk
bridge	Bridging1
clns	OSI Connectionless Network Service
compressedtcp	TCP/IP header compression
decnet	DECnet
ip	IP
ipx	Novell IPX
qllc	SNA encapsulation in X.252

1 Bridging traffic is supported only for Cisco's traditional encapsulation method, so a bridge PVC cannot specify other protocols. 2 QLLC is not available for multiprotocol encapsulation.

Table 74 lists supported X.25 PVC options.

Table 74 x25 pvc Options 

Option	Description
broadcast	Causes the Cisco IOS software to direct any broadcasts sent through this interface to this PVC. This option also simplifies the configuration of OSPF.
method {cisco | ietf | snap | multi}	Specifies the encapsulation method. The choices are as follows: •cisco—Single protocol encapsulation; not available if more than one protocol is carried. •ietf—Default RFC 1356 operation; single-protocol encapsulation unless more than one protocol is carried, and protocol identification when more than one protocol is carried. •snap—RFC 1356 operation where IP is identified when more than one protocol is carried using the SNAP encoding. •multi—Multiprotocol encapsulation used on the PVC.
packetsize in-size out-size	Maximum input packet size (in-size) and output packet size (out-size) for the PVC. Both values are typically the same and must be one of the following values: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
passive	Specifies that transmitted TCP datagrams will be compressed only if they were received compressed. This option is available only for PVCs carrying compressed TCP/IP header traffic.
windowsize in-size out-size	Packet count for input window (in-size) and output window (out-size) for the PVC. Both values are typically the same, must be in the range 1 to 127, and must be less than the value set for the x25 modulo command.

Examples

The following example establishes a PVC on channel 2 to encapsulate VINES and IP with the far host:

interface serial 0

 x25 ltc 5

 x25 pvc 2 vines 60002A2D:0001 ip 172.20.170.91 11110001

Related Commands

Command	Description
x25 map	Sets up the LAN protocols-to-remote host mapping.

x25 pvc (switched PVC to SVC)

To configure a switched permanent virtual circuit (PVC) to a switched virtual circuit (SVC) for a given interface, use the switched PVC to SVC version of the x25 pvc interface configuration command.

x25 pvc number1 svc x121-address [flow-control-options] [call-control-options]

Syntax Description

number1	Logical channel ID of the PVC. Value must be lower than any range of circuit numbers defined for SVCs.
svc	Specifies a SVC type.
x121-address	Destination X.121 address for opening an outbound SVC and source X.121 address for matching an inbound SVC.
flow-control-options	(Optional) Adds certain features to the mapping specified. It can be any of the options listed in Table 75.
call-control-options	(Optional) Adds certain features to the mapping specified. It can be any of the options listed in Table 76.

Defaults

This command has no default values.

Command Modes

Interface configuration

Command History

Release	Modification
11.2 F	This command was introduced.

Usage Guidelines

The PVC window and maximum packet sizes default to the interface default values. The default idle time comes from the interface on which the x25 pvc command is configured, not the interface on which the call is sent/received.

PVC circuit numbers must come before (that is, be numerically smaller than) the circuit numbers allocated to any SVC range.

On an outgoing call, the packet size facilities and window size facilities will be included. The call will be cleared if the call accepted packet specifies different values.

On an incoming call, requested values that do not match the configured values will be refused.

Table 75 lists the flow control options supported by X.25 during PVC to SVC switching.

Table 75 x25 pvc Flow Control Options 

Option	Description
packetsize in-size out-size	Maximum input packet size (in-size) and output packet size (out-size) for both the PVC and SVC. Values may differ but must be one of the following: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
windowsize in-size out-size	Packet count for input window (in-size) and output window (out-size) for both the PVC and SVC. Both values may differ but must be in the range 1 to 127 and must be less than the value set for the x25 modulo command.

Table 76 lists the call control options supported by X.25 during PVC to SVC switching.

Table 76 x25 pvc Call Control Options 

Option	Description
accept-reverse	Causes the Cisco IOS software to accept incoming reverse-charged calls. If this option is not present, the Cisco IOS software clears reverse-charged calls unless the interface accepts all reverse-charged calls.
idle minutes	Idle time-out for the SVC. This option will override the interface's x25 idle command value only for this circuit.
no-incoming	Establishes a switched virtual circuit to the specified X.121 address when data is received from the permanent virtual circuit, but does not accept calls from this X.121 address.
no-outgoing	Accepts an incoming call from the specified X.121 address, but does not attempt to place a call when data is received from the permanent virtual circuit. If data is received from the permanent virtual circuit while no call is connected, the PVC will be reset.

Examples

The following example configures PVC to SVC switching between two serial interfaces:

x25 routing

interface serial0

 encapsulation x25

 x25 address 201700

 x25 ltc 128

 x25 idle 2

interface serial2

 encapsulation x25 dce

 x25 address 101702

x25 route ^20 interface serial0

x25 route ^10 interface serial2

interface serial0

 x25 pvc 5 svc 101601 packetsize 128 128 windowsize 2 2 no-incoming

 x25 pvc 6 svc 101602 packetsize 128 128 windowsize 2 2 no-outgoing idle 0

 x25 pvc 7 svc 101603 packetsize 128 128 windowsize 2 2

Any call with a destination address beginning with 20 will be routed to serial interface 0. Any call with a destination address beginning with 10 will be routed to serial interface 2. (Note that incoming calls will not be routed back to the same interface from which they arrived.)

Traffic received on PVC 5 on serial interface 0 will cause a call to be placed from address 201700 to the X.121 address 101601. The routing table will then forward the call to serial interface 2. If no data is sent or received on the circuit for two minutes, the call will be cleared, as defined by the x25 idle command. All incoming calls from 101601 to 201700 will be refused, as defined by the no-incoming attribute.

The second x25 pvc command configures the circuit to allow incoming calls from 101602 to 201700 to be connected to PVC 6 on serial interface 1. Because idle is set to 0, the call will remain connected until cleared by the remote host or an X.25 restart. Because outgoing calls are not permitted for this connection, if traffic is received on PVC 6 on serial interface 0 before the call is established, the traffic will be discarded and the PVC will be reset.

The last x25 pvc command configures the circuit to accept an incoming call from 101603 to 201700 and connects the call to PVC 7 on serial interface 0. If no data is sent or received on the circuit for two minutes, the call will be cleared. If traffic is received on PVC 7 on serial interface 0 before the call is established, a call will be placed to 101503 to 201700.

x25 pvc (switched)

To configure a switched permanent virtual circuit (PVC) for a given interface, use the switched version of the x25 pvc interface configuration command.

x25 pvc number1 interface type number pvc number2 [option]

Syntax Description

number1	PVC number that will be used on the local interface (as defined by the primary interface command).
interface	Required keyword to specify an interface.
type	Remote interface type.
number	Remote interface number.
pvc	Required keyword to specify a switched PVC.
number2	PVC number that will be used on the remote interface.
option	(Optional) Adds certain features to the mapping specified; can be either option listed in Table 77.

Defaults

The PVC window and maximum packet sizes default to the interface default values.

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

You can configure X.25 PVCs in the X.25 switching software. As a result, data terminal equipment (DTE) devices that require permanent circuits can be connected to the router acting as an X.25 switch and have a properly functioning connection. X.25 resets will be sent to indicate when the circuit comes up or goes down.

PVC circuit numbers must come before (that is, be numerically smaller than) the circuit numbers allocated to any SVC range.

Table 77 lists the switched PVC options supported by X.25.

Table 77 x25 pvc Switched PVC Options 

Option	Description
packetsize in-size out-size	Maximum input packet size (in-size) and output packet size (out-size) for the PVC. Both values must be one of the following values: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
windowsize in-size out-size	Packet count for input window (in-size) and output window (out-size) for the PVC. Both values should be the same, must be in the range 1 to 127, and must not be greater than the value set for the x25 modulo command.

Examples

The following example configures a PVC connected between two serial interfaces on the same router. In this type of interconnection configuration, the alternate interface must be specified along with the PVC number on that interface. To make a working PVC connection, two commands must be specified, each pointing to the other, as this example illustrates.

interface serial 0

 encapsulation x25

 x25 ltc 5

 x25 pvc 1 interface serial 1 pvc 1

interface serial 1

 encapsulation x25

 x25 ltc 5

 x25 pvc 1 interface serial 0 pvc 1

x25 pvc (XOT)

To connect two permanent virtual circuits (PVCs) across a TCP/IP LAN, use the X.25-over-TCP (XOT) service form of the x25 pvc interface configuration command.

x25 pvc number1 xot address interface serial string pvc number2 [option]

Syntax Description

number1	PVC number of the connecting device.
xot	Indicates two PVCs will be connected across a TCP/IP LAN using XOT.
address	IP address of the device to which you are connecting.
interface serial	Indicates the interface is serial.
string	Serial interface specification that accepts either a number or a string in model 7000 format (number/number) to denote the serial interface.
pvc	Indicates a PVC.
number2	Remote PVC number on the target interface.
option	(Optional) Adds certain features for the connection; can be one or more of the options listed in Table 78.

Defaults

The PVC window and packet sizes default to the interface default values.

The default for the xot-keepalive-period option is 60 seconds.

The default for the xot-keepalive-tries option is 4 tries.

Command Modes

Interface configuration

Command History

Release	Modification
10.3	This command was introduced.

Usage Guidelines

Use the PVC tunnel commands to tell the Cisco IOS software what the far end of the PVC is connected to. The incoming and outgoing packet sizes and window sizes must match the remote PVC outgoing and incoming sizes.

It is recommended that the xot-source option be used on the remote host so that a consistent IP address is used for the connection.

Table 78 lists the PVC tunnel options supported by X.25.

Table 78 x25 pvc PVC Tunnel Options 

Option	Description
packetsize in-size out-size	Maximum input packet size (in-size) and output packet size (out-size) for the PVC. Both values must be one of the following values: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
windowsize in-size out-size	Packet count for input window (in-size) and output window (out-size) for the PVC. Both values should be the same, must be in the range 1 to 127, and must not be greater than or equal to the value set for the x25 modulo command.
xot-keepalive-period seconds	Number of seconds between keepalives for XOT connections. The default is 60 seconds.
xot-keepalive-tries count	Number of times TCP keepalives should be sent before dropping the connection. The default value is 4 times.
xot-promiscuous	Indicates that the remote IP address should be ignored when matching an incoming XOT connection with the XOT PVC parameters.
xot-source interface	Specifies an interface whose IP address should be used as the local IP address of the TCP connection.

Each XOT connection relies on a TCP session to carry traffic. To ensure that these TCP sessions remain connected in the absence of XOT traffic, use the service tcp-keepalives-in and service tcp-keepalives-out global configuration commands. If TCP keepalives are not enabled, the XOT PVCs might encounter problems if one end of the connection is reloaded. When the reloaded host attempts to establish a new connection, the other host refuses the new connection because it has not been informed that the old session is no longer active. Recovery from this state requires the other host to be informed that its TCP session is no longer viable so that it attempts to reconnect the PVC.

Also, TCP keepalives inform a router when an XOT switched virtual circuit (SVC) session is not active, thus freeing the router's resources.

Examples

The following example enters the parameters for one side of a connection destined for a platform other than the Cisco 7000 series with RSP7000:

service tcp-keepalives-in

service tcp-keepalives-out

interface serial 0

 x25 pvc 1 xot 172.20.1.2 interface serial 1 pvc 2

The following example enters the parameters for one side of a connection destined for the 
Cisco 7000 series with RSP7000:

service tcp-keepalives-in

service tcp-keepalives-out

interface serial 0

 x25 pvc 1 xot 172.20.1.2 interface serial 1/1 pvc 2

Refer to the section "X.25 and LAPB Configuration Examples" in the Cisco IOS Wide-Area Networking Configuration Guide for more complete configuration examples.

Related Commands

Command	Description
service tcp-keepalives-in	Generates keepalive packets on idle incoming network connections (initiated by the remote host).
service tcp-keepalives-out	Generates keepalive packets on idle outgoing network connections (initiated by a user).

x25 pvc rbp local

To configure a router to accept an incoming TCP connection on a specified TCP port, and to use record boundary preservation (RBP) over that session to transfer data between the TCP host and an X.25 permanent virtual circuit (PVC), use the x25 map rbp local command in interface configuration mode. To delete the PVC, use the no form of this command.

x25 pvc circuit rbp local port port [packetsize in-size out-size] [recordsize size] [windowsize in-size out-size]

no x25 pvc circuit

Syntax Description

circuit	Virtual-circuit channel number, which must be less than the virtual circuits assigned to the switched virtual circuits (SVCs).
port port	TCP port number on which the router should listen.
packetsize in-size out-size	(Optional) Maximum input packet size (in-size) and output packet size (out-size) for the PVC. The two values are typically the same and must be one of the following: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
recordsize size	(Optional) Maximum length of a record.
windowsize in-size out-size	(Optional) Packet count for input window (in-size) and output window (out-size) for the PVC. The two values are typically the same, must be in the range from 1 to 127, and must be less than the value set for the x25 modulo command.

Defaults

No PVC is configured.

The PVC window and maximum packet sizes default to the interface default values.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.

Usage Guidelines

RBP enables X.25 hosts to exchange data with TCP/IP hosts via TCP sessions while maintaining X.25 packet boundaries.

When connections that will be established by the TCP/IP host are configured, the local TCP port number must be unique, with the exception that the same TCP port number may be configured once on each of multiple X.25 interfaces that will not be active simultaneously. This includes situations in which one X.25 interface is configured as a backup interface for another X.25 interface.

When the x25 pvc rbp local command is configured, the router will listen for a TCP connection request to the configured TCP port. Until the connection request is received, the router will acknowledge any X.25 reset packets on the circuit. When the TCP connection request is received, the connection will be accepted, and the router will send an X.25 reset packet over the configured X.25 destination circuit. If the reset packet is not acknowledged, the TCP connection will be closed.

Since this command is associated with a specific X.25 circuit, only one connection may be active per command.

When a PVC is configured, the virtual circuit must be unique. Multiple commands referencing the same virtual circuit (matching logical channel identifier and interface) are not permitted.

When connections that will be established by the TCP/IP host are configured, the local TCP port number must be unique, with the exception that the same TCP port number may be configured once on each of multiple X.25 interfaces that will not be active simultaneously. This includes the case in which one X.25 interface is configured as a backup interface for another X.25 interface.

Examples

Interface serial2/1

 encapsulation x25

 x25 pvc 2 rbp local port 9999

Related Commands

Command	Description
show x25 map	Displays information about configured address maps.
show x25 vc	Displays information about active SVCs and PVCs.
x25 map	Establishes X.25 circuits in response to incoming TCP connections and uses RBP to transfer data between the TCP session and the X.25 circuit.
x25 map rbp remote	Establishes TCP sessions in response to incoming X.25 calls and uses RBP to transfer data between the X.25 circuit and the TCP session.
x25 pvc rbp remote	Establishes TCP sessions and uses RBP to transfer data between the X.25 host and the TCP session.

x25 pvc rbp remote

To configure a router to establish a TCP session in response to data received on an X.25 permanent virtual circuit (PVC) and to use record boundary preservation (RBP) to transfer data between the X.25 host and the TCP session, use the x25 pvc rbp remote command in interface configuration mode. To delete the PVC, use the no form of this command.

x25 pvc circuit rbp remote host ip-address port port [packetsize in-size out-size] [source-interface interface] [recordsize size] [windowsize in-size out-size]

no x25 pvc circuit

Syntax Description

circuit	Virtual-circuit channel number, which must be less than the virtual circuits assigned to the switched virtual circuits (SVCs).
host ip-address	Remote IP address for the TCP connection.
port port	TCP port number on which the router should listen.
packetsize in-size out-size	(Optional) Maximum input packet size (in-size) and output packet size (out-size) for the PVC. The two values are typically the same and must be one of the following: 16, 32, 64, 128, 256, 512, 1024, 2048, or 4096.
source-interface interface	(Optional) Name of an interface whose IP address will be used as the local IP address for the TCP connection.
recordsize size	(Optional) Maximum length of a record.
windowsize in-size out-size	(Optional) Packet count for input window (in-size) and output window (out-size) for the PVC. The two values are typically the same, must be in the range from1 to 127, and must be less than the value set for the x25 modulo command.

Defaults

The PVC window and maximum packet sizes default to the interface default values.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.

Usage Guidelines

RBP enables X.25 hosts to exchange data with TCP/IP hosts via TCP sessions while maintaining X.25 packet boundaries.

When a PVC is configured, the virtual circuit must be unique. Multiple commands referencing the same virtual circuit (matching logical channel identifier and interface) are not permitted.

When the x25 pvc rbp remote command is configured, the router will wait until a data packet is received on a specific X.25 PVC. Until it receives a data packet, the router will acknowledge any X.25 reset packets on the circuit. When a data packet is received, the router will attempt to establish a TCP connection to a configured IP address and TCP port, using a dynamically assigned local TCP port number. If the connection attempt fails, the router will reset the PVC and wait for another data packet before reattempting to establish the TCP connection.

Since the x25 pvc rbp remote command is associated with a specific X.25 circuit, at most one connection may be active per command.

Examples

interface serial1/0

 encapsulation x25 

 x25 pvc 1 rbp remote host 10.0.0.1 port 9999

Related Commands

Command	Description
show x25 map	Displays information about configured address maps.
show x25 vc	Displays information about active SVCs and PVCs.
x25 map	Establishes X.25 circuits in response to incoming TCP connections and uses RBP to transfer data between the TCP session and the X.25 circuit.
x25 map rbp remote	Establishes TCP sessions in response to incoming X.25 calls and uses RBP to transfer data between the X.25 circuit and the TCP session.
x25 pvc rbp local	Accepts incoming TCP connections and uses RBP to transfer data between the TCP host and an X.25 PVC.

x25 remote-red

This command is no longer supported.

x25 retry

To activate a secondary route while also retrying a failed primary route, use the x25 retry interface configuration command in conjunction with the ip route or backup interface commands. To discontinue implementing secondary X.25 routes and retrying of primary X.25 routes, use the no form of this command.

x25 retry interval seconds attempts count

no x25 retry interval seconds attempts count

Syntax Description

interval	Keyword defining interval between attempts.
seconds	Number of seconds between attempts.
attempts	Keyword defining number of attempts.
count	Number of attempts to reestablish the closed link before discontinuing.

Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(5)T	This command was introduced.

Usage Guidelines

The x25 retry command is triggered when no switched virtual circuits (SVCs) are up, and an outgoing call fails.

The retry attempts will continue until any of the following happens:

•The configured retry attempts limit is reached.

•The attempt to reestablish the link is successful.

•An incoming call is received on the subinterface.

•The X.25 packet layer on the interface is restarted.

If the number of retry attempts exceeds the configured limit, the interface will remain marked "down" until any of the following happens:

•An incoming call is received on the subinterface.

•The X.25 packet layer on the interface is restarted.

Examples

The following example shows the x25 retry command being configured on subinterface 1.1 with a retry interval of 60 seconds up to a maximum of 10 attempts:

Router(config)# interface serial1.1 point-to-point

Router(config-if)# x25 retry interval 60 attempts 10

Related Commands

Command	Description
backup interface	Configures an interface as a secondary or dial backup interface.
clear x25	Restarts an X.25 or CMNS service, clears an SVC, or resets a PVC.
ip route	Establishes static routes and defines the next hop for large-scale dialout.

x25 roa

To specify a sequence of packet network carriers, use the x25 roa global configuration command. To remove the specified name, use the no form of this command.

x25 roa name number

no x25 roa name

Syntax Description

name	Recognized Operating Agency (ROA, formerly called a Recognized Private Operating Agency, or RPOA), which must be unique with respect to all other ROA names. It is used in the x25 facility and x25 map interface configuration commands.
number	A sequence of 1 or more numbers used to describe an ROA; up to 10 numbers are accepted.

Defaults

No packet network carriers are specified.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

This command specifies a list of transit ROAs to use, referenced by name.

Examples

The following example sets an ROA name and then sends the list via the X.25 user facilities:

x25 roa green_list 23 35 36

interface serial 0

 x25 facility roa green_list

 x25 map ip 172.20.170.26 10 roa green_list

Related Commands

Command	Description
x25 facility	Forces facilities on a per-call basis for calls originated by the router (switched calls are not affected).
x25 map	Sets up the LAN protocols-to-remote host mapping.

x25 route

To create an entry in the X.25 routing table (to be consulted for forwarding incoming calls and for placing outgoing packet assembler/disassembler (PAD) or protocol translation calls), use the appropriate form of the x25 route global configuration command. To remove an entry from the table, use the no form of the command.

x25 route [#position] [selection-options] [modification-options] disposition-options [xot-keepalive-options]

no x25 route [#position] [selection-options] [modification-options] disposition-options [xot-keepalive-options]

Syntax Description

#position	(Optional) A pound sign (#) followed by a number designates the position in the routing table at which to insert the new entry. If no value for the position argument is given, the entry is appended to the end of the routing table.
selection-options	(Optional) The selection options identify when the subsequent modification and disposition options apply to an X.25 call; any or all variables may be specified for a route. For selection keyword and argument options, see Table 79 in the "Usage Guidelines" section. For selection and modification pattern and character matching and replacement see Table 81, Table 82, and Table 83 in the "Usage Guidelines" section. Although each individual selection criterion is optional, at least one selection or modification option must be specified in the x25 route command.
modification-options	(Optional) The modification options modify the source or destination addresses of the selected calls. The standard regular expression substitution rules are used, where a match pattern and rewrite string direct the construction of a new string. For modification keyword and argument options, see Table 80 in the "Usage Guidelines" section. For selection and modification pattern and character matching and replacement see Table 81, Table 82, and Table 83 in the "Usage Guidelines" section. Although each individual modification is optional, at least one selection or modification option must be specified in the x25 route command.
disposition-options	Specifies the disposition of a call matching the specified selection pattern. For disposition keyword and argument options, see Table 84 in the "Usage Guidelines" section.
xot-keepalive-options	(Optional) The XOT-keepalive options specify an X.25 over TCP (XOT) keepalive period and number of XOT-keepalive retries. XOT relies on TCP to detect when the underlying connection is dead. TCP detects a dead connection when sent data goes unacknowledged for a given number of attempts over a period of time. For XOT-keepalive keyword and argument options, see Table 85 in the "Usage Guidelines" section.

Defaults

No entry is created in the X.25 routing table.

Command Modes

Global configuration

Command History

Release	Modification
11.3	The following modifications were made: •The selection option keywords source and dest-ext and the interface disposition to a Connection-Mode Network Service (CMNS) destination was added. In prior releases, CMNS routing information was implied by maps defining a network service access point (NSAP) prefix for a CMNS host's MAC address. •The clear interface disposition option was added. In prior releases, the disposition was implicit in a route to the Null 0 interface.
12.0(3)T	The interface-based calling address insertion and removal feature was introduced.
12.0(5)T	The following modifications were made: •For the DNS-Based X.25 Routing feature, the dns keyword and pattern argument (see Table 83) were added. •The enhanced x25 route command replaces the x25 map cmns command. The x25 route alias form of this command (supported in earlier releases) was replaced by the x25 alias command.

Usage Guidelines

The enhanced x25 route command replaces the x25 map cmns command. The x25 route alias form of this command (supported in earlier releases) has been replaced by the x25 alias command.

The modification options are long-standing but newly applicable to all dispositions in Cisco IOS Release 11.3 and later.

---

Note The entire command must be entered on one line.

---

Selection Options

Selection arguments specify match criteria. When a call matches all selection criteria in an X.25 route, then the specified modification and disposition are used for the call.

As many as four selection options can be used to determine the route:

•Called X.121 network interface address (destination or source host address)

•Called address extension (destination NSAP address)

•X.25 packet's call user data (CUD) field

•Input interface from which the call was received (input-interface option)

Table 79 lists the selection options for the x25 route command. At least one selection or modification option must be specified.

Table 79 x25 route Selection Options 

Selection Option	Description
cud user-data-pattern	(Optional) CUD pattern, which is specified as a regular expression of printable ASCII text. The CUD field may be present in a call packet. The first few bytes (commonly 4 bytes long) identify a protocol; the specified pattern is applied to any user data after the protocol identification.
destination-pattern	(Optional) Destination address pattern, which is a regular expression that can represent either one X.121 address (such as ^1111000$) or any address in a group of X.121 addresses (such as ^1111.*).
dest-ext nsap-destination-pattern	(Optional) NSAP destination address pattern, which is a regular expression that can represent either an NSAP destination address (such as ^11.1111.0000$) or an NSAP prefix (such as ^11.1111.*). Note A period (.) in the pattern is interpreted as a character wildcard, which will not interfere with a match to the actual period in the NSAP; if desired, an explicit character match may be used (such as ^11\.1111\..*).
hunt-group name	Routes the selected call to the X.25 hunt group. The chosen router may vary depending on the hunt group configuration.
input interface interface number	(Optional) Specifies interface number on which the call will be received.
source source-pattern	(Optional) Source address pattern, which is a regular expression that can represent either one X.121 source address (such as ^2222000$) or any address in a group of X.121 addresses (such as ^2222.*).

---

Note The X.121 and NSAP addresses are specified as regular expressions. A common error is to specify the address digits without anchoring them to the beginning and end of the address. For example, the regular expression 1111 will match an X.121 address that has four successive 1s somewhere in the address; to specify the single X.121 address, the form ^1111$ must be used.

---

Regular expressions are used to allow pattern-matching operations on the addresses and user data. A common operation is to use prefix matching on the X.121 Data Network Identification Code (DNIC) field and route accordingly. The caret (^) is a special regular expression character that anchors the match at the beginning of the pattern. For example, the pattern ^3306 will match all X.121 addresses with a DNIC of 3306.

Modification Options

Addresses typically need to be modified when traffic from a private network that uses arbitrary X.121 addresses must transit a public data network, which must use its own X.121 addresses. The easiest way to meet the requirement is to specify in the x25 route command a way to modify the private address into a network X.121 address, or to modify a network X.121 address into a private address. The addresses are modified so that no change to the private addressing scheme is required.

The modification options use the standard UNIX regular expression substitution operations to change an X.25 field. A pattern match is applied to an address field, which is rewritten as directed by a rewrite pattern.

Table 80 lists the modification options for the x25 route command. At least one selection or modification option must be specified.

Table 80 x25 route Modification Options

Modification Option	Description
substitute-dest rewrite-dest	(Optional) Called X.121 address rewrite pattern. The destination address, destination-pattern, and this rewrite-dest pattern are used to form a new destination address. If no destination-pattern is specified, a default match pattern of .* is used. See Table 81 and Table 82 for summaries of pattern and character matching, respectively. See Table 83 for a summary of pattern rewrite elements.
substitute-source rewrite-source	(Optional) Calling X.121 address rewrite pattern. The source address, source-pattern, and this rewrite-source pattern are used to form a new source address. If no source-pattern is specified, any destination-pattern match pattern is used. If neither match pattern is specified, a default match pattern of .* is used. See Table 81 and Table 82 for summaries of pattern and character matching, respectively. See Table 83 for a summary of pattern rewrite elements.

---

Note As of Cisco IOS Release 11.3, the substitute-source and substitute-dest options also apply to PAD calls.

---

A modification of the source address is directed by the rewrite string using one of three possible match patterns. If the source source-pattern selection option is defined, it is used with the source-rewrite string to construct the new source address; otherwise, a destination-pattern regular expression is used (for backward compatibility) or a wildcard regular expression (.*) is used. In the rewrite-source argument, the backslash character (\) indicates that the digit immediately following the argument selects a portion of the matched address to be inserted into the new called address.

A modification of the destination address is directed by the rewrite string using one of two possible match patterns. If the destination-pattern selection option is defined, it is used with the destination-rewrite string to construct the new destination address; otherwise, a wildcard regular expression (.*) is used. In the rewrite-dest argument, the backslash character (\) indicates that the digit immediately following the argument selects a portion of the original called address to be inserted into the new called address.

Pattern and Character Matching and Replacement for Selection and Modification Options

See Table 81, Table 82, and Table 83, respectively, for summaries of pattern matching, character matching, and pattern replacement elements. Note that up to nine pairs of parentheses can be used to identify patterns to be included in the modified string. A more complete description of the pattern-matching characters is found in the "Regular Expressions" appendix in the Cisco IOS Terminal Services Configuration Guide.

Table 81 Pattern Matching for x25 route Selection and Modification Options

Pattern	Description
*	Matches 0 or more occurrences of the preceding character.
+	Matches 1 or more occurrences of the preceding character.
?	Matches 0 or 1 occurrences of the preceding character.1

1 Precede the question mark with Ctrl-V to prevent the question mark from being interpreted as a help command.

  

Table 82 Character Matching for x25 route Selection and Modification Options

Character	Description
^	Matches the beginning of the input string.
$	Matches the end of the input string.
\char	Matches the single character char specified.
.	Matches any single character.

 

Table 83 Pattern Replacements for x25 route Selection and Modification Options

Pattern	Description
\0	The pattern is replaced by the entire original address.
\1...9	The pattern is replaced by strings that match the first through ninth parenthetical part of the X.121 address.

Disposition Option

The xot-source disposition option can improve the resilience of the TCP connection if, for instance, a loopback interface is specified. By default, a TCP connection's source IP address is that of the interface used to initiate the connection; a TCP connection will fail if either the source or destination IP address is no longer valid. Because a loopback interface never goes down, its IP address is always valid. Any TCP connections originated using a loopback interface can be maintained as long as a path exists to the destination IP address, which may also be the IP address of a loopback interface.

Using the continue keyword provides flexibility by reducing the number of X.25 route configurations necessary in the route table by breaking them into separate, simpler, and more manageable tasks. It allows the x25 route command to cumulatively hold all specified route entries and carry whatever selection or modification options you may have just specified on the command line. The route table lookup terminates when a matching route is found among the remaining entries in the route table. The continue disposition must be the last option on the x25 route command line.

Table 84 lists the disposition options for the x25 route command. You must select one of these options.

Table 84 x25 route Disposition Options 

Disposition Option	Description
clear	Terminates the call.
continue	(Optional) Combines sequential route table lookups, holding onto any "selections" and "modifications" specified on the x25 route statement.
hunt-group name	Routes the selected call to the X.25 hunt group. The chosen route may vary depending on the hunt group configuration.
interface interface number	Routes the selected call to the specified X.25 serial interface.
interface interface number dlci number	(Optional) Routes the X.25 call to the specified Annex G link. You must include the interface number and enter the data link connection identifier (DLCI) number. You only need to do this if you want the router to accept switched calls, as well as originate them.
interface cmns-interface mac mac-address	Routes the selected call out the specified broadcast interface via CMNS to the LAN destination station. The broadcast interface type can be Ethernet, Token Ring, or FDDI. The interface numbering scheme depends on the router interface hardware.
xot ip-address [ip2-address [...[ip6-address]]] [xot-source interface]	Routes the selected call to the XOT host at the specified IP address. Subsequent IP addresses are tried, in sequence, only if XOT is unable to establish a TCP connection with a prior address.
xot dns pattern	Used with DNS-based X.25 routing, this option consults the DNS to get up to six destination IP addresses using whatever lookup pattern you choose (see Table 83).

XOT-Keepalive Options

TCP maintains each connection using a keepalive mechanism that starts with a default time period and number of retry attempts. If a received XOT connection is dispatched using a route with explicit keepalive parameters, those values will be used for the TCP connection. If an XOT connection is sent using a route with explicit keepalive parameters, those values will be used for the TCP connection.

Table 85 lists and describes the xot-keepalive options for the x25 route command.

Table 85 x25 route XOT-Keepalive Options

XOT-Keepalive Option	Description
xot-keepalive-period seconds	Number of seconds between keepalives for XOT connections. The default is 60 seconds.
xot-keepalive-tries count	Number of times TCP keepalives should be sent before dropping the connection. The default value is 4 times.

X.25 Routing Action When a Match Is Found

If a matching route is found, the incoming call is forwarded to the next hop depending on the routing entry. If no match is found, the call is cleared. If the route specifies a serial interface running X.25 or a broadcast interface running CMNS, the router attempts to forward the call to that host. If the interface is not operational, the subsequent routes are checked for forwarding to an operational interface. If the interface is operational but out of available virtual circuits, the call is cleared. Otherwise, the expected Clear Request or Call Accepted packet is forwarded back toward the originator. A call cannot be forwarded out the interface on which it arrived.

If the matching route specifies an XOT disposition, a TCP connection is established to port 1998 at the specified IP address, which must be an XOT host. The Call Request packet is forwarded to the remote host, which applies its own criteria to handle the call. If, upon receiving an XOT call on the remote host, a routing table entry is not present, or the destination is unavailable, a Clear Request is sent back and the TCP connection is closed. Otherwise, the call is handled and the expected Clear Request or Call Accepted packet is returned. Incoming calls received via XOT connections that match a routing entry specifying an XOT destination are cleared. This restriction prevents Cisco routers from establishing an XOT connection to another router that would establish yet another XOT connection.

X.25 Routing Action When No Match Is Found

If no match is found, the action taken is specific to the application. X.25 switching will clear the call if there is no match in the routing table. X.25 PAD and PAD-related applications, such as protocol translation using X.25, will route the call to the default X.25 interface, which is the first X.25 interface configured.

Examples

The following example uses regular expression pattern matching characters to match just the initial portion of the complete X.25 address. Any call with a destination address beginning with 3107 that is received on an interface other than serial 0 is forwarded to serial 0.

x25 route ^3107 interface serial 0

The following Annex G example routes the X.25 call to the specified Annex G DLCI link. You must include both interface number and DLCI number. It is this combination of both these numbers that indicates the logical X.25 interface over Frame Relay.

x25 route ^2222 interface serial 1 dlci 20

The following example prevents X.25 routing for calls that do not specify a source address:

x25 route source ^$ clear

The following example configures alternate XOT hosts for the routing entry. If the first address listed is not available, subsequent addresses are tried until a connection is made. If no connection can be formed, the call is cleared.

x25 route ^3106$ xot 172.20.2.5 172.20.7.10 172.10.7.9

The following example clears calls that contain a 3 in the source address. The disposition keyword clear is new.

x25 route source 3 clear

The following example clears calls that contain 33 in the source address:

x25 route source 33 clear

The following example clears a call to the destination address 9999:

x25 route ^9999$ clear

The following example specifies a route for specific source and destination addresses. (The ability to combine source and destination patterns is a new feature.)

x25 route ^9999$ source ^333$ interface serial 0

The following example routes the call to the XOT host at the specified IP address. The disposition keyword xot is new. In prior releases the keyword ip was used.

x25 route ^3333$ xot 172.21.53.61

The following DNS-based X.25 routing example shows an X.25 request to the DNS. The \0 pattern indicates that the entire incoming X.121 address is being used as the index into the DNS, which will return the required IP address.

x25 route ^.* xot dns \0 

The following example routes calls containing the destination extension address preamble 11.1234:

x25 route dest-ext ^11.1234.* interface serial 0

The following example rewrites the destination address as 9999. There must be a minimum of four 8s in the address. (8888888 will change to 9999.)

x25 route 8888 substitute-dest 9999 interface serial 0

The following example substitutes only part of the destination address. "^88" specifies the original destination string must begin with 88. "(.*)" indicates the string can end with any number, 0-9, and can be more than one digit. "99\1" changes the destination address to 99 plus whatever matches ".*" in the original destination address. For example, 8881 will change to 9981.

x25 route ^88(.*) substitute-dest 99\1 interface serial 0

The following example substitutes only part of the destination address and also removes a specified number of digits from the address. "^88" specifies the original destination string must begin with 88. "(..)" matches any two digits. "(.*)" specifies the string can end with any number, 0-9, and can occur zero or more times. Thus any address that starts with 88 and has four or more digits will be rewritten to start with 99 and omit the third and fourth digits. For example, 881234 will change to 9934.

x25 route ^88(..)(.*) substitute-dest 99\2 interface serial 0

The following example looks for a specified destination address and changes the source address. "9999" is the destination address. The original source address changes to "2222" because the call is made to the destination 9999.

x25 route ^9999$ substitute-source 2222 interface serial 0

The following example shows insertions and removals in the X.121 address as calls from the X.25 network get routed to X.25 devices. For a call coming from interface serial 0 with a called address starting with 2, the 2 is stripped off the called address and the call forwarded to serial interface 2. For a call coming from interface serial 2 with any calling address, a 2 will be inserted to its calling address and the call forwarded to serial interface 0.

x25 route ^02(.*) input-interface serial0 substitute-dest \1 interface serial2

x25 route input-interface serial2 source .* substitute-source 2\0 interface serial0

The following example shows how to insert the X.121 address to forward calls among local X.25 devices. For a call on interface 1 with a called address of 0255 and any calling address, the call is forwarded to serial interface 2 with a called address of 55 and a calling address inserted with 01. The continue keyword continues address substitution without address forwarding.

x25 route input-interface serial1 source .* substitute-source 01\0 continue

x25 route input-interface serial2 source .* substitute-source 02\0 continue

x25 route ^01(.*) substitute-dest \1 interface serial1

x25 route ^02(.*) substitute-dest \1 interface serial2

The following example rewrites the source address based on the source address. "9999" matches any destination address with four consecutive 9s. "^...(.*)" matches any source address with at least three digits; the command removes the first three digits and rewrites any digits after the first three as the new source address. For example, a call to 9999 from the source address 77721 will be forwarded using the calling address 21 and the called address 9999.

x25 route 9999 source ^...(.*) substitute-source \1 interface serial 0

The following example adds a digit to the source and destination addresses patterns. "09990" is the destination address pattern. The source can be any address. "9\0" specifies to add a leading 9 to the destination address pattern. "3\0" specifies to add a leading 3 to the source address pattern. For example, a call using source 03330 and destination 09990 will change to 303330 and 909990, respectively.

x25 route 09990 source .* substitute-dest 9\0 substitute-source 3\0 interface serial 0

Related Commands

Command	Description
show x25 route	Displays the X.25 routing table.

x25 routing

To enable X.25 switching or tunneling, use the x25 routing global configuration command. To disable the forwarding of X.25 calls, use the no form of this command.

x25 routing [acknowledge local | acknowledge end-to-end] [tcp-use-if-defs]

no x25 routing [acknowledge local | acknowledge end-to-end] [tcp-use-if-defs]

Syntax Description

acknowledge local	(Optional) Sets local acknowledgment on the router.
acknowledge end-to-end	(Optional) Sets end-to-end acknowledgment. (Default acknowledge setting.)
tcp-use-if-defs	(Optional) Accepts calls received over TCP.

Defaults

This command has no default values.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.
12.0(7)T	The following keywords were added: •acknowledge end-to-end •acknowledge local

Usage Guidelines

The x25 routing command enables X.25 switching between the X.25 services (X.25, Connection-Mode Network Service [CMNS] and X.25 over TCP [XOT], and Annex G). X.25 calls will not be forwarded until this command is issued.

The acknowledge local and acknowledge end-to-end keywords are optional, with acknowledge end-to-end being the default. To confirm what type of acknowledgment has been set, use the show protocol command.

The tcp-use-if-defs keyword may be needed for receiving XOT calls from routers using older software versions. Normally, calls received over a TCP connection (remote routing reception) will have the flow control parameters (window sizes and maximum packet sizes) indicated, because proper operation of routed X.25 requires that these values match at both ends of the connection.

Some previous versions of Cisco IOS software, however, do not ensure that these values are present in all calls. In this case, the Cisco IOS software normally forces universally acceptable flow control values (window sizes of 2 and maximum packet sizes of 128) on the connection. Because some equipment disallows modification of the flow control values in the call confirm, the tcp-use-if-defs keyword causes the router to use the default flow control values of the outgoing interface and indicate the resulting values in the call confirm. This modified behavior may allow easier migration to newer versions of the Cisco IOS software.

Examples

The following example enables X.25 routing:

x25 routing

The following example enables X.25 routing with local acknowledgment:

x25 routing acknowledge local

x25 security clamn

To reenable the Called Line Address Modified Notification (CLAMN) security signaling facility when it has been disabled, use the x25 security clamn command in interface configuration mode. To disable the (CLAMN) security signaling facility in X.25 Call Confirm packets, use the no form of this command.

x25 security clamn

no x25 security clamn

Syntax Description

This command has no arguments or keywords.

Defaults

The X.25 CLAMN security signaling facility is enabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(13)T	This command was introduced.

Usage Guidelines

The X.25-class services use the CLAMN security signaling facility in X.25 Call Confirm packets to notify the originator of the Call that a security event occurred during X.25 Call setup. The encoding of this facility specifies the reason for the signal, and the X.25 Recommendation also permits the Call Confirm packet to encode a different destination address when it encodes this facility. There are a number of reasons that can be encoded by the CLAMN facility. The Cisco X.25 hunt group implementation will cause the router to signal the hunt group event back to the X.25 Call originator using the CLAMN facility.

---

Caution X.25 security signaling facilities are used to explicitly notify the connecting stations of events that might raise security issues if they were not signaled. Suppression of these facilities should be configured only when the attached equipment and network configurations are sufficiently secure that the signaled information is unnecessary.

---

If no X.25 security issues apply, a network administrator may configure an X.25-class service to suppress the signaling of the CLAMN facility in Call Confirm packets using the no x25 security clamn command on an interface or x25 profile. This configuration may be necessary if the attached device or eventual recipient of the Call Confirm will not participate in a connection when the CLAMN security facility is encoded.

The X.25 Recommendations specify that the CLAMN facility must be present in the X.25 Call Confirm packet if that packet encodes a destination address that is not the null address and that differs from the address encoded in the Call packet. Therefore, when the no x25 security clamn command is used to suppress the encoding of the CLAMN facility, it will also suppress the encoding of the destination address; that is, if the address block is encoded in the Call Confirm packet, the destination address will be encoded as the null address (zero digits).

This command can be configured with the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) 1980 X.25 recommendation mode with no error, although the 1980 mode does not define the CLAMN facility.

Examples

The following example shows how to suppress the CLAMN security signaling facility:

interface serial 0

  no ip address

  encapsulation x25

  no x25 security clamn

Related Commands

Command	Description
no x25 security crcdn	Disables the CRCDN security signaling facility in X.25 Call packets transmitted.

x25 security crcdn

To reenable the Call Redirection/Call Deflection Notification (CRCDN) security signaling facility when it has been disabled, use the x25 security crcdn command in interface configuration mode.To disable the CRCDN security signaling facility in X.25 Call packets, use the no form of this command.

x25 security crcdn

no x25 security crcdn

Syntax Description

This command has no arguments or keywords.

Defaults

The CRCDN security signaling facility is enabled.

Command Modes

Interface configuration

Command History

Release	Modification
12.2(13)T	This command was introduced.

Usage Guidelines

The X.25-class services use the CRCDN security signaling facility in X.25 call packets to notify the destination of the Call that a security event occurred during call processing. The encoding of this facility specifies the reason for the signal and the destination address that originally occurred in the call. There are a number of reasons that can be encoded by the CRCDN facility. The Cisco X.25 hunt group implementation will cause the router to signal the hunt group event to the X.25 call destination using the CRCDN facility.

---

Caution X.25 security signaling facilities are used to explicitly notify the connecting stations of events that might raise security issues if they were not signaled. Suppression of these facilities should be configured only when the attached equipment and network configurations are sufficiently secure that the signaled information is unnecessary.

---

If no X.25 security issues apply, a network administrator may configure an X.25-class service to suppress the signaling of the CRCN facility in call packets using the no x25 security crcdn command on an interface or X.25 profile. This configuration may be necessary if the attached device or eventual recipient of the X.25 call will not participate in a connection when the CRCDN security facility is encoded.

This command can be configured with the International Telecommunication Union Telecommunication Standardization Sector (ITU-T) 1980 X.25 recommendation mode with no error, although the 1980 mode will always suppress the CRCDN facility.

Examples

The following example shows how to suppress the CRCDN security signaling facility:

interface serial 0

  no ip address

  encapsulation x25

  no x25 security crcdn

Related Commands

Command	Description
no x25 subscribe cug-service	Disables the CLAMN security signaling facility in X.25 Call Confirm packets and suppresses any destination address.

x25 subscribe cug-service

To enable and control standard closed user group (CUG) service, use the x25 subscribe cug-service command in the appropriate interface, line, or X.25 profile configuration mode. To disable standard CUG service, use the no form of this command.

x25 subscribe cug-service [incoming-access] [outgoing-access] [suppress preferential | suppress all]

no x25 subscribe cug-service [incoming-access | outgoing-access] [suppress preferential | suppress all]

Syntax Description

incoming-access	(Optional) Allows incoming access from the open network to the data terminal equipment (DTE) device.
outgoing-access	(Optional) Allows outgoing access from the data terminal equipment (DTE) device to the open network.
suppress preferential	(Optional) Suppresses CUG selection facility for the preferred CUG. This option is not available when configuring terminal lines.
suppress all	(Optional) Suppresses CUG selection facility for all CUGs. This option is not available when configuring terminal lines.

Defaults

No incoming access and no outgoing access. (This is the most restrictive setting.)
CUG selection facilities are not suppressed.

Command Modes

Interface configuration
Line configuration
X.25 profile configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.
12.1(5)T	The suppress preferential and suppress all keywords were added to enable CUG selection facility suppression.
12.2(13)T	This command was modified to configure support for X.25 CUG service on terminal lines.

Usage Guidelines

When entering this command, specify the incoming-access or the outgoing-access keyword or both, unless you intend to have neither incoming nor outgoing access on the interface.

This command assumes that an X.25 network connection is being implemented and observes rules defined by X.25 and X.301 for CUG access. This command is enabled on a per-interface or per-line basis. Use this command to modify existing specified options without otherwise affecting the CUGs already defined.

The x25 subscribe cug-service command can be used to configure CUG security on synchronous X.25 data communications equipment (DCE) interfaces or terminal lines. A CUG service can be applied to console lines, auxiliary lines, standard asynchronous lines, and virtual terminal lines. A line configured for CUG service will apply CUG security to packet assembler/disassembler (PAD), X.28 mode, and protocol translation sessions. CUG protection is applied to incoming calls destined for the terminal line and call requests specified from the line.

The CUG selection facility suppression options are not available for terminal lines because incoming PAD calls are terminated by the line.

Use the x25 subscribe cug-service command with the suppress preferential or suppress all keywords to configure CUG selection facility suppression. The CUG selection facility suppression options are available on synchronous X.25 DCE interfaces only; they are not available on terminal lines because incoming PAD calls are terminated by the line.

The following restrictions apply to the x25 subscribe cug-service command:

•Disabling this command deconfigures all the CUGs defined for the device and disables all CUG-related commands, but it does not terminate the associated CUG switched virtual circuit (SVC) connections.

•The DTE cannot call the open part of the network unless the outgoing-access option is configured. Even if outgoing-access is permitted, the DCE will enforce any additional CUG requirements when handling an outgoing call (call request) from the DTE.

•The DTE will not receive calls from the open part of the network unless the incoming-access option is configured. Even if incoming-access is permitted, the DCE will enforce any additional CUG requirements before presenting an incoming call to the DTE.

Examples

CUG Service on a Terminal Line Example

The following example shows the configuration of CUG behavior on asynchronous line 1 and virtual terminal lines 0 to 9. The users of virtual terminal lines 0 to 9 have access only within the corporate CUGs designated for engineering (CUG 1102 or 1103); any call from a network X.25-class service destined for the line will be refused unless the inbound point of presence (POP) has validated it as a member of one of those two CUGs.

line vty 0 9

 Location Company A. Engineering Access

 x25 subscribe cug-service

 x25 subscribe local-cug 2 network-cug 1102 preferential

 x25 subscribe local-cug 3 network-cug 1103

CUG Service with CUG Selection Facility Suppression and Incoming Access Example

In the following example, CUG selection facility suppression and incoming access are configured for all CUGs, including the preferred CUG on the X.25 profile:

x25 profile CUG-SUPRS-ALL dce 

 x25 subscribe cug-service incoming-access suppress all 

 x25 subscribe local-cug 0 network-cug 10 preferential 

 x25 subscribe local-cug 20 network-cug 202 

 x25 subscribe local-cug 40 network-cug 40 

CUG Service with Incoming and Outgoing Access Example

The following example shows subscribing to both incoming and outgoing CUG service on the interface:

interface serial0

 encapsulation x25 dce

 x25 subscribe cug-service incoming-access outgoing-access

Related Commands

Command	Description
show x25 cug	Displays information about all CUGs or specific CUGs.
x25 facility	Forces facilities on a per-call basis for calls originated by the router.
x25 map	Sets the maximum number of virtual circuits that a protocol can have open simultaneously to one host.
x25 subscribe local-cug	Configures subscription to a specific CUG.

x25 subscribe flow-control

To control flow control parameter negotiation facilities in call setup packets, use the x25 subscribe flow-control command in interface or X.25 profile configuration mode. To have flow control parameter negotiation facilities included in call setup (outgoing) packets only when their values differ from the default values, use the no form of this command.

x25 subscribe flow-control {always | never}

no x25 subscribe flow-control

Syntax Description

always	Flow control parameter negotiation facilities are enabled and the flow control parameters are always included with call setup packets and are optional on inbound packets.
never	Flow control parameter negotiation facilities are disabled and the flow control parameters are never included with call setup packets, and are not permitted on inbound packets. Negotiation of flow control parameters is disabled.

Defaults

Flow control parameter negotiation facilities are included only when the parameter values differ from the default values.

Command Modes

Interface configuration
X.25 profile configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.

Usage Guidelines

This command has three states—default behavior (no x25 subscribe flow-control), facilities always included, or facilities never included (flow control parameter negotiation is not enabled).

This command controls inclusion of the X.25 flow control parameter negotiation facilities in call setup packets. By default, these facilities are included in call setup packets only when their values differ from the default values.

Configuring the no x25 subscribe flow-control command restores the default behavior. This only includes facilities outbound call setup packets when the requested values do not match the interface defaults.

This command can also be used in X.25 profile configuration mode.

Examples

The following example shows flow control parameter negotiation disabled on serial interface 1/4:

Router(config)# interface serial 1/4

Router(config-if)# x25 subscribe flow-control never

Related Commands

Command	Description
x25 profile	Configures an X.25 profile without allocating any hardware-specific information.
x25 routing	Enables X.25 switching or tunneling.
x25 subscribe packetsize	Sets permitted and target ranges for packet size during flow control negotiation.
x25 subscribe windowsize	Sets permitted and target ranges for window size during flow control negotiation.

x25 subscribe local-cug

To configure subscription to a specific closed user group (CUG), use the x25 subscribe local-cug command in interface configuration or line configuration mode. To remove the CUG subscription, use the no form of this command.

x25 subscribe local-cug number network-cug number [no-incoming | no-outgoing | preferential]

no x25 subscribe local-cug number network-cug number [no-incoming | no-outgoing | preferential]

Syntax Description

number	Specific local CUG number (0 to 9999).
network-cug	Network translated CUG identifier.
number	Specific network CUG number (0 to 9999).
no-incoming	(Optional) Bars calls to data terminal equipment (DTE) within the specified CUG, unless x25 subscribe cug-service incoming-access is configured.
no-outgoing	(Optional) Bars calls from DTE within the specified CUG, unless x25 subscribe cug-service outgoing-access is configured.
preferential	(Optional) Specified on only one CUG, which is the assumed CUG when none is provided in call setup. (A single CUG listed at the interface is automatically considered a preferred CUG.)

Defaults

Incoming and outgoing access.
Preferential (if this is the only CUG specified).

Command Modes

Interface configuration
Line configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.
12.2(13)T	This command was modified to configure X.25 CUG subscription on terminal lines.

Usage Guidelines

The first x25 subscribe local-cug command in a group of configurations will automatically enable CUG service behavior on the interface or line, if it is not already enabled, with the default setting of no public access.

The x25 subscribe cug-service command can be used to configure CUG subscription on X.25 synchronous data communications equipment (DCE) interfaces, console lines, auxiliary lines, standard asynchronous lines, and virtual terminal lines. A line configured for CUG service will apply CUG security to packet assembler/disassembler (PAD), X.28 mode, and protocol translation sessions. CUG protection is applied to incoming calls destined for the terminal line and call requests specified from the line.

A CUG number has only local significance. Because CUG service is a cooperative process among the network attachments (DCE devices), the local CUG number may have to be translated into a number that is significant to the network as a whole. For instance, two DTE devices may use CUG numbers 1 and 5 to refer to the global CUG number 1043 of the network. In this instance, both DCE devices would be configured to translate between the local CUG number of their DTE and the network CUG number. Duplicate network CUG identifiers are permitted for different local CUG identifiers.

A DTE subscription to a CUG that also includes the no-incoming option prevents incoming calls on that CUG (however, the DTE may still receive calls within other CUGs to which it is subscribed, or from the open network if incoming public access is subscribed).

CUG subscription of a DTE will not permit an outgoing call (call request) from the CUG if the no-outgoing option is configured.

The CUG will be assumed to be set to preferential (preferred) if there is only one CUG subscribed on that interface.

Examples

X.25 CUG Subscription on an Interface Example

The following example subscribes local CUGs 5000, 100, 200, and 300 to networks 55, 11, 22, and 33, respectively, with local CUG 5000 being set as the preferred CUG:

Router(config)# interface serial0

Router(config-if)# encapsulation x25 dce

Router(config-if)# x25 subscribe cug-service incoming-access outgoing-access

Router(config-if)# x25 subscribe local-cug 5000 network-cug 55 preferential

Router(config-if)# x25 subscribe local-cug 100 network-cug 11

Router(config-if)# x25 subscribe local-cug 200 network-cug 22

Router(config-if)# x25 subscribe local-cug 300 network-cug 33

X.25 CUG Subscription on a Terminal Line Example

The following example shows the configuration of CUG behavior on asynchronous line 1 and virtual terminal lines 0 to 9. The users of virtual terminal lines 0 to 9 have access only within the corporate CUGs designated for engineering (CUG 1102 or 1103); any call from a network X.25-class service destined for the line will be refused unless the inbound POP has validated it as a member of one of those two CUGs.

Router(config)# line vty 0 9

Router(config-line)# Location Company A. Engineering Access

Router(config-line)# x25 subscribe cug-service

Router(config-line)# x25 subscribe local-cug 2 network-cug 1102 preferential

Router(config-line)# x25 subscribe local-cug 3 network-cug 1103

Related Commands

Command	Description
show x25 cug	Displays information about all or specific (defined by the local or network CUG number) CUGs.
x25 facility	Forces facilities on a per-call basis for calls originated by the router (switched calls are not affected).
x25 map	Sets the maximum number of virtual circuits a protocol can have open simultaneously to one host.
x25 subscribe cug-service	Enables and controls standard CUG behavior on an X.25 DCE interface.

x25 subscribe packetsize

To set permitted and target ranges for packet size during flow control negotiation, use the x25 subscribe packetsize interface configuration command. To revert to the default packet size ranges, use the no form of this command.

x25 subscribe packetsize {[permit wmin wmax] [target wmin wmax]}

no x25 subscribe packetsize {[permit wmin wmax] [target wmin wmax]}

Syntax Description

permit	Permitted packet-size range identifier.
pmin	Minimum setting for packet size range (16 to 4096 by a power of two).
pmax	Maximum setting for packet size range (16 to 4096 by a power of two).
target	Target packet-size range identifier.

Defaults

None

Command Modes

Interface configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.

Usage Guidelines

The x25 subscribe packetsize command lets you specify the range of permitted and target values for packet size. These are called flow control parameter negotiation facilities. You can specify the permitted minimum and maximum packet sizes and target values for packet transmission (16 to 4096 as a power of two). Setting these values outside the permitted range will result in connection failure. The router attempts to negotiate values within the target range, but will only allow values outside the target range to be negotiated as long as the negotiation complies with the procedure defined in X.25 recommendations.

This command should be configured separately on both the data terminal equipment (DTE) and data circuit-terminating equipment (DCE), so that the permit range will be compatible and calls will be able to pass through the network. The target range is less critical. It only needs to be set on the Cisco router conducting the switching.

The effective ranges will be further constrained by other configuration options including the selection of normal (modulo 8) or extended (modulo 128) sequence numbers, the maximum packet size supported by the interface, and the x25 subscribe flow-control command.

Examples

The following example shows X.25 local acknowledgment being configured on serial interface 1/4, with packet size ranges being set at a permitted rate of 64 (minimum) and 1024 (maximum) and target rate of 128 (minimum) and 1024 (maximum):

Router(config)# x25 routing acknowledge local

Router(config)# interface serial 1/4

Router(config-if)# encapsulation x25 dte

Router(config-if)# x25 subscribe packetsize permit 64 1024 target 128 1024

Related Commands

Command	Description
x25 routing	Enables X.25 switching or tunneling.
x25 subscribe windowsize	Sets permitted and target ranges for window size during flow control negotiation.
x25 subscribe flow-control	Controls flow control parameter negotiation facilities in call setup packets.

x25 subscribe windowsize

To set permitted and target ranges for window size during flow control negotiation, use the x25 subscribe windowsize interface configuration command. To revert to the default window size ranges, use the no form of this command.

x25 subscribe windowsize {[permit wmin wmax] [target wmin wmax]}

no x25 subscribe windowsize {[permit wmin wmax] [target wmin wmax]}

Syntax Description

permit	Permitted window size range identifier.
wmin	Minimum setting for window size range (1 to 127).
wmax	Maximum setting for window size range (1 to 127).
target	Target window-size range identifier.

Defaults

This command has no default values.

Command Modes

Interface configuration

Command History

Release	Modification
12.0(7)T	This command was introduced.

Usage Guidelines

The x25 subscribe windowsize command lets you specify the range of permitted and target values for window size. These are called flow control values. You can specify the permitted minimum and maximum window size permitted and target values for packet transmission (1 to 127) at one time. Setting these values outside the permitted range may result in connection failure. The router attempts to negotiate values within the target range, but will only allow values outside the target range to be negotiated as long as the negotiation complies with the procedure defined in X.25 recommendations.

The effective ranges will be further constrained by other configuration options including the selection of normal (modulo 8) or extended (modulo 128) sequence numbers, the maximum window size supported by the interface, and the x25 subscribe flow-control command.

Examples

The following example shows X.25 local acknowledgment being configured on serial interface 1/4, with window size ranges being set at a permitted rate of 1 (minimum) and 7 (maximum) and target rate of 2 (minimum) and 4 (maximum):

Router(config)# x25 routing acknowledge local

Router(config)# interface serial 1/4

Router(config-if)# encapsulation x25 dte

Router(config-if)# x25 subscribe windowsize permit 1 7 target 2 4

Related Commands

Command	Description
x25 routing	Enables X.25 switching or tunneling.
x25 subscribe flow-control	Controls flow control parameter negotiation facilities in call setup packets.
x25 subscribe packetsize	Sets permitted and target ranges for packet size during flow control negotiation.

x25 suppress-called-address

To omit the destination address in outgoing calls, use the x25 suppress-called-address interface configuration command. To reset this command to the default state, use the no form of this command.

x25 suppress-called-address

no x25 suppress-called-address

Syntax Description

This command has no arguments or keywords.

Defaults

The called address is sent.

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.
11.3	This command was modified to include packet assembler/disassembler (PAD) calls.

Usage Guidelines

This command omits the called (destination) X.121 address in Call Request packets and is required for networks that expect only subaddresses in the Called Address field.

Examples

The following example suppresses or omits the called address in Call Request packets:

interface serial 0

 x25 suppress-called-address

x25 suppress-calling-address

To omit the source address in outgoing calls, use the x25 suppress-calling-address interface configuration command. To reset this command to the default state, use the no form of this command.

x25 suppress-calling-address

no x25 suppress-calling-address

Syntax Description

This command has no arguments or keywords.

Defaults

The calling address is sent.

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.
11.3	This command was modified to include packet assembler/disassembler (PAD) calls.

Usage Guidelines

This command omits the calling (source) X.121 address in Call Request packets and is required for networks that expect only subaddresses in the Calling Address field.

Examples

The following example suppresses or omits the calling address in Call Request packets:

interface serial 0

 x25 suppress-calling-address

x25 t10

To set the value of the Restart Indication retransmission timer (T10) on data communications equipment (DCE) devices, use the x25 t10 interface configuration command.

x25 t10 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

60 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T10 timer to 30 seconds:

interface serial 0

 x25 t10 30

x25 t11

To set the value of the Incoming Call timer (T11) on data communications equipment (DCE) devices, use the x25 t11 interface configuration command.

x25 t11 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T11 timer to 90 seconds:

interface serial 0

 x25 t11 90

x25 t12

To set the value of the Reset Indication retransmission timer (T12) on data communications equipment (DCE) devices, use the x25 t12 interface configuration command.

x25 t12 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

60 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T12 timer to 30 seconds:

interface serial 0

 x25 t12 30

x25 t13

To set the value of the Clear Indication retransmission timer (T13) on data communications equipment (DCE) devices, use the x25 t13 interface configuration command.

x25 t13 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

60 seconds

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T13 timer to 30 seconds:

interface serial 0

 x25 t13 30

x25 t20

To set the value of the Restart Request retransmission timer (T20) on data terminal equipment (DTE) devices, use the x25 t20 interface configuration command.

x25 t20 seconds

Syntax Description

seconds

Time in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T20 timer to 90 seconds:

interface serial 0

 x25 t20 90

x25 t21

To set the value of the Call Request timer (T21) on data terminal equipment (DTE) devices, use the x25 t21 interface configuration command.

x25 t21 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

200 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T21 timer to 100 seconds:

interface serial 0

 x25 t21 100

x25 t22

To set the value of the Reset Request retransmission timer (T22) on data terminal equipment (DTE) devices, use the x25 t22 interface configuration command.

x25 t22 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T22 timer to 90 seconds:

interface serial 0

 x25 t22 90

x25 t23

To set the value of the Clear Request retransmission timer (T23) on data terminal equipment (DTE) devices, use the x25 t23 interface configuration command.

x25 t23 seconds

Syntax Description

seconds

Time, in seconds.

Defaults

180 seconds

Command Modes

Interface configuration

Command History

Release	Modification
10.0	This command was introduced.

Examples

The following example sets the T23 timer to 90 seconds:

interface serial 0

 x25 t23 90

x25 threshold

To set the data packet acknowledgment threshold, use the x25 threshold interface configuration command.

x25 threshold delay-count

Syntax Description

delay-count

Value between zero and the input window size. A value of 1 sends one Receiver Ready acknowledgment per packet.

Defaults

0 (which disables the acknowledgment threshold)

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
11.2	This command was introduced.

Usage Guidelines

This command instructs the router to send acknowledgment packets when it is not busy sending other packets, even if the number of input packets has not reached the input window size count.

The router sends an acknowledgment packet when the number of input packets reaches the count you specify, providing there are no other packets to send. For example, if you specify a count of 1, the router will send an acknowledgment per input packet if it is unable to "piggyback" the acknowledgment of an outgoing data packet. This command improves line responsiveness at the expense of bandwidth.

This command only applies to encapsulated traffic over X.25 (datagram transport), not to routed traffic.

Examples

The following example sends an explicit Receiver Ready acknowledgment when it has received 5 data packets that it has not acknowledged:

interface serial 1

 x25 threshold 5

Related Commands

Command	Description
x25 win	Changes the default incoming window size to match that of the network.
x25 wout	Changes the default outgoing window size to match that of the network.

x25 use-source-address

To override the X.121 addresses of outgoing calls forwarded over a specific interface, use the x25 use-source-address interface configuration command. To prevent updating the source addresses of outgoing calls, use the no form of this command.

x25 use-source-address

no x25 use-source-address

Syntax Description

This command has no arguments or keywords.

Defaults

Disabled

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

Some X.25 calls, when forwarded by the X.25 switching support, need the calling (source) X.121 address updated to that of the outgoing interface. This update is necessary when you are forwarding calls from private data networks to public data networks (PDNs).

Examples

The following example shows how to prevent updating the source addresses of outgoing X.25 calls on serial interface 0 once calls have been forwarded:

interface serial 0

 no x25 use-source-address

x25 win

To change the default incoming window size to match that of the network, use the x25 win interface configuration command.

x25 win packets

Syntax Description

packets

Packet count that can range from 1 to one less than the window modulus.

Defaults

2 packets

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

This command determines the default number of packets a virtual circuit can receive before sending an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the largest number that the network allows.

---

Note Set x25 win and x25 wout to the same value unless your network supports asymmetric input and output window sizes.

---

Examples

The following example specifies that 5 packets may be received before an X.25 acknowledgment is sent:

interface serial 1

 x25 win 5

Related Commands

Command	Description
x25 modulo	Sets the window modulus.
x25 threshold	Sets the data packet acknowledgment threshold.
x25 wout	Changes the default outgoing window size to match that of the network.

x25 wout

To change the default outgoing window size to match that of the network, use the x25 wout interface configuration command.

x25 wout packets

Syntax Description

packets

Packet count that can range from 1 to one less than the window modulus.

Defaults

2 packets

Command Modes

Interface configuration

X.25 profile configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

This command determines the default number of packets a virtual circuit can send before waiting for an X.25 acknowledgment. To maintain high bandwidth utilization, assign this limit the largest number that the network allows.

---

Note Set x25 win and x25 wout to the same value unless your network supports asymmetric input and output window sizes.

---

Examples

The following example specifies a default limit of 5 for the number of outstanding unacknowledged packets for virtual circuits:

interface serial 1

 x25 wout 5

Related Commands

Command	Description
x25 modulo	Sets the window modulus.
x25 threshold	Sets the data packet acknowledgment threshold.
x25 win	Changes the default incoming window size to match that of the network.

x29 access-list

To limit access to the access server from certain X.25 hosts, use the x29 access-list global configuration command. To delete an entire access list, use the no form of this command.

x29 access-list access-list-number {deny | permit} x121-address

no x29 access-list access-list-number

Syntax Description

access-list-number	Number of the access list. It can be a value between 1 and 199.
deny	Denies access and clears call requests immediately.
permit	Permits access to the protocol translator.
x121-address	If applied as an inbound access class, specifies the X.121 address that can or cannot have access (with or without regular expression pattern-matching characters). The X.121 address is the source address of the incoming packet. If applied as an outbound access class, then the address specifies a destination to where connections are allowed.

Defaults

No access lists are defined.

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

The service pad global configuration command must be configured before the x29 access-list command can be used.

An access list can contain any number of access list items. The list items are processed in the order in which you entered them, with the first match causing the permit or deny condition. If an X.121 address does not match any of the regular expressions in the access list, access is denied.

Access lists take advantage of the message field defined by Recommendation X.29, which describes procedures for exchanging data between two PADs, or between a PAD and a DTE device.

The UNIX-style regular expression characters allow for pattern matching of characters and character strings in the address. Various pattern-matching constructions are available that allow many addresses to be matched by a single regular expressions. For more information, refer to the "Regular Expressions" appendix in the Cisco IOS Terminal Services Configuration Guide.

The access lists must be applied to a vty with the access-class command.

Examples

The following example permits connections to hosts with addresses beginning with the string 31370:

x29 access-list 2 permit ^31370

Related Commands

Command	Description
access-class	Restricts incoming and outgoing connections between a particular vty (into a Cisco device) and the addresses in an access list.
service pad	Enables all PAD commands and connections between PAD devices and access servers.

x29 profile

To create a packet assembler/disassembler (PAD) profile script for use by the translate command, use the x29 profile global configuration command.

x29 profile {default | name} parameter:value [parameter:value]

Syntax Description

default	Specifies default profile script.
name	Name of the PAD profile script.
parameter:value	X.3 PAD parameter number and value separated by a colon. You can specify multiple parameter-value pairs on the same line.

Defaults

The default PAD profile script is used. The default for inbound connections is:

2:0 4:1 15:0 7:21

Command Modes

Global configuration

Command History

Release	Modification
10.0	This command was introduced.

Usage Guidelines

The service pad global configuration command must be configured before the x29 profile command can be used.

When an X.25 connection is established, the access server acts as if an X.29 Set Parameter packet had been sent containing the parameters and values set by the x29 profile command and sets the access server accordingly.

For incoming PAD connections, the Protocol Translator uses a default PAD profile to set the remote X.3 PAD parameters unless a profile script is defined with the translate command.

---

Note If you set the X.29 profile to "default," the profile is applied to all incoming X.25 PAD calls, including the calls used for protocol translation.

---

Examples

The following profile script turns local edit mode on when the connection is made and establishes local echo and line termination upon receipt of a Return packet. The name linemode is used with the translate command to effect use of this script.

x29 profile linemode 2:1 3:2 15:1

To override the default PAD profile, create a PAD profile script named "default" by using the following command:

x29 profile default 2:1 4:1 15:0 4:0

Related Commands

Command	Description
service pad	Enables all PAD commands and connections between PAD devices and access servers.
translate x25	Translates an X.25 connection request automatically to another outgoing protocol connection type.

xot access-group

To control access to X.25 over TCP (XOT) and allow IP addresses permitted by the access list to have unique X.25 configuration, use the xot access-group command in global configuration mode. To delete an XOT access group, use the no form of this command.

xot access-group access-list-number [profile profile-name]

no xot access-group access-list-number

Syntax Description

access-list-number	Number of a standard IP access list. The range is from 1 to 99.
profile profile-name	(Optional) X.25 profile to be associated with the access group.

Defaults

No XOT access group is defined, and default X.25 parameter settings apply to XOT connections.

Command Modes

Global configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.

Usage Guidelines

The xot access-group command allows you to create XOT access groups by associating an IP access list with XOT. The access list provides a pass or fail indicator of whether a particular IP address is authorized.

Only standard IP access lists are supported.

XOT access groups are sorted by access-group number. When a new XOT connection is made, the IP address is tested against the access list of the first access group. If the IP address does not match the first list, the second list is tested, and so on.

The xot access-group command disables the legacy XOT functionality and enables the new XOT access behavior. If you enter the xot access-group after the legacy XOT context has been created, the message "Active connection(s) will terminate [confirm]" will be displayed if any XOT connections are active. If the message is confirmed, any active XOT connections using the legacy context will be detached. The legacy context will then be deleted.

Deleting an XOT access group by entering the no xot access-group command will cause the message "Active connection(s) will terminate [confirm]" to be displayed if any connections are active. Confirming the message will cause active connections using the access list to be detached and the associated XOT context to be deleted.

XOT access groups can be associated with X.25 profiles. By this means, the IP addresses specified in the access list can have a unique X.25 configuration. An access group can be associated with one X.25 profile. If an access group is not associated with an X.25 profile, then the XOT connections associated with the access group will use the default X.25 configuration.

The X.25 profile must already exist and must specify a data exchange equipment (DXE) station type before it can be associated with an XOT access group. The station type of a profile cannot be changed once the profile is created.

An X.25 profile can be associated with multiple access groups.

Examples

Unrestricted XOT Access with Defined X.25 Parameters for All XOT Connections Example

In the following example, an access list is defined to permit all XOT connections. All XOT connections will use the X.25 configuration defined in the X.25 profile called "NEW-DEFAULT".

! Create a DXE station type profile with any name and configure the X.25 parameters under 
! the named profile 

!

x25 profile NEW-DEFAULT dxe 

 x25 address 12345 

 x25 modulo 128 

 x25 win 15 

 x25 wout 15 

 x25 ips 256 

 x25 ops 256 

!

! Define an IP standard access list to permit any XOT connection

!

access-list 10 permit any

!

! Apply the access list and X.25 profile to all XOT connections 

!

xot access-group 10 profile NEW-DEFAULT

Restricted XOT Access with Multiple X.25 Parameter Configurations Example

In the following example, XOT connections permitted by access list 10 will use the default X.25 configuration. XOT connections permitted by access list 22 will use the X.25 configuration that is defined in the X.25 profile "TRANSPAC".

! Define the IP access lists by specifying an IP access list number and access condition

!

ip access-list standard 10 

 permit 10.0.155.9 

 deny any 

ip access-list standard 22 

 permit 171.69.0.0 0.0.255.255 log 

 deny any

!

! Apply the default X.25 configuration to XOT connections permitted by access list 10

!

xot access-group 10 

!

! Configure an X.25 profile with station type DXE

!

x25 profile TRANSPAC dxe 

 x25 modulo 128 

 x25 win 80 

 x25 wout 80 

 x25 default pad

! Apply the X.25 profile to XOT connections permitted by access list 22

!

xot access-group 22 profile TRANSPAC

Related Commands

Command	Description
access-list (IP standard)	Defines a standard IP access list.
show x25 context	Displays operating configuration status details of an X.25 link.
show x25 profile	Displays details of X.25 profiles on your router.
show x25 xot	Displays information for all XOT virtual circuits that match a given criterion.
x25 profile	Configures an X.25 profile without allocating any hardware-specific information.