Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

X.25 Protocols

X.25 BFE Encapsulation

Downloads

Document ID: 18326


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Background Information
      X.25 BFE Address Translation
Configure
      Network Diagram
      Configurations
Verify
Troubleshoot
      Troubleshooting Commands
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document provides a sample configuration for using Blacker Front End (BFE) encapsulation to connect a router to a BFE device.

Note: Cisco routers are not responsible for any encryption, and do not maintain any aspect of the encryption.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

  • Two Cisco 2500 routers.

  • Cisco IOSĀ® Software Release 11.2(24).

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to Cisco Technical Tips Conventions.

Background Information

Let us look at a sample setup:

x25_18326.gif

In X.25 BFE encapsulation, the IP translation to X.25 is different from Defense Data Network (DDN). Additionally, when a BFE device loses connectivity to the servers in the network, it can enter an "emergency mode".

As well as encrypting the data flowing from RouterA to RouterB, the BFE device contacts access control decisions (ACC) to maintain access securities. For example, if a host on RouterA needs to talk to a host on RouterB the BFE checks if this access can be granted through the information that can be obtained from the ACC. The BFE maintains encryption and the keys needed for this are provided by the Key Distribution Center (KDC).

Cisco IOSĀ® Software Releases 11.2 and later are BFE compliant. You can see this by looking at the show version command output.

Example:

   traxbol#show version
   IOS (tm) 2500 Software (C2500-JS-L), Version 11.2(24), RELEASE SOFTWARE (fc1)
   Copyright (c) 1986-2000 by cisco Systems, Inc.
   Compiled Wed 04-Oct-00 18:33 by leccese
   Image text-base: 0x00001448, data-base: 0x00769E98
   ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
   BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), 
   RELEASE SOFTWARE (fc1)
   traxbol uptime is 2 days, 1 hour, 54 minutes
   System restarted by reload
   System image file is "c2500-js-l.112-24", booted via tftp from 10.48.92.61
   cisco 2520 (68030) processor (revision M) with 14336K/2048K bytes of memory.
   Processor board ID 06168038, with hardware revision 00000003
   Bridging software.
   SuperLAT software copyright 1990 by Meridian Technology Corp).
   
   X.25 software, Version 2.0, NET2, BFE and GOSIP compliant. 
   
!--- We can see BFE compliance here.

   TN3270 Emulation software.
   Basic Rate ISDN software, Version 1.0.
   1 Ethernet/IEEE 802.3 interface(s)
   2 Serial network interface(s)
   2 Low-speed serial(sync/async) network interface(s)
   1 ISDN Basic Rate interface(s)
   32K bytes of non-volatile configuration memory.
   16384K bytes of processor board System flash (Read/Write)
 Configuration register is 0x2102

If BFE loses access to ACC or KDC, an emergency mode is available. The host (in our case the router) is notified by the BFE that it is entering the emergency mode, so the host can take action. The host can take one of the following three possible actions:

  • The router always enters emergency mode.

  • The router takes a decision when emergency mode is reached.

  • The router never uses emergency mode.

If the router needs to take a decision (the second option above) there are three further possibilities:

  • It asks the prompt administrator for emergency mode decision.

  • No: Router will not participate in emergency mode decision.

  • Yes: Router will participate in emergency mode decision.

X.25 BFE Address Translation

The translation from IP to X.121 addresses when using BFE encapsulation is different from DDN encapsulation. BFE only supports translation for class A networks. The calculation of the X121 address is done automatically, as for DDN, but uses another claculation to define the X.121 BFE address:

The X.121 BFE address takes the following format:

ZZZZZpDDDBBB

where:

ZZZZZ = 00000
p = Port ID
DDD = Domain
BBB = BFE ID

The IP address takes the following format:

frame-bfe.gif

where:

Z = 0
PPP = port ID
DDDDDDDDDD = domain
BBBBBBBBBBB = BFE ID

Example:

Ip address = 21.126.159.120

We take the last 24 bits as follows:

0 111 1110100111 1101111000
Z P D B
x121 BFE address is = 000007935888

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only) .

Network Diagram

This document uses this network setup:

X25-bfe.gif

Configurations

This document uses these configurations:

  • GOYA (Cisco 2500 Router)

  • TRAXBOL (Cisco 2500 Router)

GOYA (Cisco 2500 Router)

 
interface Serial1 

!--- ip address should be in class A 

ip address 10.0.0.1 255.255.255.0 
no ip directed-broadcast 

!--- Maximum transmission unit (MTU) is set to 896 automatically 
required for BFE

ip mtu 896
encapsulation x25 bfe 
no ip mroute-cache 
x25 address 000000000001 

!--- The router participates in the emergency but makes a decision
 
x25 bfe-emergency decision 

!--- The router always goes into emergency mode
        
x25 bfe-decision yes 

!--- Remote red host is 10.0.0.3, remote black is the router on 
the black network
 
x25 remote-red 10.0.0.3 remote-black 10.0.0.2

TRAXBOL (Cisco 2500 Router)

 
interface Serial1 
description connection to x25 via bfe 
ip address 10.0.0.2 255.255.255.0 
ip mtu 896 
encapsulation x25 bfe 
no ip mroute-cache 
x25 address 000000000002 
x25 bfe-emergency always

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows you to view an analysis of show command output.

Note: Before issuing debug commands, refer to Important Information on Debug Commands.

  • ping—checks whether a device is operating, and if network connections are intact.

  • debug x25 events—displays information about X.25 traffic in privileged EXEC mode.

Start a ping command from goya to traxbol:

   Type escape sequence to abort. 
   Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds: 
   !!!!! 
   Success rate is 100 percent (5/5), round-trip min/avg/max = 72/84/132 ms 
   goya# 
   
!--- As in DDN, when you issue a ping, the x25 address is calculated.
!--- There is no need for a map. Also notice that DDN facilities are used, 
!--- because even if we are connecting through a BFE, the network is still DDN.

Output from debug x25 events on goya is as follows:

   *Mar 3 16:21:23.924: Serial1: X25 O P2 CALL REQUEST (22) 8 lci 1024 
   *Mar 3 16:21:23.928: From(12): 000000000001 To(12): 000000000002
   *Mar 3 16:21:23.928: Facilities: (4) 
   *Mar 3 16:21:23.932: Local facility marker 
   *Mar 3 16:21:23.932: DDN standard service 
   *Mar 3 16:21:23.932: Call User Data (1): 0xCC (ip) 
   *Mar 3 16:21:23.980: Serial1: X25 I P2 CALL CONNECTED (5) 8 lci 1024 
   *Mar 3 16:21:23.980: From(0): To(0): 
   *Mar 3 16:21:23.984: Facilities: (0)

Output from debug x25 events on traxbol is as follows:

*Mar 4 00:06:17.686: Serial1: X25 I P1 CALL REQUEST (22) 8 lci 1 
   *Mar 4 00:06:17.690: From(12): 000000000001 To(12): 000000000002
   *Mar 4 00:06:17.690: Facilities: (4) 
   *Mar 4 00:06:17.694: Local facility marker 
   *Mar 4 00:06:17.694: DDN standard service 
   *Mar 4 00:06:17.694: Call User Data (1): 0xCC (ip) 
   *Mar 4 00:06:17.698: Serial1: X25 O P4 CALL CONNECTED (5) 8 lci 1 
   *Mar 4 00:06:17.702: From(0): To(0): 
   *Mar 4 00:06:17.702: Facilities: (0) 
   *Mar 4 00:06:17.746: Serial1: X25 I P4 DATA (103) 8 lci 1 PS 0 PR 0 
   *Mar 4 00:06:17.750: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 0 PR 1 
   *Mar 4 00:06:17.822: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 1 PR 1 
   *Mar 4 00:06:17.826: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 1 PR 2 
   *Mar 4 00:06:17.902: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 2 PR 2 
   *Mar 4 00:06:17.906: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 2 PR 3 
   *Mar 4 00:06:17.978: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 3 PR 3 
   *Mar 4 00:06:17.982: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 3 PR 4 
   *Mar 4 00:06:18.050: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 4 PR 4 
   *Mar 4 00:06:18.058: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 4 PR 5

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for WAN
Network Infrastructure: WAN, Routing, and Switching

Related Information

Updated: Jun 01, 2005Document ID: 18326