Académique Documents
Professionnel Documents
Culture Documents
25 BFE Encapsulation
Document ID: 18326
Introduction
Prerequisites
Requirements
Components Used
Conventions
Background Information
X.25 BFE Address Translation
Configure
Network Diagram
Configurations
Verify
Troubleshoot
Troubleshooting Commands
Related Information
Introduction
This document provides a sample configuration for using Blacker Front End (BFE) encapsulation to connect a
router to a BFE device.
Note: Cisco routers are not responsible for any encryption, and do not maintain any aspect of the encryption.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on these software and hardware versions:
The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make sure
that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to Cisco Technical Tips Conventions.
Background Information
Let us look at a sample setup:
In X.25 BFE encapsulation, the IP translation to X.25 is different from Defense Data Network (DDN).
Additionally, when a BFE device loses connectivity to the servers in the network, it can enter an "emergency
mode".
As well as encrypting the data flowing from RouterA to RouterB, the BFE device contacts access control
decisions (ACC) to maintain access securities. For example, if a host on RouterA needs to talk to a host on
RouterB the BFE checks if this access can be granted through the information that can be obtained from the
ACC. The BFE maintains encryption and the keys needed for this are provided by the Key Distribution Center
(KDC).
Cisco IOS® Software Releases 11.2 and later are BFE compliant. You can see this by looking at the show
version command output.
Example:
traxbol#show version
IOS (tm) 2500 Software (C2500−JS−L), Version 11.2(24), RELEASE SOFTWARE (fc1)
Copyright (c) 1986−2000 by cisco Systems, Inc.
Compiled Wed 04−Oct−00 18:33 by leccese
Image text−base: 0x00001448, data−base: 0x00769E98
ROM: System Bootstrap, Version 11.0(10c), SOFTWARE
BOOTFLASH: 3000 Bootstrap Software (IGS−BOOT−R), Version 11.0(10c),
RELEASE SOFTWARE (fc1)
traxbol uptime is 2 days, 1 hour, 54 minutes
System restarted by reload
System image file is "c2500−js−l.112−24", booted via tftp from 10.48.92.61
cisco 2520 (68030) processor (revision M) with 14336K/2048K bytes of memory.
Processor board ID 06168038, with hardware revision 00000003
Bridging software.
SuperLAT software copyright 1990 by Meridian Technology Corp).
If BFE loses access to ACC or KDC, an emergency mode is available. The host (in our case the router) is
notified by the BFE that it is entering the emergency mode, so the host can take action. The host can take one
of the following three possible actions:
• The router always enters emergency mode.
• The router takes a decision when emergency mode is reached.
• The router never uses emergency mode.
If the router needs to take a decision (the second option above) there are three further possibilities:
ZZZZZpDDDBBB
where:
ZZZZZ = 00000
p = Port ID
DDD = Domain
BBB = BFE ID
where:
Z = 0
PPP = port ID
DDDDDDDDDD = domain
BBBBBBBBBBB = BFE ID
Example:
Ip address = 21.126.159.120
Configure
In this section, you are presented with the information to configure the features described in this document.
Note: To find additional information on the commands used in this document, use the Command Lookup
Tool ( registered customers only) .
Network Diagram
This document uses this network setup:
Configurations
This document uses these configurations:
ip mtu 896
encapsulation x25 bfe
no ip mroute−cache
x25 address 000000000001
Troubleshoot
This section provides information you can use to troubleshoot your configuration.
Troubleshooting Commands
Certain show commands are supported by the Output Interpreter Tool ( registered customers only) , which allows
you to view an analysis of show command output.
Note: Before issuing debug commands, refer to Important Information on Debug Commands.
!−−− As in DDN, when you issue a ping, the x25 address is calculated.
!−−− There is no need for a map. Also notice that DDN facilities are used,
!−−− because even if we are connecting through a BFE, the network is still DDN.
Related Information
• WAN Technology Support Pages
• Technical Support − Cisco Systems