X.

25 BFE Encapsulation
Document ID: 18326

Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Information
X.25 BFE Address Translation
Configure
Network Diagram
Configurations
Verify
Troubleshoot
Troubleshooting Commands
Related Information

Introduction
This document provides a sample configuration for using Blacker Front End (BFE) encapsulation to connect a
router to a BFE device.

Note: Cisco routers are not responsible for any encryption, and do not maintain any aspect of the encryption.

Prerequisites
Requirements
There are no specific requirements for this document.

Components Used
The information in this document is based on these software and hardware versions:

• Two Cisco 2500 routers.

• Cisco IOS® Software Release 11.2(24).

The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.

Conventions
For more information on document conventions, refer to Cisco Technical Tips Conventions.

Background Information
Let us look at a sample setup:
In X.25 BFE encapsulation, the IP translation to X.25 is different from Defense Data Network (DDN).
Additionally, when a BFE device loses connectivity to the servers in the network, it can enter an "emergency
mode".

As well as encrypting the data flowing from RouterA to RouterB, the BFE device contacts access control
decisions (ACC) to maintain access securities. For example, if a host on RouterA needs to talk to a host on
RouterB the BFE checks if this access can be granted through the information that can be obtained from the
ACC. The BFE maintains encryption and the keys needed for this are provided by the Key Distribution Center
(KDC).

Cisco IOS® Software Releases 11.2 and later are BFE compliant. You can see this by looking at the show
version command output.

Example:

traxbol#show version
IOS (tm) 2500 Software (C2500−JS−L), Version 11.2(24), RELEASE SOFTWARE (fc1)
Copyright (c) 1986−2000 by cisco Systems, Inc.
Compiled Wed 04−Oct−00 18:33 by leccese
Image text−base: 0x00001448, data−base: 0x00769E98
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS−BOOT−R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)
traxbol uptime is 2 days, 1 hour, 54 minutes
System restarted by reload
System image file is "c2500−js−l.112−24", booted via tftp from 10.48.92.61
cisco 2520 (68030) processor (revision M) with 14336K/2048K bytes of memory.
Processor board ID 06168038, with hardware revision 00000003
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp).

X.25 software, Version 2.0, NET2, BFE and GOSIP compliant.

!−−− We can see BFE compliance here.

TN3270 Emulation software.

Basic Rate ISDN software, Version 1.0.
1 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
2 Low−speed serial(sync/async) network interface(s)
1 ISDN Basic Rate interface(s)
32K bytes of non−volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102

If BFE loses access to ACC or KDC, an emergency mode is available. The host (in our case the router) is
notified by the BFE that it is entering the emergency mode, so the host can take action. The host can take one
of the following three possible actions:
 • The router always enters emergency mode.
• The router takes a decision when emergency mode is reached.
• The router never uses emergency mode.

If the router needs to take a decision (the second option above) there are three further possibilities:

• It asks the prompt administrator for emergency mode decision.

• No: Router will not participate in emergency mode decision.
• Yes: Router will participate in emergency mode decision.

X.25 BFE Address Translation

The translation from IP to X.121 addresses when using BFE encapsulation is different from DDN
encapsulation. BFE only supports translation for class A networks. The calculation of the X121 address is
done automatically, as for DDN, but uses another claculation to define the X.121 BFE address:

The X.121 BFE address takes the following format:

ZZZZZpDDDBBB

where:

ZZZZZ = 00000
p = Port ID
DDD = Domain
BBB = BFE ID

The IP address takes the following format:

where:

Z = 0
PPP = port ID
DDDDDDDDDD = domain
BBBBBBBBBBB = BFE ID

Example:

Ip address = 21.126.159.120

We take the last 24 bits as follows:

0 111 1110100111 1101111000

Z P D B
x121 BFE address is = 000007935888

Configure
In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup
Tool ( registered customers only) .
Network Diagram
This document uses this network setup:

Configurations
This document uses these configurations:

• GOYA (Cisco 2500 Router)

• TRAXBOL (Cisco 2500 Router)

GOYA (Cisco 2500 Router)

interface Serial1

!−−− ip address should be in class A

ip address 10.0.0.1 255.255.255.0

no ip directed−broadcast

!−−− Maximum transmission unit (MTU) is set to 896 automatically

required for BFE

ip mtu 896
encapsulation x25 bfe
no ip mroute−cache
x25 address 000000000001

!−−− The router participates in the emergency but makes a decision

x25 bfe−emergency decision

!−−− The router always goes into emergency mode

x25 bfe−decision yes

!−−− Remote red host is 10.0.0.3, remote black is the router on

the black network

x25 remote−red 10.0.0.3 remote−black 10.0.0.2

TRAXBOL (Cisco 2500 Router)

interface Serial1
description connection to x25 via bfe
ip address 10.0.0.2 255.255.255.0
ip mtu 896
encapsulation x25 bfe
no ip mroute−cache
x25 address 000000000002
x25 bfe−emergency always
Verify
There is currently no verification procedure available for this configuration.

Troubleshoot
This section provides information you can use to troubleshoot your configuration.

Troubleshooting Commands
Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows
you to view an analysis of show command output.

Note: Before issuing debug commands, refer to Important Information on Debug Commands.

• pingchecks whether a device is operating, and if network connections are intact.

• debug x25 eventsdisplays information about X.25 traffic in privileged EXEC mode.

Start a ping command from goya to traxbol:

Type escape sequence to abort.

Sending 5, 100−byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round−trip min/avg/max = 72/84/132 ms
goya#

!−−− As in DDN, when you issue a ping, the x25 address is calculated.
!−−− There is no need for a map. Also notice that DDN facilities are used,
!−−− because even if we are connecting through a BFE, the network is still DDN.

Output from debug x25 events on goya is as follows:

*Mar 3 16:21:23.924: Serial1: X25 O P2 CALL REQUEST (22) 8 lci 1024

*Mar 3 16:21:23.928: From(12): 000000000001 To(12): 000000000002
*Mar 3 16:21:23.928: Facilities: (4)
*Mar 3 16:21:23.932: Local facility marker
*Mar 3 16:21:23.932: DDN standard service
*Mar 3 16:21:23.932: Call User Data (1): 0xCC (ip)
*Mar 3 16:21:23.980: Serial1: X25 I P2 CALL CONNECTED (5) 8 lci 1024
*Mar 3 16:21:23.980: From(0): To(0):
*Mar 3 16:21:23.984: Facilities: (0)

Output from debug x25 events on traxbol is as follows:

*Mar 4 00:06:17.686: Serial1: X25 I P1 CALL REQUEST (22) 8 lci 1

*Mar 4 00:06:17.690: From(12): 000000000001 To(12): 000000000002
*Mar 4 00:06:17.690: Facilities: (4)
*Mar 4 00:06:17.694: Local facility marker
*Mar 4 00:06:17.694: DDN standard service
*Mar 4 00:06:17.694: Call User Data (1): 0xCC (ip)
*Mar 4 00:06:17.698: Serial1: X25 O P4 CALL CONNECTED (5) 8 lci 1
*Mar 4 00:06:17.702: From(0): To(0):
*Mar 4 00:06:17.702: Facilities: (0)
*Mar 4 00:06:17.746: Serial1: X25 I P4 DATA (103) 8 lci 1 PS 0 PR 0
*Mar 4 00:06:17.750: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 0 PR 1
*Mar 4 00:06:17.822: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 1 PR 1
*Mar 4 00:06:17.826: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 1 PR 2
*Mar 4 00:06:17.902: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 2 PR 2
 *Mar 4 00:06:17.906: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 2 PR 3
*Mar 4 00:06:17.978: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 3 PR 3
*Mar 4 00:06:17.982: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 3 PR 4
*Mar 4 00:06:18.050: Serial1: X25 I D1 DATA (103) 8 lci 1 PS 4 PR 4
*Mar 4 00:06:18.058: Serial1: X25 O D1 DATA (103) 8 lci 1 PS 4 PR 5

Related Information
• WAN Technology Support Pages
• Technical Support − Cisco Systems

Contacts & Feedback | Help | Site Map

© 2009 − 2010 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of
Cisco Systems, Inc.

Updated: Jun 01, 2005 Document ID: 18326