Table Of Contents
End-of-Record Function for DCNs
Contents
Prerequisites for End-of-Record Function for DCNs
Restrictions for End-of-Record Function for DCNs
Information About End-of-Record Function for DCNs
Data Types
The EOR Marker
Benefits of End-of-Record Function for DCNs
How to Configure End-of-Record Function for DCNs
Configuring the End-of-Record Function for a TCP-to-X.25 Protocol Translation Session
Configuring the End-of-Record Function for an X.25-to-TCP Protocol Translation Session
Troubleshooting Tips
Monitoring and Maintaining the End-of-Record Function for DCNs
Configuration Examples for End-of-Record Function for DCNs
Configuring the End-of-Record Function for DCNs for a TCP-to-X.25 Protocol Translation Session Example
Configuring the End-of-Record Function for DCNs for an X.25-to-TCP Protocol Translation Session Example
Additional References
Related Documents
Standards
MIBs
RFCs
Technical Assistance
Command Reference
show translate
translate tcp
translate x25
End-of-Record Function for DCNs
The Cisco Protocol Translator is designed to support Telnet-like applications that are stream-based, with no recognition or accommodation for logical records. For record-oriented applications, problems can occur because the record boundaries in X.25 data are lost when translation to TCP occurs. The End-of-Record Function for Data Communications Networks (DCNs) feature provides for the configuration of an End of Record (EOR) marker which allows the X.25 logical boundaries to be marked when translated to TCP. The benefit of this feature is that it allows the preservation of logical boundaries when translating X.25 data to TCP, enabling X.25-based networking solutions to adapt to and benefit from TCP/IP technologies.
Feature History for the End-of-Record Function for DCNs
Release
|
Modification
|
12.3(2)T
|
This feature was introduced.
|
Feature
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.
Contents
•
Prerequisites for End-of-Record Function for DCNs
•Restrictions for End-of-Record Function for DCNs
•Information About End-of-Record Function for DCNs
•How to Configure End-of-Record Function for DCNs
•Configuration Examples for End-of-Record Function for DCNs
•Additional References
•Command Reference
Prerequisites for End-of-Record Function for DCNs
X.25 must be configured. For more information on configuring X.25, see the "Configuring X.25 and LAPB" chapter in the Cisco IOS Wide-Area Networking Configuration Guide.
Restrictions for End-of-Record Function for DCNs
This feature is supported only for X25-to-TCP and TCP-to-X.25 protocol translation sessions.
This feature is not supported for any other types of protocol translation sessions.
Information About End-of-Record Function for DCNs
To configure the End-of-Record Function for DCNs feature, you must understand the following concepts:
•Data Types
•The EOR Marker
•Benefits of End-of-Record Function for DCNs
Data Types
X.25 data
X.25 data is inherently record-oriented. The X.25 protocol defines a bit in the packet called the More-bit (M-bit), which indicates whether the packet should be considered to terminate a logical record.
TCP data
TCP data is inherently stream-oriented. The TCP protocol attaches no significance to TCP segment stream boundaries, and the boundaries may change if the data is re-sent.
The EOR Marker
Logical record boundaries indicated by the combination of the X.25 packet boundaries and the M-bit are not preserved when translation to TCP occurs. The End-of-Record Function for DCNs feature allows the X.25 logical record boundaries to be marked by inserting a configurable string into the TCP stream at each X.25 record boundary. Translation of X.25 packets without the M-bit will invoke the insertion of the EOR marker.
Benefits of End-of-Record Function for DCNs
The benefit of the End-of-Record Function for DCNs feature is that it allows the preservation of logical boundaries when translating X.25 data to TCP, enabling X.25-based networking solutions to adapt to and benefit from TCP/IP technologies.
How to Configure End-of-Record Function for DCNs
This section contains the following procedures:
•Configuring the End-of-Record Function for a TCP-to-X.25 Protocol Translation Session
•Configuring the End-of-Record Function for an X.25-to-TCP Protocol Translation Session
•Monitoring and Maintaining the End-of-Record Function for DCNs
Configuring the End-of-Record Function for a TCP-to-X.25 Protocol Translation Session
Perform this task to enable the End-of-Record Function for DCNs feature for a TCP-to-X.25 protocol translation session.
SUMMARY STEPS
1. enable
2. configure terminal
3. translate tcp incoming-address [incoming-options] x25 outgoing-address [outgoing-options] [global-options] eor marker [insert]
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
translate tcp incoming-address
[incoming-options] x25 outgoing-address
[outgoing-options] [global-options] eor marker
[insert]
Example:
Router(config)# translate tcp 10.60.155.63 x25
12345678 pvc 3 dynamic eor 0x19 insert
|
Translates an incoming TCP connection request to an X.25 destination address or host name and enables EOR functionality.
•eor marker—Defines the EOR marker for the translation session. The marker argument may be any set characters from 1 to 4 in length. Nonprintable characters must be entered in hexadecimal format. Printable characters may be typed in.
•insert—Allows the EOR marker to be inserted into the TCP stream after each received X.25 packet that does not contain the M-bit set.
|
Configuring the End-of-Record Function for an X.25-to-TCP Protocol Translation Session
Perform this task to enable the End-of-Record Function for DCNs feature for an X.25-to-TCP protocol translation session.
SUMMARY STEPS
1. enable
2. configure terminal
3. translate x25 incoming-address [incoming-options [pvc number [pvc-options]]] tcp outgoing-address [outgoing-options] [global-options] eor marker [insert]
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
translate x25 incoming-address
[incoming-options [pvc number [pvc-options]]]
tcp outgoing-address [outgoing-options]
[global-options] eor marker [insert]
Example:
Router(config)# translate x25 12345678 pvc 3
tcp 10.60.155.63 eor AAA insert
|
Translates an incoming X.25 connection request to a TCP destination address or host name and enables EOR functionality.
•eor marker—Defines the EOR marker for the translation session. The marker argument may be any set of characters from 1 to 4 in length. Nonprintable characters must be entered in hexadecimal format. Printable characters may be typed in.
•insert—Allows the EOR marker to be inserted into the TCP stream after each received X.25 packet that does not contain the M-bit set.
|
Troubleshooting Tips
In the event that the End-of-Record Function for DCNs feature is not operating correctly, use the following debug commands in privileged EXEC mode to determine the source of the problem:
•debug translate
•debug x25 all
•debug pad
Refer to the Cisco IOS Debug Command Reference, Release 12.3 publication for information about the debug translate, debug x25 all, and debug pad commands.
Monitoring and Maintaining the End-of-Record Function for DCNs
This task results in the display of information about any protocol translation information configured with the translate command.
SUMMARY STEPS
1. enable
2. show translate
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router> enable
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
show translate
Example:
Router# show translate
|
Displays information about translation sessions that have been configured.
|
Configuration Examples for End-of-Record Function for DCNs
This section contains the following configuration example:
•Configuring the End-of-Record Function for DCNs for a TCP-to-X.25 Protocol Translation Session Example
•Configuring the End-of-Record Function for DCNs for an X.25-to-TCP Protocol Translation Session Example
Configuring the End-of-Record Function for DCNs for a TCP-to-X.25 Protocol Translation Session Example
The following example configures a TCP-to-X.25 protocol translation session to insert an EOR marker in a TCP packet after each received X.25 packet that does not contain the M-bit set. The EOR marker in this example consists of nonprintable characters and is entered in hexadecimal format.
translate tcp 10.60.155.63 x25 12345678 pvc 3 dynamic eor 0x19 insert
Configuring the End-of-Record Function for DCNs for an X.25-to-TCP Protocol Translation Session Example
The following example configures an X.25-to-TCP protocol translation session to insert an EOR marker in a TCP packet after each received X.25 packet that does not contain the M-bit set. The EOR marker in this example consists of printable characters.
translate x25 12345678 pvc 3 tcp 10.60.155.63 eor AAA insert
Additional References
The following sections provide additional information related to the End-of-Record Function for DCNs feature.
Related Documents
Related Topic
|
Document Title
|
Additional information about configuring protocol translation
|
"Configuring Protocol Translation and Virtual Asynchronous Devices" chapter in the Cisco IOS Terminal Services Configuration Guide
|
Additional protocol translation commands: complete command syntax, command mode, defaults, usage guidelines and examples
|
Cisco IOS Terminal Services Command Reference, Release 12.3
|
Information on configuring X.25
|
"Configuring X.25 and LAPB" chapter in the Cisco IOS Wide-Area Networking Configuration Guide.
|
Additional X.25 commands
|
Cisco IOS Wide-Area Networking Command Reference, Release 12.3
|
Standards
MIBs
MIBs
|
MIBs Link
|
None
|
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://www.cisco.com/go/mibs
|
RFCs
Technical Assistance
Description
|
Link
|
Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.
|
http://www.cisco.com/public/support/tac/home.shtml
|
Command Reference
This section documents modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.3 command reference publications.
•show translate
•translate tcp
•translate x25
show translate
To display translation sessions that have been configured, use the show translate command in privileged EXEC mode.
show translate
Syntax Description
This command has no arguments or keywords.
Command Modes
Privileged EXEC
Command History
Release
|
Modification
|
10.3
|
This command was introduced.
|
12.3(2)T
|
Additional output fields were added to dispaly information about translation sessions configured to use an End-of-Record marker.
|
Usage Guidelines
The display from this command shows each translation session set up on the router. It shows the incoming device and virtual terminal protocol, and the outgoing device and protocol.
Examples
The following show translate sample output is based on the following translate command configuration:
translate x25 3131415912345 ppp ip-pool scope-name router1 keepalive 0
If the previous translate command is enabled, the following output is created by the show translate command:
Translate From: x25 3131415912345
To: PPP ip-pool scope-name cardinal keepalive 0
1/1 users active, 1 peak, 1 total, 0 failures
Table 1 describes the significant fields shown in the display.
Table 1 show translate Field Descriptions—X.25 to IP Translation
Field
|
Description
|
Translate From: x25 3131415912345
|
Protocol (X.25) and address (3131415912345) of the incoming device.
|
To: PPP
|
The virtual terminal protocol (PPP).
|
ip-pool
|
Obtain an IP address from a DHCP proxy client or a local pool.
|
scope-name router1
|
Specific local scope name (router1) from which to obtain an IP address.
|
keepalive 0
|
Indicates that keepalive updates have been disabled for the current translation session.
|
1/1 users active
|
Number of users active over the total number of users.
|
1 peak
|
Maximum number of translate sessions up at any given time.
|
1 total
|
Total number of translation sessions.
|
0 failures
|
Number of failed translation attempts resulting from this configuration.
|
The following show translate sample output is based on the following translate command configuration:
translate x25 31301234 PPP 192.168.14.23 ipx-client Loopback0
If the previous translate command is enabled, the following output is created by the show translate command:
Translate From: x25 31301234
To: PPP 192.168.14.23 ipx-client Loopback0
1/1 users active, 1 peak, 1 total, 0 failures
Table 2 describes the significant fields shown in the display.
Table 2 show translate Field Descriptions—X.25 to IPX Translation
Field
|
Description
|
Translate From: x25 31301234
|
Protocol (X.25) and address (31301234) of the incoming device.
|
To: PPP 192.168.14.23
|
The virtual terminal protocol (PPP) and IP address of the outgoing device.
|
ipx-client Loopback0
|
Indicates that loopback interface 0 has been configured in client mode.
|
1/1 users active
|
Number of users active over the total number of users.
|
1 peak
|
Maximum number of translate sessions up at any given time.
|
1 total
|
Total number of translation sessions.
|
0 failures
|
Number of failed translation attempts resulting from this configuration.
|
The following show translate sample output is based on the following translate command configuration:
translate tcp 10.60.155.63 x25 12345678 pvc 3 dynamic eor 0x19 insert
If the previous translate command is enabled, the following output is created by the show translate command:
Translate From: TCP 10.60.155.63 Port 23
To: X25 12345678 Pvc 3 dynamic
1/1 users active, 1 peak, 1 total, 0 failures
Table 3 describes the significant fields shown in the display.
Table 3 show translate Field Descriptions—TCP to X.25 Translation
Field
|
Description
|
Translate From: TCP 10.60.155.63 Port 23
|
Protocol (TCP) and address (10.60.155.63) of the incoming device.
|
To: X25 12345678
|
The virtual terminal protocol (X.25) and X.121 destination address of the outgoing device.
|
Pvc 3
|
The outgoing connection is using permanent virtual circuit (PVC) 3.
|
dynamic
|
Terminate the TCP-to-X.25 PVC session when the interface goes down.
|
EOR 0x19 Insert
|
Indicates that End of Record (EOR) functionality is configured and that the EOR marker (0x19) will be inserted into the TCP stream after each received X.25 packet that does not contain the More-bit set.
|
1/1 users active
|
Number of users active over the total number of users.
|
1 peak
|
Maximum number of translate sessions up at any given time.
|
1 total
|
Total number of translation sessions.
|
0 failures
|
Number of failed translation attempts resulting from this configuration.
|
translate tcp
To translate a connection request to another protocol connection type when receiving a TCP connection request to a particular destination address or host name, use the translate tcp command in global configuration mode. To remove or change the translation request, use the no form of this command.
translate tcp incoming-address [incoming-options] protocol outgoing-address [outgoing-options]
[global-options]
no translate tcp incoming-address [incoming-options] protocol outgoing-address
[outgoing-options] [global-options]
Syntax Description
incoming-address
|
Standard IP address in standard, four-part dotted decimal notation. The IP address cannot be in use by other routers, and it should be on a connected subnet.
|
incoming-options
|
(Optional) An incoming connection request option. Choices are as follows:
•binary—Negotiates Telnet binary mode on the Telnet connection. (This was the default in previous versions of the protocol translation software and is set automatically when you enter a translate command in the previous format.)
•port number—The number of the port to match for incoming connections. The default is port 23 (Telnet). For outgoing connections, enter the number of the port to use. The default is port 23.
•printer—Supports local-area transport (LAT) and X.25 printing over a TCP network among multiple sites. This keyword causes the protocol translation software to delay the completion of an incoming Telnet connection until after the outgoing protocol connection (to LAT or X.25) has been established. An unsuccessful outgoing connection attempt results in the TCP connection to the router being refused, rather than being accepted and then closed, which is the default behavior. Note that using this keyword will force the global quiet keyword to be applied to the translation.
•stream—Performs stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process or generate any Telnet options, and also prevents Telnet processing of the data stream. This keyword might be useful for connections to ports running the UNIX-to-UNIX Copy Program (UUCP) or other non-Telnet protocols, or to ports connected to printers. For ports connected to printers using Telnet, the stream keyword prevents some of the problems associated with using Telnet for printers, such as unusual events happening to carriage returns or line feeds and echoing of data back to VPN/Security Management Solution (VMS) systems.
|
protocol outgoing-address
|
A protocol name followed by an address or host name. Protocol translation choices are: lat, ppp, slip, and x25.
Additional keywords that can be entered instead of a protocol name are as follows:
•autocommand—Specifies an EXEC command for an outgoing connection. The command executes upon connection to a host. You can issue any EXEC command and any switch or host name as an argument to the autocommand keyword. If the string following autocommand has one or more spaces as part of the string, you must place quotation marks (" ") around the string. If you want to enable AppleTalk Remote Access (ARA) on an outgoing connection, specify the autocommand arap keywords. These keywords are necessary for ARA because ARA does not use addressing, and this option permits you to invoke the ARA string.
•virtual-template—Associates a virtual template with a virtual access interface. See the translate tcp (virtual access interfaces) command description for more information.
|
outgoing-options
|
(Optional) Outgoing connection request options. Choices depend upon the protocol or command entered. See Table 4, Table 5, Table 6, and Table 7 for more information.
|
global-options
|
(Optional) One or more of the following translation options can be used by any connection type:
•access-class number—Allows the incoming call to be used by source hosts that match the access list parameters. The number argument is an integer previously assigned to an access list. Standard access list numbers are in the range from 1 to 99; expanded standard access lists numbers are in the range from 1300 to 1999.
•authorize method-list tag—Enables authorization for protocol translation sessions. The method-list argument is the list of authorization methods defined by the aaa authorization command with the translate keyword. The method-list argument may have the value of the list-name argument or the default keyword. The tag argument is an alphanumeric string of up to 64 characters. The tag argument need not be unique; more than one instance of the translate command can specify identical values for the tag argument. The authorize option is available only if the outgoing protocol keyword is x25 or autocommand.
•eor marker [insert]—Defines the End-of-Record (EOR) marker for the translation session. The marker argument may be any set of characters from 1 to 4 in length. Nonprintable characters must be entered in hexadecimal format. Printable characters may be typed in. The insert keyword allows the EOR marker to be inserted into the TCP stream after each X.25 packet without a More-bit (M-bit) set is received.
•local—Allows Telnet protocol negotiations to not be translated.
•login—Requires that the user log in before the outgoing connection is made. This type of login is specified on the virtual terminal lines with the login command.
•max-users number—Limits the number of simultaneous users of the translation to number (an integer you specify).
•quiet—Suppresses printing of user-information messages.
•swap—Valid for TCP-to-X.25 translations only, and allows X.3 parameters to be set on the router by the host originating the X.25 call, or by an X.29 profile. This configuration enables incoming and outgoing X.25 connections to be swapped so that the device is treated like a packet assembler/disassembler (PAD) when it accepts a call. By default, the router functions like a PAD for calls that it initiates, and like an X.25 host for calls it accepts. The swap keyword allows connections from an X.25 host that wants to connect to the router, and then treats it like a PAD.
|
Defaults
No default translation parameters
Command Modes
Global configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.1
|
The no-reset permanent virtual circuits (PVCs) subkeyword was added to support outgoing PVCs.
|
12.2(13)T
|
The dynamic keyword was added to support a backup interface.
|
12.3(2)T
|
The authorize method-list tag keyword and arguments were added to support authorization of protocol translation sessions. The eor marker [insert] keywords and argument were added to support the EOR function for DCNs.
|
Usage Guidelines
You define protocol translation connections by supplying a protocol keyword and the address, host name, or service name. A TCP protocol translation command can be as simple as the following example:
Router(config)# translate tcp 10.1.1.1 x25 1236672
However, the Cisco IOS software provides a broad range of options that support protocol translations in many networking environments. Table 4, Table 5, Table 6, and Table 7 list the translate tcp translation options by protocol.
You can also use the Cisco IOS command-line interface (CLI) to help you understand how these keywords are entered. In global configuration mode, begin entering the translate command and add a question mark at each portion of the command to display the options available. Some examples follow:
Router(config)# translate tcp ?
Hostname or A.B.C.D IP address
Router(config)# translate tcp 10.1.1.1 ?
autocommand Associate a command with a translation on this connections
binary Negotiate Telnet binary mode on the connection
printer Enable non-interactive (implies global quiet)
stream Enable stream processing
virtual-template Associate a virtual template with virtual access interface
Router(config)# translate tcp 10.1.1.1 lat LAT-1 ?
access-class Allow access list parameters to be used by source hosts
local Allow Telnet protocol negotiations not to be translated
login Require that the user log in before the outgoing connection is
max-users Limit the number of simultaneous users of the translation
quiet Suppress printing of user-information messages
unadvertised Prevent service advertisements from being broadcast to the
Note If you plan to translate to X.25 on a PVC, see the description for the translate x25 command for important configuration notes.
Table 4 TCP-to-LAT Outgoing Options
Outgoing LAT Translation
|
lat service-name
Translates TCP to the LAT protocol.The software must learn the service name through LAT service advertisements before it can use the service.
|
Outgoing LAT Connection Request Options
|
Any of the following optional keywords can be used to configure LAT connection requests:
•node name—Connects to the specified node that offers a LAT service. By default, the connection is made to the highest-rated node that offers the service.
•port name—Destination LAT port name in the format of the remote system. This parameter is usually ignored in most time-sharing systems, but is used by terminal servers that offer reverse-LAT services.
•unadvertised—Prevents LAT service advertisements from being broadcast to the network.
|
Table 5 TCP-to-PPP Outgoing Options
Outgoing PPP Translation
|
ppp {ip-address | ip-pool [scope-name name]}
Translates from TCP to virtual asynchronous PPP. Supply an IP address as a standard, four-part dotted decimal IP address.
The ip-pool keyword obtains an IP address from a Dynamic Host Configuration Protocol (DHCP) proxy client or a local pool. If the scope-name keyword is not specified, the address is obtained from a DHCP proxy client. If the scope-name keyword is specified, the IP address is obtained from the specified local pool. The scope-name keyword can specify a range of IP addresses.
|
Outgoing PPP Connection Request Options
|
Any of the following optional keywords can be used to configure PPP connection requests:
•authentication {pap | chap}—Sets Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) authentication for PPP on virtual asynchronous interfaces. If you specify both keywords, order is significant; the system will try to use the first authentication type, then the second.
•header-compression [passive]—Implements header compression on IP packets only. The passive keyword permits compression on outgoing packets only if incoming TCP packets on the same virtual asynchronous interface are compressed. The default (without the passive keyword) permits compression on all traffic.
•ipx loopback number—Specifies the loopback interface to be created and permits clients running IPX-PPP to connect through vtys on the router. A loopback interface must have been created and configured with a Novell IPX network number before IPX-PPP can work on the vty. The vty is assigned to the loopback interface.
|
•keepalive number-of-seconds—Specifies the interval at which keepalive packets are sent on Serial Line Internet Protocol (SLIP) and PPP virtual asynchronous interfaces. By default, keepalive packets are enabled and sent every 10 seconds. To shut off keepalive packets, use a value of 0. The active keepalive interval is 1 through 32,767 seconds. When you do not change from the default of 10, the keepalive interval does not appear in more system:running-config or show translate command output.
•mtu bytes—Sets the interface maximum transmission unit (MTU) of packets that the virtual asynchronous interface supports. The default MTU is 1500 bytes on a virtual asynchronous interface. The acceptable range is from 64 to 1,000,000 bytes.
•routing—Permits routing updates between connections. This keyword is required if the destination device is not on a subnet connected to one of the interfaces on the router.
•use-tacacs—Uses TACACS to verify PPP authentications for CHAP or PAP on virtual asynchronous interfaces.
|
Table 6 TCP-to-SLIP Outgoing Options
Outgoing SLIP Translation
|
slip {ip-address | ip-pool [scope-name name]}
Translates from TCP to virtual asynchronous SLIP. Supply an IP address as a standard, four-part dotted decimal IP address.
The ip-pool keyword obtains an IP address from a DHCP proxy client or a local pool. If the optional scope-name keyword is not specified, the address is obtained from a DHCP proxy client. If the scope-name keyword is specified, the IP address is obtained from the specified local pool. The scope-name keyword can specify a range of IP addresses.
Note The slip keyword applies only to outgoing connections; SLIP is not supported on incoming protocol translation connections.
|
Outgoing SLIP Connection Request Options
|
Any of the following optional keywords can be used to configure SLIP connection requests:
•header-compression [passive]—Implements header compression on IP packets only. The passive keyword permits compression on outgoing packets only if incoming TCP packets on the same virtual asynchronous interface are compressed. The default (without the passive keyword) permits compression on all traffic.
•ipx loopback number—Specifies the loopback interface to be created and permits clients running IPX-PPP over X.25 to connect through vtys on the router. A loopback interface must have been created and configured with a Novell IPX network number before IPX-PPP can work on the vty. The vty is assigned to the loopback interface.
•keepalive number-of-seconds—Specifies the interval at which keepalive packets are sent on SLIP and PPP virtual asynchronous interfaces. By default, keepalive packets are enabled and sent every 10 seconds. To shut off keepalive packets, use a value of 0. The active keepalive interval is 1 through 32,767 seconds. When you do not change from the default of 10, the keepalive interval does not appear in more system:running-config or show translate command output.
|
•mtu bytes—Sets the interface MTU of packets that the virtual asynchronous interface supports. The default MTU is 1500 bytes on a virtual asynchronous interface. The acceptable range is from 64 to 1,000,000 bytes.
•routing—Permits routing updates between connections. This keyword is required if the destination device is not on a subnet connected to one of the interfaces on the router.
|
Table 7 TCP-to-X.25 Outgoing Options
Outgoing X.25 Translation
|
x25 x.121-address
Translates TCP to the X.25 protocol. Supply an X.121 address that conforms to the specifications provided in the CCITT 1984 Red Book, or the name of an X.25 host that can be resolved by the DNS, or explicit specification in an x25 host command.
The address number generally consists of a portion that is administered by the public data network (PDN) and a portion that is locally assigned. You must be sure that the numbers that you assign agree with the addresses assigned to you by the X.25 service provider. The X.121 addresses generally will be subaddresses of the X.121 address for the X.25 network interface.
|
Outgoing X.25 Connection Request Options
|
Any of the following optional keywords can be used to configure X.25 connection requests:
•cud c-u-data—Sends the specified X.25 Call User Data (CUD) text as part of an outgoing call request after the protocol identification bytes.
•no-reverse—Specifies that outgoing calls not request the X.25 reverse charge facility, when the interface default is that all outgoing calls are reverse charged.
•profile profile—Sets the X.3 PAD parameters as defined in the profile created by the x29 profile command.
•pvc number [interface serial number | packetsize in-size out-size | windowsize in-size out-size | no-reset | dynamic]—Specifies that the outgoing connection is actually a PVC. The number argument specifies the virtual circuit channel number of the incoming connection, which must be less than the virtual circuits assigned to the switched virtual circuit (SVC).Only one session is allowed per PVC. Use the following optional keywords to further define the connection:
–interface serial number—Specifies a PVC interface on which to set up the PVC connection.
•packetsize in-size out-size—Specifies the input packet size (in-size) and output packet size (out-size) for the PVC. Valid packet size values are: 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.
–windowsize in-size out-size—Specifies the packet count for input windows (in-size) and output windows (out-size) for the outgoing translation. Values of in-size and out-size range from 1 to 127 and must not be greater than the value set for the x25 modulo command. You must specify the same value for the in-size and out-size arguments.
–no-reset—Causes the Cisco router to send a no reset packet request at startup of a TCP or LAT-to-PVC translation session.
–dynamic—Causes the TCP-to-X25 PVC session to terminate when the interface goes down. The default behavior is to keep the PVC in existence as long as it is configured.
|
•reverse—Provides reverse charging for X.25 on a per-call rather than a per-interface basis. Requests reverse charges on a specified X.121 address, even if the serial interface is not configured to request reverse charge calls.
•use-map—Applies x25 map pad command entry options (such as CUD and idle) and facilities (such as packet in, packet out, win in, and win out) to the outgoing protocol translation call. When the use-map keyword is specified on the translate command, the Destination address and optional PAD Protocol Identification (PID), CUD, and facilities are checked against a configured list of x25 map pad command entries. If a match is found, the map entry PID, CUD, and facilities are applied to the outgoing protocol translation call. The X.25 map facilities applied to the outgoing translation can be displayed with the show translation command throughout the duration of the translation session.
|
Examples
Dynamic PVCs to Support Primary and Secondary Interfaces Example
The following partial example shows how to configure the PVC dynamic option. The dynamic keyword allows an X.25 PVC to be created on a backup interface when the primary interface goes down. The example configures a primary serial interface (serial 0/0) for X.25 encapsulation and assigns a secondary serial interface (serial 1/1) as backup for the primary. Comments explain the configuration.
backup active interface Serial1/1
! Configure an X.25 route specifying the primary interface on which the router
! should create the dynamic PVCs.
x25 route ^10 interface serial 0/0
! Configure a second X.25 route specifying the secondary backup interface on which
! the router can recreate the PVCs should the primary go down.
x25 route ^10 interface serial 1/1
! Configure the translate commands with the PVC dynamic option.
translate tcp 10.60.150.128 port 1031 x25 10 pvc 1 dynamic
translate tcp 10.60.150.128 port 1036 x25 10 pvc 6 dynamic
When the primary interface serial 0/0 is the active link and it is operational (up), the PVCs will be created on that interface.
If the primary interface goes down, the following will occur:
•The TCP sessions associated with the X.25 PVCs on serial interface 0/0 will be terminated.
•The X25 PVCs created on serial interface 0/0 will be deleted.
•The primary link on serial interface 0/0 will go into the TESTING state.
•The backup link on serial interface 1/1 will change from the X.25 TESTING state to the UP state.
•This change of the interface state (from TESTING to UP) will cause the secondary link on serial interface 1/1 to become active.
•The X.25 PVCs will be recreated on the secondary link on serial interface 1/1 based on the configuration of the second x25 route command.
•Incoming TCP connections will be reestablished with the X.25 PVCs on serial interface 1/1.
TCP-to-X.25 PVC connections will remain on the backup secondary interface (serial 1/1) even when the primary interface (serial 0/0) becomes operational. Only when the backup interface (serial 1/1) fails does the process described repeat and move the TCP-to-X25 PVC connections back to the primary interface (serial 0/0).
Incoming TCP Connection to a Printer Example
The following example illustrates the use of the TCP incoming protocol printer keyword for an incoming TCP connection:
translate tcp 172.19.32.250 printer x25 5678
IPX-PPP Client Connects to a Server Running PPP Example
The following example permits clients running IPX-PPP to connect through the device virtual terminal lines to a server running PPP:
translate tcp 172.21.14.67 port 1234 ppp 10.0.0.2 ipx loopback0
Configuring the EOR Marker for a TCP-to-X.25 Protocol Translation Session Example
The following example configures a TCP-to-X.25 protocol translation session to insert an EOR marker in a TCP packet after each received X.25 packet that does not contain the M-bit set. The EOR marker in this example consists of nonprintable characters and is entered in hexadecimal format.
translate tcp 10.60.155.63 x25 12345678 pvc 3 dynamic eor 0x19 insert
Configuring Translation Authorization for a TCP-to-X.25 Protocol Translation Session Example
The following example uses an authorization method list named mygroup. Serial interfaces 2/0 and 2/1 connect to X.25 hosts, each of which provides multiple services at different X.25 subaddresses. Some of the translate statements specify unique authorization tags so the services can be individually controlled; others specify generic tags (perhaps because they are less critical, such as a monitoring service rather than one which permits configuration changes).
aaa authorization network mygroup group tacacs+
ip address 10.60.155.30 255.255.255.0
x25 route ^13033 interface Serial2/0
x25 route ^13133 interface Serial2/1
translate tcp 10.60.155.36 port 2001 x25 1303301 login authorize mygroup a-port01
translate tcp 10.60.155.36 port 2002 x25 1303302 login authorize mygroup a-port02
translate tcp 10.60.155.36 port 2003 x25 1303303 login authorize mygroup monitor
translate tcp 10.60.155.36 port 2004 x25 1303304 login authorize mygroup monitor
translate tcp 10.60.155.36 port 2005 x25 13033 pvc 1 login authorize mygroup a-admin01
translate tcp 10.60.155.36 port 2101 x25 1313301 login authorize mygroup b-port01
translate tcp 10.60.155.36 port 2102 x25 1313302 login authorize mygroup b-port02
translate tcp 10.60.155.36 port 2103 x25 1313303 login authorize mygroup monitor
translate tcp 10.60.155.36 port 2104 x25 1313304 login authorize mygroup monitor
With this configuration, the router accepts Telnet requests to 10.60.155.36 at any of the TCP ports listed. The user is required to log in, then the router sends an authorization request specifying "translate" as the value of the "service" AV pair, and the authorization tag from the corresponding translate command as the value of the "azn-tag" AV pair. The user id and remote address of the Telnet session are also included in the authorization request. If the authorization server approves the request, the connection to the specified X.25 address is attempted; if the request is denied, the Telnet connection is closed.
The authorization server would not be able to distinguish between connections to 10.60.155.36 port 2003 and 10.60.155.36 port 2104, because they specify the same authorization tag.
Related Commands
Command
|
Description
|
aaa authorization
|
Sets parameters that restrict user access to a network.
|
show translate
|
Displays configured translation sessions.
|
translate lat
|
Translates a LAT connection request automatically to another outgoing protocol connection.
|
translate x25
|
Translates an X.25 connection request automatically to another outgoing protocol connection.
|
x29 access-list
|
Limits access to the access server from certain X.25 hosts.
|
x29 profile
|
Creates a PAD profile script for use by the translate command.
|
translate x25
To translate a connection request to another protocol connection type when receiving an X.25 connection request to a particular destination address or host name, use the translate x25 command in global configuration mode. To remove or change the translation request, use the no form of this command.
translate x25 incoming-address [incoming-options [pvc number [pvc-options]]] protocol
outgoing-address [outgoing-options] [global-options]
no translate x25 incoming-address [incoming-options [pvc number [pvc-options]]] protocol
outgoing-address [outgoing-options] [global-options]
Syntax Description
incoming-address
|
An X.25 and X.121 address that conforms to specifications provided in the CCITT 1984 Red Book.
This address generally consists of a portion that is administered by the public data network (PDN) and a portion that is locally assigned. You must be sure that the numbers that you assign agree with the addresses assigned to you by the X.25 service provider. The X.121 addresses generally will be subaddresses of the X.121 address for the X.25 network interface. Typically, the interface address will be a 12-digit number. Any additional digits are interpreted as a subaddress. The PDN still routes these calls to the interface, and the Cisco IOS software is responsible for interpreting the extra digits.
Do not use the same address on the interface and for translation.
|
incoming-options
|
(Optional) An incoming connection request option. Choices are as follows:
•accept-reverse—Accepts reverse charged calls on an X.121 address even if the serial interface is not configured to accept reverse charged calls.
•cud c-u-data—Specifies the Call User Data (CUD) field to match in the X.25 Incoming Call packet. If the cud keyword is not configured, the CUD in the Incoming Call packet must be blank.
|
| |
•idle minutes—Specifies the number of minutes the virtual circuit is idle. This keyword enables the protocol translation function to clear a switched virtual circuit (SVC) after a set period of inactivity, where minutes is the number of minutes in the period. Calls either originated or terminated are cleared. The maximum value of the minutes argument is 255. The default value of the minutes argument is zero.
|
| |
•printer—Supports local-area transport (LAT) and TCP printing over an X.25 network among multiple sites. Provides an "interlock mechanism" between the acceptance of an incoming X.25 connection and the opening of an outgoing LAT or TCP connection. This keyword causes the Cisco IOS software to delay the call confirmation of an incoming X.25 call request until after the outgoing protocol connection (to TCP or LAT) has been established. An unsuccessful outgoing connection attempt to the router results in the incoming X.25 connection being refused, rather than being accepted and then closed, which is the default behavior. Note that using this keyword will force the global quiet keyword to be applied to the translation.
•profile profile—Sets the X.3 packet assembler/disassembler (PAD) parameters as defined in the profile created by the x29 profile command.
|
pvc number [pvc-options]
|
•pvc number [interface serial number | packetsize in-size out-size | windowsize in-size out-size ]—Specifies that the outgoing connection is actually a PVC. The number argument specifies the virtual circuit channel number of the connection, which must be less than the virtual circuits assigned to the SVC. Only one session is allowed per PVC. Use the following optional keywords to further define the connection:
–interface serial number—Specifies a PVC interface on which to set up the PVC connection.
–packetsize in-size out-size—Specifies the input packet size (in-size) and output packet size (out-size) for the PVC. Valid packet size values are as follows: 16, 32, 64, 128, 256, 512, 1024, 2048, and 4096.
–windowsize in-size out-size—Specifies the packet count for input windows (in-size) and output windows (out-size) for the outgoing translation. Values of in-size and out-size range from 1 to 127 and must not be greater than the value set for the x25 modulo command. You must specify the same value for the in-size and out-size arguments.
Note When the incoming connection is a PVC, the login and authorize global options and the autocommand option for the outbound protocol are not available.
|
protocol outgoing-address
|
A protocol name followed by an address or host name. Protocol translation choices are lat, ppp, slip, and tcp.
Note The host name is translated to an address during configuration, unless you are translating to TCP and use the host-name keyword, which allows the host name to be resolved at connection time instead of configuration time. See Table 11 for more information about the host-name keyword.
Additional keywords that can be entered instead of a protocol name are as follows:
•autocommand—Specifies an EXEC command for an outgoing connection. The command executes upon connection to a host. You can issue any EXEC command and any switch or host name as an argument to the autocommand keyword. If the string following autocommand has one or more spaces as part of the string, you must place quotation marks (" ") around the string. If you want to enable AppleTalk Remote Access (ARA) on an outgoing connection, specify the autocommand arap keywords. These keywords are necessary for ARA because ARA does not use addressing, and this option permits you to invoke the ARA string.
Note The autocommand option is not available when the incoming connection is a PVC.
•virtual-template—Associates a virtual template with a virtual access interface. See the translate x25 (virtual access interfaces) command description for more information.
|
outgoing-options
|
(Optional) Outgoing connection request option. Choices depend upon the protocol or command entered. See Table 8,Table 9, Table 10, and Table 11 for a list of outgoing protocol translation options.
|
global-options
|
(Optional) One or more of the following translation options can be used by any connection type:
•access-class number—Allows the incoming call to be used by source hosts that match the access list parameters. The number argument is an integer previously assigned to an access list. Standard access list numbers are in the range from 1 to 99; expanded standard access lists numbers are in the range from 1300 to 1999.
•authorize method-list tag—Enables authorization for protocol translation sessions. The method-list argument is the list of authorization methods defined by the aaa authorization command with the translate keyword. The method-list argument may have the value of the list-name argument or the default keyword. The tag argument is an alphanumeric string of up to 64 characters. The tag argument need not be unique; more than one instance of the translate command can specify identical values for the tag argument.
Note The authorize option is not available when the incoming connection is a PVC.
•eor marker [insert]—Defines the End-of-Record (EOR) marker for the translation session. The marker argument may be any set of characters from 1 to 4 in length. Nonprintable characters must be entered in hexadecimal format. Printable characters may be typed in. The insert keyword allows the EOR marker to be inserted into the TCP stream after each X.25 packet without a More-bit (M-bit) set is received.
•local—Allows Telnet protocol negotiations to not be translated.
•login—Requires that the user log in before the outgoing connection is made. This type of login is specified on the virtual terminal lines with the login command.
Note The login option is not available when the incoming connection is a PVC.
•max-users number—Limits the number of simultaneous users of the translation to number (an integer you specify).
•quiet—Suppresses printing of user-information messages.
•swap—Valid for X.25-to-TCP translations only, and allows X.3 parameters to be set on the router by the host originating the X.25 call, or by an X.29 profile. This configuration enables incoming and outgoing X.25 connections to be swapped so that the device is treated like a PAD when it accepts a call. By default, the router functions like a PAD for calls that it initiates, and like an X.25 host for calls it accepts. The swap keyword allows connections from an X.25 host that wants to connect to the router, and then treats it like a PAD.
|
Defaults
No default translation parameters.
Command Modes
Global configuration
Command History
Release
|
Modification
|
10.0
|
This command was introduced.
|
12.3(2)T
|
The authorize method-list tag keyword and arguments were added to support authorization of protocol translation sessions. The eor marker [insert] keywords and argument were added to support the EOR function for DCNs.
|
Usage Guidelines
You define protocol translation connections by supplying a protocol keyword and the address, host name, or service name. An X.25 protocol translation command can be as simple as the following example:
Router(config)# translate X.25 1236672 tcp 10.1.1.1
However, the Cisco IOS software provides a broad range of options that support protocol translations in many networking environments. Table 8, Table 9, Table 10, and Table 11 lists the translate x25 translation options by protocol.
You can also use the Cisco IOS command-line interface to help you understand how these keywords are entered. In global configuration mode, begin entering the translate command and add a question mark at each portion of the command to display the options available. Some examples follow:
Router(config)# translate x25 ?
WORD X.121 Address pattern
Router(config)# translate x25 66666 ?
accept-reverse Accept reverse charge on a per-call basis
autocommand Associate a command with a translation on this connections
cud Specify the Call User Data (CUD)
idle Specify VC idle timer
printer Enable non-interactive (implies global quiet)
profile Use a defined X.3 profile
pvc An incoming connection is actually a PVC
virtual-template Associate a virtual template with virtual access interface
Router(config)# translate x25 66666 tcp 10.1.1.1 ?
access-class Allow access list parameters to be used by source hosts
binary Negotiate Telnet binary mode on the connection
host-name Store the host name rather than its IP address
local Allow Telnet protocol negotiations not to be translated
login Require that the user log in before the outgoing connection
max-users Limit the number of simultaneous users of the translation
multibyte-IAC Always treat multiple IACs as telnet command
quiet Suppress printing of user-information messages
source-interface Specify source interface
stream Treat telnet escape characters as data
swap Allow X.3 parameters to be set on the protocol translator
by the host originating the X.25 call
Table 8 X.25-to-LAT Outgoing Options
Outgoing LAT Translation
|
lat service-name
Translates X.25 to the LAT protocol.The software must learn the service name through LAT service advertisements before it can use the service.
|
Outgoing LAT Connection Request Options
|
Any of the following optional keywords can be used to configure LAT connection requests:
•node name—Connects to the specified node that offers a LAT service. By default, the connection is made to the highest-rated node that offers the service.
•port name—Destination LAT port name in the format of the remote system. This parameter is usually ignored in most time-sharing systems, but is used by terminal servers that offer reverse-LAT services.
•unadvertised—Prevents LAT service advertisements from being broadcast to the network.
|
Table 9 X.25-to-PPP Outgoing Options
Outgoing PPP Translation
|
ppp {ip-address | ip-pool [scope-name name]}
Translates from X.25 to virtual asynchronous PPP. Supply an IP address as a standard, four-part dotted-decimal IP address.
The ip-pool keyword obtains an IP address from a Dynamic Host Configuration Protocol (DHCP) proxy client or a local pool. If the optional scope-name keyword is not specified, the address is obtained from a DHCP proxy client. If the scope-name keyword is specified, the IP address is obtained from the specified local pool. The scope-name keyword can specify a range of IP addresses.
|
Outgoing PPP Connection Request Options
|
Any of the following optional keywords can be used to configure PPP connection requests:
•authentication {pap | chap}—Sets Challenge Handshake Authentication Protocol (CHAP) or Password Authentication Protocol (PAP) authentication for PPP on virtual asynchronous interfaces. If you specify both options, order is significant; the system will try to use the first authentication type, then the second.
•header-compression—Configures header compression on IP packets only.
•ipx loopback number—Specifies the loopback interface to be created and permits clients running IPX-PPP over X.25 to connect through vtys on the router. A loopback interface must have been created and configured with a Novell IPX network number before IPX-PPP can work on the vty. The vty is assigned to the loopback interface.
•keepalive number-of-seconds—Specifies the interval at which keepalive packets are sent on Serial Line Internet Protocol (SLIP) and PPP virtual asynchronous interfaces. By default, keepalive packets are enabled and sent every 10 seconds. To shut off keepalive packets, use a value of 0. The active keepalive interval is 1 through 32,767 seconds. When you do not change from the default of 10, the keepalive interval does not appear in more system:running-config or show translate command output.
|
•mtu bytes—Sets the interface MTU of packets that the virtual asynchronous interface supports. The default MTU is 1500 bytes on a virtual asynchronous interface. The acceptable range is from 64 to 1,000,000 bytes.
•routing—Permits routing updates between connections. This option is required if the destination device is not on a subnet connected to one of the interfaces on the router.
•use-tacacs—Uses TACACS to verify PPP authentications for CHAP or PAP on virtual asynchronous interfaces.
|
Table 10 X.25-to-SLIP Outgoing Options
Outgoing SLIP Translation
|
slip {ip-address | ip-pool [scope-name name]}
Translates from X.25 to virtual asynchronous SLIP. Supply an IP address as a standard, four-part dotted-decimal IP address.
The ip-pool keyword obtains an IP address from a DHCP proxy client or a local pool. If the optional scope-name keyword is not specified, the address is obtained from a DHCP proxy client. If the scope-name keyword is specified, the IP address is obtained from the specified local pool. The scope-name keyword can specify a range of IP addresses.
Note The slip argument applies only to outgoing connections; SLIP is not supported on incoming protocol translation connections.
|
Outgoing SLIP Connection Request Options
|
Any of the following optional keywords can be used to configure SLIP connection requests:
•header-compression [passive]—Implements header compression on IP packets only. The passive keyword permits compression on outgoing packets only if incoming TCP packets on the same virtual asynchronous interface are compressed. The default (without the passive keyword) permits compression on all traffic.
•ipx loopback number—Specifies the loopback interface to be created and permits clients running IPX-PPP over X.25 to connect through vtys on the router. A loopback interface must have been created and configured with a Novell IPX network number before IPX-PPP can work on the vty. The vty is assigned to the loopback interface.
•keepalive number-of-seconds—Specifies the interval at which keepalive packets are sent on SLIP and PPP virtual asynchronous interfaces. By default, keepalive packets are enabled and sent every 10 seconds. To shut off keepalive packets, use a value of 0. The active keepalive interval is 1 through 32,767 seconds. When you do not change from the default of 10, the keepalive interval does not appear in more system:running-config or show translate command output.
•mtu bytes—Sets the interface MTU of packets that the virtual asynchronous interface supports. The default MTU is 1500 bytes on a virtual asynchronous interface. The acceptable range is from 64 to 1,000,000 bytes.
•routing—Permits routing updates between connections. This keyword is required if the destination device is not on a subnet connected to one of the interfaces on the router.
|
Table 11 X.25-to-TCP Outgoing Options
Outgoing TCP Translation
|
tcp ip-address
Translates X.25 to TCP/IP Telnet. Supply an IP address as a standard, four-part dotted-decimal IP address, or the name of an IP host that can be resolved by the DNS, or explicit specification in an ip host command (see the description for the host-name keyword in the "Outgoing TCP Connection Request Options" section).
|
Outgoing TCP Connection Request Options
|
Any of the following optional keywords can be used to configure TCP connection requests:
•binary—Negotiates Telnet binary mode on the connection.
•host-name—Stores the host name rather than its IP address, thereby allowing the host name to be resolved at connection time instead of configuration time. There is also a rotor keyword suboption that you can use to modify the behavior of the host-name keyword by allowing one of the IP addresses defined by the ip host configuration command to be chosen randomly. If one address fails, another one will be tried, and so on until all address choices are exhausted. You can use the rotor keyword, therefore, to provide basic load sharing of the IP destinations.
•multibyte-IAC—Always treat multiple Interpret as Command (IAC) escape character codes as a Telnet command.
•port number—For incoming connections, enter the number of the port to match. The default is port 23 (Telnet).
•source-interface—Specifies the source address used for Telnet connections initiated by the router.
•stream—Performs stream processing, which enables a raw TCP stream with no Telnet control sequences. A stream connection does not process or generate any Telnet options, and also prevents Telnet processing of the data stream. This option might be useful for connections to ports running UNIX-to-UNIX Copy Program (UUCP) or other non-Telnet protocols, or to ports connected to printers. For ports connected to printers using Telnet, the stream keyword prevents some of the problems associated with using Telnet for printers, such as unusual events happening to carriage returns or line feeds and echoing of data back to VPN/Security Management Solution (VMS) systems.
|
Protocol Translation and X.25 PVCs Functional Description
This section describes how the protocol translator works with X.25 PVCs. It will help you understand the overall behavior of incoming and outgoing X.25 PVCs associated with a translate command, enabling you to correctly configure protocol translator PVCs for your application.
Configuring X.25 PVCs
When the translate x25 command is configured with a PVC, an attempt is made to create the PVC. The following conditions can cause this attempt to fail:
•The PVC number in the translate x25 command is not within the range of logical channels defined for use by PVCs in the interface configuration.
•The PVC number in the translate x25 command is already in use.
•An X.25 destination in a translate x25 command is routed to X.25 over TCP/IP (XOT), Connection Mode Network Service (CMNS), or Annex G, which do not support translated PVCs.
PVC numbers must be unique across an X.25 connection; however, PVC 1 on serial interface 1/0 is different (and therefore unique) from PVC 1 on serial interface 2/1.
If, once the translate x25 command is accepted, the X.25 interface on which the PVC is created goes down, the PVC enters an inactive state, the TCP or LAT connection is terminated, but the existing PAD context remains inactive.
An incoming TCP or LAT connection associated with a down outgoing PVC (displaying a "P/Inactive message") will be rejected by the protocol translator.
If any X.25 traffic is received while the corresponding TCP or LAT connection is terminated, and if a data packet is received in state D1, a reset with a diagnostic message will be displayed, similar to the following:
20:17:11.809: Serial2: X.25 O D1 Reset (5) 8 lci 4
20:17:11.809: Cause 29, Diag 113 (Network out of order (PVC)/Remote network problem)
The number of outgoing and incoming protocol translation PVCs is limited only by the number of vtys supported on the Cisco router. Remember that each protocol translation session uses a vty, which lowers the number of vtys available for Telnet sessions.
By default, the Cisco router sends a reset packet with the cause "PVC Network Operational" and diagnostic "Maintenance action" messages at the start of a TCP or LAT to PVC translation session, to announce that the connection is established and that the PVC is able to handle data traffic. To suppress the PVC reset packet at TCP or LAT session startup, configure the no-reset outgoing PVC keyword as shown in the following example:
translate tcp 192.168.22.102 port 5 x25 333 pvc 5 no-reset profile tcl
Changing or Removing a translate Command PVC Configuration
Removing a translate command with an outgoing PVC specified is allowed only when there no active connection is associated with the outgoing PVC. An attempt to remove an active translation results in the following message:
Translate: Can't delete/add entry - Connection(s) are currently active
For example, if PVC 5 is assigned to a translate command as shown in the following example:
translate tcp 10.0.155.61 port 5 x25 5 pvc 5 interface Serial2/0
And you want PVC 5 to be assigned under an X.25 interface instead of the translate command, as shown in the following example:
x25 pvc 5 int s4/0 pvc 25
Perform the following steps to configure this reassignment:
Step 1 Check whether a PVC is associated with a serial connection using the show x25 EXEC command, as follows:
PVC 5, State:D1, Interface:Serial2/0
Line:230 vty 4 Location:Host:nmos3m1
connected to PAD <--> X25
Step 2 If the PVC is associated with a TCP connection, terminate the connection by disconnecting the TCP session or by using the clear line EXEC command as shown in the following example:
Step 3 Enter configuration mode, delete the translate command, and reassign PVC 5 to an interface:
Router(config)# no translate tcp 10.0.155.61 port 5 x25 5 pvc 5 interface Serial2/0
Router(config)# interface serial2/0
Router(config-if)# x25 pvc 5 int s4/0 pvc 25
If you want to modify the translate command and change the PVC number from 5 to 12, follow steps 1 and 2, and modify the translate command with PVC 12, as follows:
Router(config)# translate tcp 10.0.155.61 port 12 x25 12 pvc 12 interface Serial2/0
Understanding the X.25 Address and the PVC Interface Option on a translate Command
The protocol translator locates the X.121 destination address in the X.25 route table to determine the interface on which to establish the PVC. A more up-to-date, simpler approach uses the translate command with the interface keyword, which ignores the status of the interface by avoiding referencing the X.25 route table.
For example, instead of configuring an x25 route command for each translated PVC, and entering a long X.121 address on the translate command, as shown this example:
x25 route ^32785223344502 interface Serial1/5
translate tcp 10.0.155.61 port 2502 x25 32785223344502 pvc 1
You can enter one translate command that links the IP port number with the X.121 address and specifies the interface on which to establish the PVC, as follows:
translate tcp 10.0.155.61 port 2502 x25 2502 pvc 1 interface Serial 1/5
This is the recommended approach and should be adopted in place of translate commands that cause the destination address to be looked up in the route table.
Examples
The following example shows how to use the translate global configuration command to translate from an X.25 PAD to a LAT device on Network A. It is applied to Router-A. The configuration example includes an access list that limits remote LAT access through Router-A to connections from PAD-C. This example typifies the use of access lists in the Cisco IOS software. The first two lines define the scope of access list 1. The first line specifies that access list 1 will permit all calls from X.121 address 44444. The caret symbol (^) specifies that the first number 4 is the beginning of the address number.The second line of the definition explicitly denies calls from any other number. (Refer to the appendix "Regular Expressions" in the Cisco IOS Terminal Services Configuration Guide for details concerning the use of special characters in defining X.121 addresses.)
! Define X25 access list to only allow pad-c.
x29 access-list 1 permit ^44444
x29 access-list 1 deny .*
translate x25 1111101 lat LAT-A access-class 1
The following example shows a simple X.25-to-TCP translate x25 command. Packets coming in X.25 address 652365123 arrive via PVC 1 and are translated to TCP packets and sent out IP address 172.16.1.1.
translate x25 652365123 pvc 1 tcp 172.16.1.1
The following example shows a more complex configuration that calls an X.29 profile and swaps the default PAD operation of the router to that of an X.25 host. The name of the profile is fullpackets.
x29 profile fullpackets 2:0 3:0 4:100 7:21
translate x25 217536124 profile fullpackets tcp Host1 port 4006 swap
The following example shows the use of the X.25 incoming protocol printer keyword for an incoming X.25 connection:
translate x25 55555 printer tcp 172.16.1.1
The following examples causes the protocol translator to try connecting to IP address 172.16.1.1 and if that failed, to try IP address 172.16.2.1, and so on through all IP addresses listed in the ip host command:
ip host my-hosts 172.16.1.1 172.16.2.1 172.16.3.1
translate x25 55555 tcp my-hosts host-name
The following example uses the rotor keyword to cause the protocol translator to randomly choose one of the IP address listed in the ip host command and if it fails to connect, to try another IP address, until all are exhausted:
ip host my-hosts 172.16.1.1 172.16.2.1 172.16.3.1
translate x25 55555 tcp my-hosts host1 rotor
The following example translates X.25 packets to PPP. It enables routing updates between the two connections:
translate x25 12345678 ppp 10.0.0.2 routing
The following example permits clients running AppleTalk Remote Access (ARA) to connect through the virtual terminal lines of the device to an AppleTalk network:
translate x25 12345678 autocommand arap
arap require-manual-password
The following example specifies IP pooling from a DHCP server named D-Server1. It then specifies that incoming TCP traffic be translated to SLIP. The DHCP server will dynamically assign IP addresses on the outgoing sessions.
ip address-pool dhcp-proxy-client
translate x25 5467835 ppp ip-pool scope-name D-Server1
The following example specifies a local IP pool named Pool2 with IP addresses ranging from 172.18.10.10 to 172.18.10.110. It then specifies that incoming X.25 traffic be translated to PPP. The local IP pool Pool2 will be used to dynamically assign IP addresses on the outgoing sessions.
ip-pool Pool2 172.18.10.10 172.18.10.110
translate x25 1234567 ppp ip-pool scope-name Pool2
The following example shows how to set the idle timer. X.25 calls are cleared if they are idle for the configured time.
translate x25 1234 idle 2 lat Service3
The following example configures an X.25-to-TCP protocol translation session to insert an EOR marker in a TCP packet after each received X.25 packet that does not contain the M-bit set. The EOR marker in this example consists of printable characters.
translate x25 12345678 pvc 3 tcp 10.60.155.63 eor AAA insert
The following example uses the default authorization method list. Incoming PAD calls to the router on serial interface 1/1 are translated to Telnet calls to various destinations based on the X.25 subaddress. Use of the first two translate statements is restricted to users that are approved by the authorization server for access to group1; the third translate statement will complete the connection only if the authorization server grants access to group2.
aaa authorization network default group tacacs+
translate x25 555108801 tcp 10.60.155.1 login authorize default group1
translate x25 555108802 tcp 10.60.155.2 login authorize default group1
translate x25 555108803 tcp 10.60.155.3 login authorize default group2
Related Commands
Command
|
Description
|
aaa authorization
|
Sets parameters that restrict user access to a network.
|
show translate
|
Displays configured translation sessions.
|
translate lat
|
Translates a LAT connection request automatically to another outgoing protocol connection.
|
translate tcp
|
Translates a TCP connection request automatically to another outgoing protocol connection.
|
x29 access-list
|
Limits access to the access server from certain X.25 hosts.
|
x29 profile
|
Creates a PAD profile script for use by the translate command.
|
Copyright © 2003 Cisco Systems, Inc. All rights reserved.
