Cisco IOS Wide-Area Networking Configuration Guide - Free Books

More documents

Recommendations

Info

ContentsX.25 Suppression of Security Signaling FacilitiesTo access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten orlost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic checkwill verify that your e-mail address is registered with Cisco.com. If the check is successful, accountdetails with a new random password will be e-mailed to you. Qualified users can establish an accounton Cisco.com by following the directions found at this URL:http://www.cisco.com/registerCisco Feature Navigator is updated regularly when major Cisco IOS software releases and technologyreleases occur. For the most current information, go to the Cisco Feature Navigator home page at thefollowing URL:http://www.cisco.com/go/fnAvailability of Cisco IOS Software ImagesPlatform support for particular Cisco IOS software releases is dependent on the availability of thesoftware images for those platforms. Software images for some platforms may be deferred, delayed, orchanged without prior notice. For updated information about platform support and availability ofsoftware images for each Cisco IOS software release, refer to the online release notes or Cisco FeatureNavigator.Contents• Information About the X.25 Suppression of Security Signaling Facilities Feature, page 2• How to Suppress the X.25 Security Signaling Facilities, page 4• Configuration Example for Suppressing X.25 Security Signaling Facilities, page 6• Additional References, page 6• Command Reference, page 8Information About the X.25 Suppression of Security SignalingFacilities FeatureTo configure the X.25 Suppression of Security Signaling Facilities feature, you need to understand theconcepts described in the following sections:• X.25 Security Facilities Suppression Scenarios, page 2• When Suppressing the Security Signaling Facilities Is Necessary, page 3X.25 Security Facilities Suppression ScenariosX.25 networks encode security facilities in X.25 Call, Call Confirm, and Clear packets to notify bothstations participating in the setup of a switched virtual circuit (SVC) of events that may result in a stationconnecting to an unexpected partner.2
X.25 Suppression of Security Signaling FacilitiesInformation About the X.25 Suppression of Security Signaling Facilities FeatureNoteThis document refers to Call packets and Call Confirm packets. These names differ from thosestandardized by X.25. The standard distinguishes between a Call packet sent by the DTE station (a CallRequest) and one sent by the DCE station (an Incoming Call), and similarly between a Call Confirmpacket sent by the DTE (a Call Accepted) and one sent by the DCE (a Call Connected).The packets are encoded identically and, in many cases, the processing that X.25 does is identical;however, there are cases where the behavior is predicated on the station type receiving or sending thepacket.For example, when an X.25 Call is redistributed by a network through a hunt group, a standardimplementation will encode a CRCDN facility in the forwarded call. Thus, the receiver is notified thatthe Call packet was redistributed by a hunt group and is notified of the original destination address. Astandard network will also, if such a Call is accepted by a returned Call Confirm packet, encode aCLAMN facility when forwarding the Call Confirm packet. This encoding notifies the originator that theaccepting destination was reached by distribution through a hunt group, and may also encode thedestination address of the accepting station. Both stations receive notification of what happened so eachcan decide to either proceed with the SVC, if the resulting connection is permissible, or to clear thechannel if not.When Suppressing the Security Signaling Facilities Is NecessaryWarningX.25 security signaling facilities are used to explicitly notify the connecting stations of events thatmay raise security issues if they were not signaled. Suppression of these facilities should only beconfigured when the attached equipment and network configurations are sufficiently secure that thesignaled information is unnecessary.There are many X.25 implementations that will not operate as intended if presented with X.25 featuresor facilities beyond a narrow set of those that occur most commonly. The security signaling facilities areless common, and there are a significant number of X.25 implementations that will not proceed with anSVC that encodes them during Call setup. This can cause connection failures when Cisco equipment isused to implement an X.25 hunt group. There are two security facilities that the Cisco hunt group featureencodes: An X.25 Call packet forwarded out from a hunt group has the CRCDN facility encoded in thepacket and, when accepted, the returning X.25 Call Confirm packet has the CLAMN facility encoded inthe packet.Both the originator of the Call packet and the destination it reaches should be notified of the hunt groupevent, thus allowing each side to clear the SVC if communication is not permitted by the station’ssecurity policy. For this reason, the Cisco implementation of hunt groups is designed to signal bothstations participating in the Call setup using the X.25-designated CRCDN and CLAMN facilities. TheX.25 Suppression of Security Signaling Facilities feature allows this signaling to be suppressed by theCRCDN facility in a Call packet. The no x25 security crcdn command introduced in this featureprovides this function, and there are no implications for correct protocol behavior by using it.X.25 operation can also be modified to suppress a CLAMN facility in X.25 Call Confirm packets whenthe no x25 security clamn command is configured to disable that signaling. Configuring suppression ofthe CLAMN security signaling facility has an implication for correct protocol behavior: The X.25Recommendations specify that the CLAMN facility must be present in a Call Confirm packet if thatpacket encodes a destination address that is not the null address and that differs from the address encodedin the Call packet. When X.25 is configured to suppress the encoding of a CLAMN facility, it will also3
Page 1 and 2:
Cisco IOS Wide-Area NetworkingConfi
Page 4 and 5:
Documentation ConventionsAbout Cisc
Page 6 and 7:
Documentation OrganizationAbout Cis
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Additional Resources and Documentat
Page 16 and 17:
Using the CLIUsing the Command-Line
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Saving Changes to a ConfigurationUs
Page 28 and 29:
Additional InformationUsing the Com
Page 31 and 32:
Configuring Frame RelayFeature Hist
Page 33 and 34:
Configuring Frame RelayFrame Relay
Page 35 and 36:
Configuring Frame RelayConfiguring
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Configuring Frame RelayCustomizing
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Adaptive Frame Relay Traffic Shapin
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
Frame Relay 64-Bit CountersFeature
Page 117 and 118:
Frame Relay 64-Bit CountersSupporte
Page 119 and 120:
Frame Relay 64-Bit CountersConfigur
Page 121 and 122:
Frame Relay 64-Bit CountersConfigur
Page 123 and 124:
Frame Relay MIB EnhancementsFeature
Page 125 and 126:
• The chapter “Configuring Simp
Page 127:
Command ReferenceThe following comm
Page 130 and 131:
Feature OverviewFrame Relay Point-M
Page 132 and 133:
Supported Standards, MIBs, and RFCs
Page 134 and 135:
Configuration ExamplesFrame Relay P
Page 136 and 137:
Command ReferenceFrame Relay Point-
Page 138 and 139:
How Frame Relay Queueing and Fragme
Page 140:
• Cisco 2500 series• Cisco 2600
Page 143 and 144:
Configuring the Shaping Policy Usin
Page 145 and 146:
The following sample output for the
Page 147 and 148:
Frame Relay Queueing, Shaping, and
Page 149 and 150:
Frame Relay PVC Bundles with QoS Su
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Frame Relay Voice-Adaptive Traffic
Page 175 and 176:
Page 177 and 178:
Page 179 and 180:
Page 181 and 182:
Page 183 and 184:
Page 185 and 186:
Page 187 and 188:
Page 189 and 190:
MQC-Based Frame Relay Traffic Shapi
Page 191 and 192:
Page 193 and 194:
Page 195 and 196:
Page 197 and 198:
Page 199 and 200:
Page 201 and 202:
Page 203 and 204:
Multilink Frame Relay (FRF.16.1)Fir
Page 205 and 206:
Multilink Frame Relay (FRF.16.1)Inf
Page 207 and 208:
Multilink Frame Relay (FRF.16.1)How
Page 209 and 210:
Page 211 and 212:
Page 213 and 214:
Multilink Frame Relay (FRF.16.1)Con
Page 215 and 216:
Multilink Frame Relay (FRF.16.1)Com
Page 217 and 218:
Distributed Multilink Frame Relay (
Page 219 and 220:
Page 221 and 222:
Page 223 and 224:
Page 225 and 226:
Page 227 and 228:
Page 229 and 230:
Configuring Frame Relay-ATM Interwo
Page 231 and 232:
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Page 239 and 240:
Layer 2 Tunnel Protocol Version 3Fi
Page 241 and 242:
Supported Port Adapters for the Cis
Page 243 and 244:
• In OAM local emulation mode onl
Page 245 and 246:
Layer Frame Fragmentation Restricti
Page 247 and 248:
With ISIS packet fragmentation, ISI
Page 249 and 250:
• Policing on both Ethernet and A
Page 251 and 252:
L2TPv3 DecapsulationWhen an L2TPv3
Page 253 and 254:
• Configuring output access contr
Page 255 and 256:
Table 3Engine 5 Interfaces Supporte
Page 257 and 258:
Table 4L2TPv3 Features Supported in
Page 259 and 260:
Table 4L2TPv3 Features Supported in
Page 261 and 262:
Frame Relay-Specific Restrictions
Page 263 and 264:
• FRF.9 process switched payload
Page 265 and 266:
• Egress queueing is determined a
Page 267 and 268:
Information About Layer 2 Tunnel Pr
Page 269 and 270:
Benefits of Using L2TPv3L2TPv3 Simp
Page 271 and 272:
Static L2TPv3 SessionsTypically, th
Page 273 and 274:
L2TPv3 Type of Service MarkingKeepa
Page 275 and 276:
configured with the L2TPv3 Control
Page 277 and 278:
L2TPv3 Protocol DemultiplexingThe P
Page 279 and 280:
Supported L2TPv3 PayloadsL2TPv3 sup
Page 281 and 282:
CIR GuaranteesTo provide committed
Page 283 and 284:
Table 6Release Support for the ATM
Page 285 and 286:
Figure 3Protocol Demultiplexing of
Page 287 and 288:
This task configures a set of timin
Page 289 and 290:
Table 8Compatibility Matrix for L2T
Page 291 and 292:
Step 5Step 6Command or Actionpasswo
Page 293 and 294:
Step 5Step 6Command or Actiondigest
Page 295 and 296:
Step 6Step 7Command or Actionshow l
Page 297 and 298:
For simple L2TPv3 signaling configu
Page 299 and 300:
Step 7Step 8Step 9Step 10Command or
Page 301 and 302:
Step 3Step 4Command or Actioninterf
Page 303 and 304:
Step 5Step 6Step 7Step 8Command or
Page 305 and 306:
Configuring the Xconnect Attachment
Page 307 and 308:
DETAILED STEPSStep 1Step 2Command o
Page 309 and 310:
Step 5Step 6Command or Actioncell-p
Page 311 and 312:
Configuring VC Mode ATM Cell Packin
Page 313 and 314:
Configuring ATM AAL5 SDU Mode over
Page 315 and 316:
Page 317 and 318:
Page 319 and 320:
Page 321 and 322:
Configuring Protocol Demultiplexing
Page 323 and 324:
Step 3Command or Actioninterface ty
Page 325 and 326:
Step 7Step 8Command or Actionxconne
Page 327 and 328:
DETAILED STEPSStep 1Step 2enableExa
Page 329 and 330:
Configuring a Negotiated L2TPv3 Ses
Page 331 and 332:
Configuring L2TPv3 Control Channel
Page 333 and 334:
Configuring ATM Single Cell Relay V
Page 335 and 336:
encapsulation aal5!interface atm 1/
Page 337 and 338:
Verifying OAM Local Emulation for A
Page 339 and 340:
Configuring QoS for L2TPv3 on the C
Page 341 and 342:
encapsulation frame-relayframe-rela
Page 343 and 344:
Note that the sample output policy
Page 345 and 346:
Configuring a QoS Policy for Commit
Page 347 and 348:
!interface Serial0/0.1/1:11encapsul
Page 349 and 350:
Technical AssistanceDescriptionThe
Page 351 and 352:
Table 912.0(24)S112.0(27)S12.0(28)S
Page 353 and 354:
Table 9Feature Information for Laye
Page 355 and 356:
MTU—maximum transmission unit. Ma
Page 357 and 358:
Configuring SMDSSMDS Hardware Requi
Page 359 and 360:
Configuring SMDSEnabling SMDS on th
Page 361 and 362:
Configuring SMDSEnabling SMDS on th
Page 363 and 364:
Configuring SMDSCustomizing Your SM
Page 365 and 366:
Configuring SMDSCustomizing Your SM
Page 367 and 368:
Configuring SMDSSMDS Configuration
Page 369 and 370:
Page 371 and 372:
Page 373:
Configuring X.25 and LAPB
Page 376 and 377:
LAPB OverviewConfiguring X.25 and L
Page 378 and 379:
LAPB Configuration Task ListConfigu
Page 380 and 381:
X.25 Configuration Task ListConfigu
Page 382 and 383:
Page 384 and 385:
Page 386 and 387:
Page 388 and 389:
Configuring Additional X.25 Interfa
Page 390 and 391:
Configuring Additional X.25 Interfa
Page 392 and 393:
Configuring an X.25 Datagram Transp
Page 394 and 395:
Page 396 and 397:
Page 398 and 399:
Page 400 and 401:
Configuring Additional X.25 Datagra
Page 402 and 403:
Configuring Additional X.25 Datagra
Page 404 and 405:
Configuring X.25 RoutingConfiguring
Page 406 and 407:
Configuring X.25 RoutingConfiguring
Page 408 and 409:
Configuring Additional X.25 Routing
Page 410 and 411:
Configuring Additional X.25 Routing
Page 412 and 413:
Configuring DNS-Based X.25 RoutingC
Page 414 and 415:
Configuring DNS-Based X.25 RoutingC
Page 416 and 417:
Configuring X.25 over Frame Relay (
Page 418 and 419:
Configuring Priority Queueing or Cu
Page 420 and 421:
Configuring X.25 Closed User Groups
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Configuring DDN or BFE X.25Configur
Page 430 and 431:
Configuring DDN or BFE X.25Configur
Page 432 and 433:
Configuring X.25 Remote Failure Det
Page 434 and 435:
Creating X.29 Access ListsConfiguri
Page 436 and 437:
X.25 and LAPB Configuration Example
Page 438 and 439:
Page 440 and 441:
Page 442 and 443:
Page 444 and 445:
Page 446 and 447:
Page 448 and 449:
Page 450 and 451:
Page 452 and 453:
Page 454 and 455:
Page 456 and 457:
Page 458 and 459: X.25 and LAPB Configuration Example
Page 460 and 461: Feature OverviewTerminal Line Secur
Page 462 and 463: Feature OverviewTerminal Line Secur
Page 464 and 465: Supported PlatformsTerminal Line Se
Page 466 and 467: Configuration TasksTerminal Line Se
Page 468 and 469: Command ReferenceTerminal Line Secu
Page 470 and 471: GlossaryTerminal Line Security for
Page 472 and 473: Supported PlatformsX.25 Annex G Ses
Page 474 and 475: Command ReferenceX.25 Annex G Sessi
Page 476 and 477: Feature OverviewX.25 Dual Serial Li
Page 478 and 479: Supported PlatformsX.25 Dual Serial
Page 480 and 481: Configuration TasksX.25 Dual Serial
Page 482 and 483: Command ReferenceX.25 Dual Serial L
Page 484 and 485: GlossaryX.25 Dual Serial Line Manag
Page 486 and 487: Feature OverviewX.25 over TCP Profi
Page 488 and 489: Supported PlatformsX.25 over TCP Pr
Page 490 and 491: Configuration TasksX.25 over TCP Pr
Page 492 and 493: Command ReferenceX.25 over TCP Prof
Page 494 and 495: GlossaryX.25 over TCP Profiles10
Page 496 and 497: When to Use Record Boundary Preserv
Page 498 and 499: Restrictions• X.25 connections wi
Page 500 and 501: CommandRouter(config-if)# x25 pvc c
Page 502 and 503: successfully completed, the TCP con
Page 504 and 505: • PVC Configured to Use RBP for I
Page 506 and 507: X.121—ITU-T standard describing a
Page 510 and 511: How to Suppress the X.25 Security S
Page 512 and 513: Configuration Example for Suppressi
Page 514 and 515: Command ReferenceX.25 Suppression o
Page 516 and 517: Information About X.25 Call Confirm
Page 518 and 519: How to Configure X.25 Call Confirm
Page 520 and 521: Additional ReferencesX.25 Call Conf
Page 522 and 523: Command ReferenceX.25 Call Confirm
Page 524 and 525: Displaying the Contents of X.25 Pac
Page 526 and 527: Command ReferenceX.25 Data Display
Page 528 and 529: Information About X.25 Version Conf
Page 536 and 537: How to Specify the X.25 VersionX.25
Page 538 and 539: Configuration Examples for X.25 Ver
Page 540 and 541: Additional ReferencesX.25 Version C
Page 542 and 543: Command ReferenceX.25 Version Confi
Page 544 and 545: ContentsX.25 Station Type for ISDN
Page 546 and 547: How to Configure X.25 Encapsulation
Page 548 and 549: Additional ReferencesX.25 Station T
Page 550 and 551: Command ReferenceX.25 Station Type
Page 553 and 554: Frame Relay-ATM Interworking Suppor
Page 555 and 556: X.25 Facility HandlingThis appendix
Page 557 and 558: X.25 Facility HandlingX.25 Facility
show all

Cisco IOS Wide-Area Networking Configuration Guide - Free Books

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?