|
Hi,
laforge kindly referred me to this list as we chatted about my interest in X.25.? To get started, I have set up a virtual Cisco router using dynamips and configured it for xot according to the document.? I also added myself there.? I tried connecting to the systems that are listed there, but none of them responded to X.25 connection requests.? None of the gateway TCP ports (1998) in the list responded either.? Maybe I'm doing something wrong, but is any of you still interested in this?
My longer-term plan is to get my VAX 4000-600 running VMS 5.5-2H4 and VAX P.S.I. connected to the network.
Thanks,
Hans
|
Hi Hans, ? My system is listed but I no longer have the node turned on. ? I guess there just isn’t quite the critical mass yet. ? John ?
toggle quoted message
Show quoted text
From: [email protected] < [email protected]> On Behalf Of hans.huebner@... Sent: Thursday, April 6, 2023 2:28 AM To: [email protected]Subject: [X.25] TELEBAHN still there ? Hi,
laforge kindly referred me to this list as we chatted about my interest in X.25.? To get started, I have set up a virtual Cisco router using dynamips and configured it for xot according to the document.? I also added myself there.? I tried connecting to the systems that are listed there, but none of them responded to X.25 connection requests.? None of the gateway TCP ports (1998) in the list responded either.? Maybe I'm doing something wrong, but is any of you still interested in this?
My longer-term plan is to get my VAX 4000-600 running VMS 5.5-2H4 and VAX P.S.I. connected to the network.
Thanks,
Hans
|
I finally decided to add mine, just a pile of old Cisco routers to poke around (though at the moment I'm not sure if the telebahn x.25 profile is set up right, as so far I've been only playing with serial links between identical systems).
Hi,
laforge kindly referred me to this list as we chatted about my interest in X.25.? To get started, I have set up a virtual Cisco router using dynamips and configured it for xot according to the document.? I also added myself there.? I tried connecting to the systems that are listed there, but none of them responded to X.25 connection requests.? None of the gateway TCP ports (1998) in the list responded either.? Maybe I'm doing something wrong, but is any of you still interested in this?
My longer-term plan is to get my VAX 4000-600 running VMS 5.5-2H4 and VAX P.S.I. connected to the network.
Thanks,
Hans
|
Hello Hans,
I've had my X.25 router at th1cc.net shut down for a while, but I'll probably have time to put it back on the net this weekend.
Meghan
------- Original Message -------
On Wednesday, April 5th, 2023 at 11:27 PM, hans.huebner@... <hans.huebner@...> wrote:
Hi,
laforge kindly referred me to this list as we chatted about my interest in X.25.? To get started, I have set up a virtual Cisco router using dynamips and configured it for xot according to the document.? I also added myself there.? I tried connecting to the systems that are listed there, but none of them responded to X.25 connection requests.? None of the gateway TCP ports (1998) in the list responded either.? Maybe I'm doing something wrong, but is any of you still interested in this?
My longer-term plan is to get my VAX 4000-600 running VMS 5.5-2H4 and VAX P.S.I. connected to the network.
Thanks,
Hans
|
Thanks for getting back, folks. I'll be poking around again tomorrow,? would be nice to get a connection up from my virtual Cisco 7200. Getting the VAX online will take a little longer.
Cheers,? Hans
|
Am Fr., 7. Apr. 2023 um 07:36?Uhr schrieb Mantas Mikul?nas < grawity@...>: I finally decided to add mine, just a pile of old Cisco routers to poke around (though at the moment I'm not sure if the telebahn x.25 profile is set up right, as so far I've been only playing with serial links between identical systems)
Thank you for setting that up!? I could successfully connect to?14704100 after I had tweaked my configuration.? ?Would you be willing to share your configuration?? I could not quite figure out how to enable inbound X.29 connections to the router itself.
|
On Sun, Apr 09, 2023 at 01:00:23PM +0300, Mantas Mikul?nas wrote: On Sun, Apr 09, 2023 at 10:17:48AM +0200, Hans Hübner wrote:
Am Fr., 7. Apr. 2023 um 07:36?Uhr schrieb Mantas Mikul?nas <grawity@...>:
I finally decided to add mine, just a pile of old Cisco routers to poke
around (though at the moment I'm not sure if the telebahn x.25 profile is
set up right, as so far I've been only playing with serial links between
identical systems)
Thank you for setting that up!? I could successfully connect to?14704100 after
I had tweaked my configuration.? ?Would you be willing to share your
configuration?? I could not quite figure out how to enable inbound X.29
connections to the router itself. As far as I could figure out (IOS documentation is *really* scattered):
- "x25 routing" implicitly enables inbound XOT connections in general
(starts listening on TCP port 1998). However, if you define a profile
and associate it with "xot access-group...", then only connections
matching one of the access-lists will be allowed, so make sure the
access-list in question has "permit any".
- "service pad from-xot" is required to allow the router itself to
accept PAD calls via XOT (the default is only to route calls onward),
but the router still needs to be told what its X.121 address is.
(Without an address it won't know what calls are "local".)
- For physical X.25 interfaces, like Serial0/0, "x25 address" can be
set per-interface to define the router's own X.121 address, though of
course not for XOT since there's no interface.
interface Serial0/0
x25 address 147041
(It's enough to dial "pad 147041", not necessarily 14704100.)
- If you have an "x25 profile TELEBAHN dxe" associated to XOT, you can
define the local X.121 address as "x25 address" under that profile:
x25 profile TELEBAHN dxe
x25 address 147041
access-list 10 permit any
xot access-group 10 profile TELEBAHN
So instead of e.g. incoming calls via Serial0/0 being matched against
that interface's address, you have incoming calls from 'any' IP being
matched against the profile's address. Oh right, and if you have an "x25 profile" associated with Serial0/0, then you can probably define the "x25 address" under that profile as well, just like for XOT. The "lab" has a stack of three Cisco1760's connected via serial, I have not done anything special to make PAD calls between them -- just define the routers' local addresses as above, and add "x25 route" entries via Serial0/0 or whatever is appropriate. (From what I remember, things *stopped* working once I tried to apply the TELEBAHN profile...) interface Serial0/0 description "Connected to Cisco1760-mid Serial0/0" encapsulation x25 dce clockrate 64000 no ip address x25 address 147041 x25 route ^147042 interface Serial0/0 x25 route ^147043 interface Serial0/1 x25 route ^(...)(...) xot dns \2.\1.x25.org ! local host entry x25 host Cisco1760-top 147041 ! address book for 'pad' command x25 host mid 147042 x25 host btm 147043 -- Mantas Mikul?nas
|
On Sun, Apr 09, 2023 at 10:17:48AM +0200, Hans Hübner wrote: Am Fr., 7. Apr. 2023 um 07:36?Uhr schrieb Mantas Mikul?nas <grawity@...>:
I finally decided to add mine, just a pile of old Cisco routers to poke
around (though at the moment I'm not sure if the telebahn x.25 profile is
set up right, as so far I've been only playing with serial links between
identical systems)
Thank you for setting that up!? I could successfully connect to?14704100 after
I had tweaked my configuration.? ?Would you be willing to share your
configuration?? I could not quite figure out how to enable inbound X.29
connections to the router itself. As far as I could figure out (IOS documentation is *really* scattered): - "x25 routing" implicitly enables inbound XOT connections in general (starts listening on TCP port 1998). However, if you define a profile and associate it with "xot access-group...", then only connections matching one of the access-lists will be allowed, so make sure the access-list in question has "permit any". - "service pad from-xot" is required to allow the router itself to accept PAD calls via XOT (the default is only to route calls onward), but the router still needs to be told what its X.121 address is. (Without an address it won't know what calls are "local".) - For physical X.25 interfaces, like Serial0/0, "x25 address" can be set per-interface to define the router's own X.121 address, though of course not for XOT since there's no interface. interface Serial0/0 x25 address 147041 (It's enough to dial "pad 147041", not necessarily 14704100.) - If you have an "x25 profile TELEBAHN dxe" associated to XOT, you can define the local X.121 address as "x25 address" under that profile: x25 profile TELEBAHN dxe x25 address 147041 access-list 10 permit any xot access-group 10 profile TELEBAHN So instead of e.g. incoming calls via Serial0/0 being matched against that interface's address, you have incoming calls from 'any' IP being matched against the profile's address. - Finally, if there is *no* matching XOT profile (or no "x25 address" on the inbound Serial interface), then the local address seems to be determined by *resolving the router's own hostname*, either by looking for 'X25' records in DNS or an "x25 host" config (which is pretty much the IOS equivalent of /etc/hosts): hostname Cisco1470-top [...] x25 host Cisco1470-top 147041 If an XOT "x25 profile" is defined, then it seems the address *must* be set on that profile, and the host lookup is not used. (Yes, you can have X.25 addresses in DNS and use them in the IOS CLI, e.g. "pad cisco2.symlink.lt" will dial 147042, similar for static "x25 host" entries.) - This also defines the router's "calling" or "source" address it'll indicate for outbound calls (when they're routed via that interface or via XOT). Use "debug x25 all" (and "terminal monitor" to see debug via Telnet) to see a bit of what's happening when the router receives a PAD call. You could try to make a "pad" call from 147041 back to your own system, but I'll need to know the XOT hostname and add a route if it's not set up under x25.org yet. PAD logins use the same 'line vty' pool as Telnet logins: - Make sure your lines are not restricted to 'transport input telnet'. - One way to define custom "sub-addresses" (the trailing part after the router's own X.121 address, zero-padded by default) is to define "rotary <subaddress>" for a vty line. This grabs calls to 14704118 and routes them to somewhere boring: line vty 12 15 no login rotary 18 transport input pad autocommand telnet DuneGW.sym ! the username is 'guest' -- Mantas Mikul?nas
|
Hi Mantas,
thank you for the description of the xot configuration parameters.? With?that, I have been able to set up my virtual C7206 successfully and make an outbound connection to your router.? Back from your router to mine, I currently see
*Apr 10 09:55:42.353: [193.219.181.240,56402/,1998]: XOT I P/Inactive Call (21) 128 lci 1
*Apr 10 09:55:42.353: ? From (6): 603041 To (6): 230001
*Apr 10 09:55:42.353: ? Facilities: (6)
*Apr 10 09:55:42.353: ? ? Packet sizes: 1024 1024
*Apr 10 09:55:42.353: ? ? Window sizes: 15 15
*Apr 10 09:55:42.353: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 09:55:42.357: [193.219.181.240,56402/,1998]: XOT O P3 Call Confirm (11) 128 lci 1
*Apr 10 09:55:42.357: ? From (0): ?To (0):
*Apr 10 09:55:42.357: ? Facilities: (6)
*Apr 10 09:55:42.357: ? ? Packet sizes: 1024 1024
*Apr 10 09:55:42.357: ? ? Window sizes: 15 15
*Apr 10 09:55:42.421: [193.219.181.240,56402/,1998]: XOT I P4 Clear (5) 128 lci 1
*Apr 10 09:55:42.425: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
This is probably because I have not managed to apply the TELEBAHN profile to my inbound listener yet.? Still testing.
-Hans Am So., 9. Apr. 2023 um 21:31?Uhr schrieb Mantas Mikul?nas < grawity@...>:
On Sun, Apr 09, 2023 at 01:00:23PM +0300, Mantas Mikul?nas wrote:
> On Sun, Apr 09, 2023 at 10:17:48AM +0200, Hans Hübner wrote:
> > Am Fr., 7. Apr. 2023 um 07:36?Uhr schrieb Mantas Mikul?nas <grawity@...>:
> >
> >? ? ?I finally decided to add mine, just a pile of old Cisco routers to poke
> >? ? ?around (though at the moment I'm not sure if the telebahn x.25 profile is
> >? ? ?set up right, as so far I've been only playing with serial links between
> >? ? ?identical systems)
> >
> >
> > Thank you for setting that up!? I could successfully connect to?14704100 after
> > I had tweaked my configuration.? ?Would you be willing to share your
> > configuration?? I could not quite figure out how to enable inbound X.29
> > connections to the router itself.
>
> As far as I could figure out (IOS documentation is *really* scattered):
>
>? - "x25 routing" implicitly enables inbound XOT connections in general
>? ? (starts listening on TCP port 1998). However, if you define a profile
>? ? and associate it with "xot access-group...", then only connections
>? ? matching one of the access-lists will be allowed, so make sure the
>? ? access-list in question has "permit any".
>
>? - "service pad from-xot" is required to allow the router itself to
>? ? accept PAD calls via XOT (the default is only to route calls onward),
>? ? but the router still needs to be told what its X.121 address is.
>? ? (Without an address it won't know what calls are "local".)
>
>? - For physical X.25 interfaces, like Serial0/0, "x25 address" can be
>? ? set per-interface to define the router's own X.121 address, though of
>? ? course not for XOT since there's no interface.
>
>? ? ? interface Serial0/0
>? ? ? ? x25 address 147041
>
>? ? (It's enough to dial "pad 147041", not necessarily 14704100.)
>
>? - If you have an "x25 profile TELEBAHN dxe" associated to XOT, you can
>? ? define the local X.121 address as "x25 address" under that profile:
>
>? ? ? x25 profile TELEBAHN dxe
>? ? ? ? x25 address 147041
>? ? ? access-list 10 permit any
>? ? ? xot access-group 10 profile TELEBAHN
>
>? ? So instead of e.g. incoming calls via Serial0/0 being matched against
>? ? that interface's address, you have incoming calls from 'any' IP being
>? ? matched against the profile's address.
Oh right, and if you have an "x25 profile" associated with Serial0/0,
then you can probably define the "x25 address" under that profile as
well, just like for XOT.
The "lab" has a stack of three Cisco1760's connected via serial, I have
not done anything special to make PAD calls between them -- just define
the routers' local addresses as above, and add "x25 route" entries via
Serial0/0 or whatever is appropriate. (From what I remember, things
*stopped* working once I tried to apply the TELEBAHN profile...)
? interface Serial0/0
? ?description "Connected to Cisco1760-mid Serial0/0"
? ?encapsulation x25 dce
? ?clockrate 64000
? ?no ip address
? ?x25 address 147041
? x25 route ^147042 interface Serial0/0
? x25 route ^147043 interface Serial0/1
? x25 route ^(...)(...) xot dns \2.\
? ! local host entry
? x25 host Cisco1760-top 147041
? ! address book for 'pad' command
? x25 host mid 147042
? x25 host btm 147043
--
Mantas Mikul?nas
|
Hi Mantas,
thank you for the description of the xot configuration parameters.? With?that, I have been able to set up my virtual C7206 successfully and make an outbound connection to your router.? Back from your router to mine, I currently see
*Apr 10 09:55:42.353: [193.219.181.240,56402/,1998]: XOT I P/Inactive Call (21) 128 lci 1
*Apr 10 09:55:42.353: ? From (6): 603041 To (6): 230001
*Apr 10 09:55:42.353: ? Facilities: (6)
*Apr 10 09:55:42.353: ? ? Packet sizes: 1024 1024
*Apr 10 09:55:42.353: ? ? Window sizes: 15 15
*Apr 10 09:55:42.353: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 09:55:42.357: [193.219.181.240,56402/,1998]: XOT O P3 Call Confirm (11) 128 lci 1
*Apr 10 09:55:42.357: ? From (0): ?To (0):
*Apr 10 09:55:42.357: ? Facilities: (6)
*Apr 10 09:55:42.357: ? ? Packet sizes: 1024 1024
*Apr 10 09:55:42.357: ? ? Window sizes: 15 15
*Apr 10 09:55:42.421: [193.219.181.240,56402/,1998]: XOT I P4 Clear (5) 128 lci 1
*Apr 10 09:55:42.425: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
When I try calling 230001 from 147041 / 603041 (with the TELEBAHN XOT profile), I get the same – regarding window size specifically:
Apr 10 07:59:03.050: X.25 host name sent for DNS lookup is ""
Apr 10 07:59:03.062: DNS got X.25 host mapping for "" via network
Apr 10 07:59:03.146: [62.156.3.51,1998/,18420]: XOT O P2 Call (21) 128 lci 1024
Apr 10 07:59:03.146: ? From (6): 603041 To (6): 230001
Apr 10 07:59:03.146: ? Facilities: (6)
Apr 10 07:59:03.146: ? ? Packet sizes: 1024 1024
Apr 10 07:59:03.146: ? ? Window sizes: 15 15
Apr 10 07:59:03.150: ? Call User Data (4): 0x01000000 (pad)
Apr 10 07:59:03.222: [62.156.3.51,1998/,18420]: XOT I P2 Call Confirm (11) 128 lci 1024
Apr 10 07:59:03.222: ? From (0): ?To (0):
Apr 10 07:59:03.222: ? Facilities: (6)
Apr 10 07:59:03.222: ? ? Packet sizes: 1024 1024
Apr 10 07:59:03.222: ? ? Window sizes: 15 15
Apr 10 07:59:03.226: XOT Call Confirm packet, Bad value for facility, Window size is not within permitted range
Apr 10 07:59:03.226: [62.156.3.51,1998/,18420]: XOT O P2 Clear (5) 128 lci 1024
Apr 10 07:59:03.226: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
Apr 10 07:59:03.230: [62.156.3.51,1998/,18420]: XOT I P6 Data (5) Q 128 lci 1024 PS 0 PR 0
Apr 10 07:59:03.234: [62.156.3.51,1998/,18420]: XOT I P6 Data (46) 128 lci 1024 PS 1 PR 0
Apr 10 07:59:03.298: [62.156.3.51,1998/,18420]: XOT I P6 Clear Confirm (3) 128 lci 1024
From 147043 / 603043 (which has an outbound XOT route but without the profile), I could successfully dial 230001 and get at the IOS password prompt.
Don't forget to actually define "access-list 10 permit any", as having an "xot access-group" set will implicitly reject XOT connections that don't match any of the access groups. ?
This is probably because I have not managed to apply the TELEBAHN profile to my inbound listener yet.? Still testing.
-Hans
Am So., 9. Apr. 2023 um 21:31?Uhr schrieb Mantas Mikul?nas < grawity@...>: On Sun, Apr 09, 2023 at 01:00:23PM +0300, Mantas Mikul?nas wrote:
> On Sun, Apr 09, 2023 at 10:17:48AM +0200, Hans Hübner wrote:
> > Am Fr., 7. Apr. 2023 um 07:36?Uhr schrieb Mantas Mikul?nas <grawity@...>:
> >
> >? ? ?I finally decided to add mine, just a pile of old Cisco routers to poke
> >? ? ?around (though at the moment I'm not sure if the telebahn x.25 profile is
> >? ? ?set up right, as so far I've been only playing with serial links between
> >? ? ?identical systems)
> >
> >
> > Thank you for setting that up!? I could successfully connect to?14704100 after
> > I had tweaked my configuration.? ?Would you be willing to share your
> > configuration?? I could not quite figure out how to enable inbound X.29
> > connections to the router itself.
>
> As far as I could figure out (IOS documentation is *really* scattered):
>
>? - "x25 routing" implicitly enables inbound XOT connections in general
>? ? (starts listening on TCP port 1998). However, if you define a profile
>? ? and associate it with "xot access-group...", then only connections
>? ? matching one of the access-lists will be allowed, so make sure the
>? ? access-list in question has "permit any".
>
>? - "service pad from-xot" is required to allow the router itself to
>? ? accept PAD calls via XOT (the default is only to route calls onward),
>? ? but the router still needs to be told what its X.121 address is.
>? ? (Without an address it won't know what calls are "local".)
>
>? - For physical X.25 interfaces, like Serial0/0, "x25 address" can be
>? ? set per-interface to define the router's own X.121 address, though of
>? ? course not for XOT since there's no interface.
>
>? ? ? interface Serial0/0
>? ? ? ? x25 address 147041
>
>? ? (It's enough to dial "pad 147041", not necessarily 14704100.)
>
>? - If you have an "x25 profile TELEBAHN dxe" associated to XOT, you can
>? ? define the local X.121 address as "x25 address" under that profile:
>
>? ? ? x25 profile TELEBAHN dxe
>? ? ? ? x25 address 147041
>? ? ? access-list 10 permit any
>? ? ? xot access-group 10 profile TELEBAHN
>
>? ? So instead of e.g. incoming calls via Serial0/0 being matched against
>? ? that interface's address, you have incoming calls from 'any' IP being
>? ? matched against the profile's address.
Oh right, and if you have an "x25 profile" associated with Serial0/0,
then you can probably define the "x25 address" under that profile as
well, just like for XOT.
The "lab" has a stack of three Cisco1760's connected via serial, I have
not done anything special to make PAD calls between them -- just define
the routers' local addresses as above, and add "x25 route" entries via
Serial0/0 or whatever is appropriate. (From what I remember, things
*stopped* working once I tried to apply the TELEBAHN profile...)
? interface Serial0/0
? ?description "Connected to Cisco1760-mid Serial0/0"
? ?encapsulation x25 dce
? ?clockrate 64000
? ?no ip address
? ?x25 address 147041
? x25 route ^147042 interface Serial0/0
? x25 route ^147043 interface Serial0/1
? x25 route ^(...)(...) xot dns \2.\
? ! local host entry
? x25 host Cisco1760-top 147041
? ! address book for 'pad' command
? x25 host mid 147042
? x25 host btm 147043
--
Mantas Mikul?nas
|
Hi Mantas,
this is a bit puzzling:? If I make an outbound connection to?14704100 (on?193.219.181.219), the connection is established with the default parameters:
*Apr 10 10:54:10.993: [193.219.181.219,1998/,64238]: XOT O P2 Call (22) 8 lci 1024
*Apr 10 10:54:10.993: ? From (6): 230001 To (8): 14704100
*Apr 10 10:54:10.997: ? Facilities: (6)
*Apr 10 10:54:10.997: ? ? Packet sizes: 128 128
*Apr 10 10:54:10.997: ? ? Window sizes: 2 2
*Apr 10 10:54:10.997: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:54:11.077: [193.219.181.219,1998/,64238]: XOT I P2 Call Confirm (11) 8 lci 1024
*Apr 10 10:54:11.077: ? From (0): ?To (0):
*Apr 10 10:54:11.077: ? Facilities: (6)
*Apr 10 10:54:11.077: ? ? Packet sizes: 128 128
*Apr 10 10:54:11.077: ? ? Window sizes: 2 2
If I add the TELEBAHN profile to xot, however, the connection is refused:
*Apr 10 10:52:20.957: [193.219.181.219,1998/,35675]: XOT O P2 Call (22) 128 lci 1024
*Apr 10 10:52:20.957: ? From (6): 230001 To (8): 14704100
*Apr 10 10:52:20.957: ? Facilities: (6)
*Apr 10 10:52:20.957: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:20.957: ? ? Window sizes: 15 15
*Apr 10 10:52:20.957: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT I P2 Call Confirm (11) 128 lci 1024
*Apr 10 10:52:21.045: ? From (0): ?To (0):
*Apr 10 10:52:21.045: ? Facilities: (6)
*Apr 10 10:52:21.045: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:21.045: ? ? Window sizes: 15 15
*Apr 10 10:52:21.045: XOT Call Confirm packet, Bad value for facility, Window size is not within permitted range
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT O P2 Clear (5) 128 lci 1024
*Apr 10 10:52:21.045: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
It seems that the xot listener on?192.168.178.9 is not using the TELEBAHN profile, but I'm not sure as I'm still very new to this.
I'm wondering why it was decided to have non-standard packet and window sizes in the first place?? I understand that they improve performance, but that's not really the point of TELEBAHN or is it? :) Am Mo., 10. Apr. 2023 um 10:18?Uhr schrieb Mantas Mikul?nas < grawity@...>:
Hi Mantas,
thank you for the description of the xot configuration parameters.? With?that, I have been able to set up my virtual C7206 successfully and make an outbound connection to your router.? Back from your router to mine, I currently see
*Apr 10 09:55:42.353: [193.219.181.240,56402/,1998]: XOT I P/Inactive Call (21) 128 lci 1
*Apr 10 09:55:42.353: ? From (6): 603041 To (6): 230001
*Apr 10 09:55:42.353: ? Facilities: (6)
*Apr 10 09:55:42.353: ? ? Packet sizes: 1024 1024
*Apr 10 09:55:42.353: ? ? Window sizes: 15 15
*Apr 10 09:55:42.353: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 09:55:42.357: [193.219.181.240,56402/,1998]: XOT O P3 Call Confirm (11) 128 lci 1
*Apr 10 09:55:42.357: ? From (0): ?To (0):
*Apr 10 09:55:42.357: ? Facilities: (6)
*Apr 10 09:55:42.357: ? ? Packet sizes: 1024 1024
*Apr 10 09:55:42.357: ? ? Window sizes: 15 15
*Apr 10 09:55:42.421: [193.219.181.240,56402/,1998]: XOT I P4 Clear (5) 128 lci 1
*Apr 10 09:55:42.425: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
When I try calling 230001 from 147041 / 603041 (with the TELEBAHN XOT profile), I get the same – regarding window size specifically:
Apr 10 07:59:03.050: X.25 host name sent for DNS lookup is ""
Apr 10 07:59:03.062: DNS got X.25 host mapping for "" via network
Apr 10 07:59:03.146: [62.156.3.51,1998/,18420]: XOT O P2 Call (21) 128 lci 1024
Apr 10 07:59:03.146: ? From (6): 603041 To (6): 230001
Apr 10 07:59:03.146: ? Facilities: (6)
Apr 10 07:59:03.146: ? ? Packet sizes: 1024 1024
Apr 10 07:59:03.146: ? ? Window sizes: 15 15
Apr 10 07:59:03.150: ? Call User Data (4): 0x01000000 (pad)
Apr 10 07:59:03.222: [62.156.3.51,1998/,18420]: XOT I P2 Call Confirm (11) 128 lci 1024
Apr 10 07:59:03.222: ? From (0): ?To (0):
Apr 10 07:59:03.222: ? Facilities: (6)
Apr 10 07:59:03.222: ? ? Packet sizes: 1024 1024
Apr 10 07:59:03.222: ? ? Window sizes: 15 15
Apr 10 07:59:03.226: XOT Call Confirm packet, Bad value for facility, Window size is not within permitted range
Apr 10 07:59:03.226: [62.156.3.51,1998/,18420]: XOT O P2 Clear (5) 128 lci 1024
Apr 10 07:59:03.226: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
Apr 10 07:59:03.230: [62.156.3.51,1998/,18420]: XOT I P6 Data (5) Q 128 lci 1024 PS 0 PR 0
Apr 10 07:59:03.234: [62.156.3.51,1998/,18420]: XOT I P6 Data (46) 128 lci 1024 PS 1 PR 0
Apr 10 07:59:03.298: [62.156.3.51,1998/,18420]: XOT I P6 Clear Confirm (3) 128 lci 1024
From 147043 / 603043 (which has an outbound XOT route but without the profile), I could successfully dial 230001 and get at the IOS password prompt.
Don't forget to actually define "access-list 10 permit any", as having an "xot access-group" set will implicitly reject XOT connections that don't match any of the access groups. ?
This is probably because I have not managed to apply the TELEBAHN profile to my inbound listener yet.? Still testing.
-Hans
Am So., 9. Apr. 2023 um 21:31?Uhr schrieb Mantas Mikul?nas < grawity@...>: On Sun, Apr 09, 2023 at 01:00:23PM +0300, Mantas Mikul?nas wrote:
> On Sun, Apr 09, 2023 at 10:17:48AM +0200, Hans Hübner wrote:
> > Am Fr., 7. Apr. 2023 um 07:36?Uhr schrieb Mantas Mikul?nas <grawity@...>:
> >
> >? ? ?I finally decided to add mine, just a pile of old Cisco routers to poke
> >? ? ?around (though at the moment I'm not sure if the telebahn x.25 profile is
> >? ? ?set up right, as so far I've been only playing with serial links between
> >? ? ?identical systems)
> >
> >
> > Thank you for setting that up!? I could successfully connect to?14704100 after
> > I had tweaked my configuration.? ?Would you be willing to share your
> > configuration?? I could not quite figure out how to enable inbound X.29
> > connections to the router itself.
>
> As far as I could figure out (IOS documentation is *really* scattered):
>
>? - "x25 routing" implicitly enables inbound XOT connections in general
>? ? (starts listening on TCP port 1998). However, if you define a profile
>? ? and associate it with "xot access-group...", then only connections
>? ? matching one of the access-lists will be allowed, so make sure the
>? ? access-list in question has "permit any".
>
>? - "service pad from-xot" is required to allow the router itself to
>? ? accept PAD calls via XOT (the default is only to route calls onward),
>? ? but the router still needs to be told what its X.121 address is.
>? ? (Without an address it won't know what calls are "local".)
>
>? - For physical X.25 interfaces, like Serial0/0, "x25 address" can be
>? ? set per-interface to define the router's own X.121 address, though of
>? ? course not for XOT since there's no interface.
>
>? ? ? interface Serial0/0
>? ? ? ? x25 address 147041
>
>? ? (It's enough to dial "pad 147041", not necessarily 14704100.)
>
>? - If you have an "x25 profile TELEBAHN dxe" associated to XOT, you can
>? ? define the local X.121 address as "x25 address" under that profile:
>
>? ? ? x25 profile TELEBAHN dxe
>? ? ? ? x25 address 147041
>? ? ? access-list 10 permit any
>? ? ? xot access-group 10 profile TELEBAHN
>
>? ? So instead of e.g. incoming calls via Serial0/0 being matched against
>? ? that interface's address, you have incoming calls from 'any' IP being
>? ? matched against the profile's address.
Oh right, and if you have an "x25 profile" associated with Serial0/0,
then you can probably define the "x25 address" under that profile as
well, just like for XOT.
The "lab" has a stack of three Cisco1760's connected via serial, I have
not done anything special to make PAD calls between them -- just define
the routers' local addresses as above, and add "x25 route" entries via
Serial0/0 or whatever is appropriate. (From what I remember, things
*stopped* working once I tried to apply the TELEBAHN profile...)
? interface Serial0/0
? ?description "Connected to Cisco1760-mid Serial0/0"
? ?encapsulation x25 dce
? ?clockrate 64000
? ?no ip address
? ?x25 address 147041
? x25 route ^147042 interface Serial0/0
? x25 route ^147043 interface Serial0/1
? x25 route ^(...)(...) xot dns \2.\
? ! local host entry
? x25 host Cisco1760-top 147041
? ! address book for 'pad' command
? x25 host mid 147042
? x25 host btm 147043
--
Mantas Mikul?nas
|
Hi Mantas,
this is a bit puzzling:? If I make an outbound connection to?14704100 (on?193.219.181.219), the connection is established with the default parameters:
*Apr 10 10:54:10.993: [193.219.181.219,1998/,64238]: XOT O P2 Call (22) 8 lci 1024
*Apr 10 10:54:10.993: ? From (6): 230001 To (8): 14704100
*Apr 10 10:54:10.997: ? Facilities: (6)
*Apr 10 10:54:10.997: ? ? Packet sizes: 128 128
*Apr 10 10:54:10.997: ? ? Window sizes: 2 2
*Apr 10 10:54:10.997: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:54:11.077: [193.219.181.219,1998/,64238]: XOT I P2 Call Confirm (11) 8 lci 1024
*Apr 10 10:54:11.077: ? From (0): ?To (0):
*Apr 10 10:54:11.077: ? Facilities: (6)
*Apr 10 10:54:11.077: ? ? Packet sizes: 128 128
*Apr 10 10:54:11.077: ? ? Window sizes: 2 2
If I add the TELEBAHN profile to xot, however, the connection is refused:
*Apr 10 10:52:20.957: [193.219.181.219,1998/,35675]: XOT O P2 Call (22) 128 lci 1024
*Apr 10 10:52:20.957: ? From (6): 230001 To (8): 14704100
*Apr 10 10:52:20.957: ? Facilities: (6)
*Apr 10 10:52:20.957: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:20.957: ? ? Window sizes: 15 15
*Apr 10 10:52:20.957: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT I P2 Call Confirm (11) 128 lci 1024
*Apr 10 10:52:21.045: ? From (0): ?To (0):
*Apr 10 10:52:21.045: ? Facilities: (6)
*Apr 10 10:52:21.045: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:21.045: ? ? Window sizes: 15 15
*Apr 10 10:52:21.045: XOT Call Confirm packet, Bad value for facility, Window size is not within permitted range
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT O P2 Clear (5) 128 lci 1024
*Apr 10 10:52:21.045: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
It seems that the xot listener on?192.168.178.9 is not using the TELEBAHN profile, but I'm not sure as I'm still very new to this.
I couldn't get it to work locally before either, but strangely now it works without issues between local systems. Actually, I *think* you have to unapply and re-apply the "xot access-group" configuration for it to pick up the new profile parameters (at least in my IOS version).
(Looks like "x25 subscribe windowsize permit 2 15" in the profile would allow for dynamic negotiation?)
?
I'm wondering why it was decided to have non-standard packet and window sizes in the first place?? I understand that they improve performance, but that's not really the point of TELEBAHN or is it? :)
|
Nice!? I've added?
?x25 subscribe packetsize permit 128 4096
?x25 subscribe windowsize permit 2 15
to my configuration now and can establish in- and outbound connections.
Here is my complete configuration for reference:
version 12.3
service pad to-xot
service pad from-xot
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname netzhansa-router
boot-start-marker
boot-end-marker
enable secret 5 $1$cmGX$ZJnIqCPqDPIVgaM0VTJzS.
no aaa new-model
ip subnet-zero
no ip routing
no ip cef
ip name-server 192.168.178.2
x25 profile TELEBAHN dxe
?x25 version 1988
?x25 modulo 128
?x25 address 230001
?x25 win 15
?x25 wout 15
?x25 ips 1024
?x25 ops 1024
?x25 subscribe packetsize permit 128 4096
?x25 subscribe windowsize permit 2 15
x25 routing
xot access-group 10 profile TELEBAHN
interface FastEthernet0/0
?ip address 192.168.178.9 255.255.255.0
?no ip route-cache
?duplex half
ip default-gateway 192.168.178.3
ip classless
ip default-network 192.168.178.0
ip route 0.0.0.0 0.0.0.0 192.168.178.2
ip http server
access-list 10 permit any
x25 route 14704100 xot 193.219.181.219
x25 route ^603 xot 193.219.181.219
x25 route ^(...)(...).. xot dns \2.\
x25 host netzhansa-router 23000100
line con 0
?stopbits 1
line aux 0
?stopbits 1
line vty 0 4
?password cisco
?login
end
Am Mo., 10. Apr. 2023 um 11:33?Uhr schrieb Mantas Mikul?nas < grawity@...>:
Hi Mantas,
this is a bit puzzling:? If I make an outbound connection to?14704100 (on?193.219.181.219), the connection is established with the default parameters:
*Apr 10 10:54:10.993: [193.219.181.219,1998/,64238]: XOT O P2 Call (22) 8 lci 1024
*Apr 10 10:54:10.993: ? From (6): 230001 To (8): 14704100
*Apr 10 10:54:10.997: ? Facilities: (6)
*Apr 10 10:54:10.997: ? ? Packet sizes: 128 128
*Apr 10 10:54:10.997: ? ? Window sizes: 2 2
*Apr 10 10:54:10.997: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:54:11.077: [193.219.181.219,1998/,64238]: XOT I P2 Call Confirm (11) 8 lci 1024
*Apr 10 10:54:11.077: ? From (0): ?To (0):
*Apr 10 10:54:11.077: ? Facilities: (6)
*Apr 10 10:54:11.077: ? ? Packet sizes: 128 128
*Apr 10 10:54:11.077: ? ? Window sizes: 2 2
If I add the TELEBAHN profile to xot, however, the connection is refused:
*Apr 10 10:52:20.957: [193.219.181.219,1998/,35675]: XOT O P2 Call (22) 128 lci 1024
*Apr 10 10:52:20.957: ? From (6): 230001 To (8): 14704100
*Apr 10 10:52:20.957: ? Facilities: (6)
*Apr 10 10:52:20.957: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:20.957: ? ? Window sizes: 15 15
*Apr 10 10:52:20.957: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT I P2 Call Confirm (11) 128 lci 1024
*Apr 10 10:52:21.045: ? From (0): ?To (0):
*Apr 10 10:52:21.045: ? Facilities: (6)
*Apr 10 10:52:21.045: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:21.045: ? ? Window sizes: 15 15
*Apr 10 10:52:21.045: XOT Call Confirm packet, Bad value for facility, Window size is not within permitted range
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT O P2 Clear (5) 128 lci 1024
*Apr 10 10:52:21.045: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
It seems that the xot listener on?192.168.178.9 is not using the TELEBAHN profile, but I'm not sure as I'm still very new to this.
I couldn't get it to work locally before either, but strangely now it works without issues between local systems. Actually, I *think* you have to unapply and re-apply the "xot access-group" configuration for it to pick up the new profile parameters (at least in my IOS version).
(Looks like "x25 subscribe windowsize permit 2 15" in the profile would allow for dynamic negotiation?)
?
I'm wondering why it was decided to have non-standard packet and window sizes in the first place?? I understand that they improve performance, but that's not really the point of TELEBAHN or is it? :)
|
Looks like adding the same "x25 subscribe window-size ..." under "interface Serial0/0" was also needed to make the router stop complaining and start forwarding calls onwards as well (netzhansa->XOT->top->Serial->mid).
$ ~/cisco top /show run
spawn telnet cisco-top.sym
Trying 10.147.18.41...
Connected to cisco-top.sym.
Escape character is '^]'.
% Dunelab:Cisco1760-top (10.147.18.41) <grawity@...>
User Access Verification
Password:
Cisco1760-top>enable
Password:
Cisco1760-top#terminal length 0
Cisco1760-top#show run
Building configuration...
Current configuration : 2299 bytes
!
! Last configuration change at 10:17:28 UTC Mon Apr 10 2023
! NVRAM config last updated at 10:17:37 UTC Mon Apr 10 2023
!
version 12.3
service pad to-xot
service pad from-xot
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1760-top
!
boot-start-marker
boot-end-marker
!
logging buffered 16384 informational
enable password enable
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip arp proxy disable
!
!
no ip dhcp use vrf connected
!
!
ip finger
ip cef
!
!
x25 profile TELEBAHN dxe
?x25 version 1988
?x25 modulo 128
?x25 address 603041
?x25 alias ^147041
?x25 win 15
?x25 wout 15
?x25 ips 1024
?x25 ops 1024
?x25 subscribe packetsize permit 128 1024
?x25 subscribe windowsize permit 2 15
x25 routing
xot access-group 10 profile TELEBAHN
!
!
!
interface Loopback0
?ip address 172.20.158.15 255.255.255.255 secondary
?ip address 10.147.1.41 255.255.255.255
!
interface FastEthernet0/0
?ip address dhcp
?speed auto
!
interface Serial0/0
?description "Connected to Cisco1760-mid Serial0/0"
?no ip address
?encapsulation x25 dce
?x25 address 147041
?x25 alias ^603041
?clockrate 64000
!
interface Serial0/1
?description "Connected to Cisco1760-btm Serial0/1"
?no ip address
?encapsulation x25 dce
?x25 address 147041
?clockrate 64000
!
router ospf 1
?log-adjacency-changes
?network 10.147.0.0 0.0.255.255 area 0
?network 172.20.158.0 0.0.0.31 area 0
!
ip classless
ip http server
!
!
logging origin-id hostname
logging host 10.147.1.4 transport udp port 9514
access-list 10 permit any
x25 route ^603042 interface Serial0/0
x25 route ^147042 interface Serial0/0
x25 route ^603043 interface Serial0/1
x25 route ^147043 interface Serial0/1
x25 route ^230 xot dns
x25 route ^(...)(...) xot dns \2.\
x25 host Cisco1760-top 147041
x25 host mid 147042
x25 host btm 147043
x25 host hans 230001
!
control-plane
!
banner login ^C% Dunelab:Cisco1760-top (10.147.18.41) <grawity@...>^C
!
line con 0
line aux 0
?no exec
?transport input telnet
line vty 0 4
?exec-timeout 0 0
?password cisco
?login
line vty 5 11
?login
line vty 12 15
?no login
?rotary 18
?autocommand ?telnet DuneGW.sym
?transport input pad
!
sntp server 193.219.181.193 version 3
end
Cisco1760-top#
(I'm surprised the "sntp server" config is still there. Usually it keeps disappearing on every reload.)
Nice!? I've added?
?x25 subscribe packetsize permit 128 4096
?x25 subscribe windowsize permit 2 15
to my configuration now and can establish in- and outbound connections.
Here is my complete configuration for reference:
version 12.3
service pad to-xot
service pad from-xot
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname netzhansa-router
boot-start-marker
boot-end-marker
enable secret 5 $1$cmGX$ZJnIqCPqDPIVgaM0VTJzS.
no aaa new-model
ip subnet-zero
no ip routing
no ip cef
ip name-server 192.168.178.2
x25 profile TELEBAHN dxe
?x25 version 1988
?x25 modulo 128
?x25 address 230001
?x25 win 15
?x25 wout 15
?x25 ips 1024
?x25 ops 1024
?x25 subscribe packetsize permit 128 4096
?x25 subscribe windowsize permit 2 15
x25 routing
xot access-group 10 profile TELEBAHN
interface FastEthernet0/0
?ip address 192.168.178.9 255.255.255.0
?no ip route-cache
?duplex half
ip default-gateway 192.168.178.3
ip classless
ip default-network 192.168.178.0
ip route 0.0.0.0 0.0.0.0 192.168.178.2
ip http server
access-list 10 permit any
x25 route 14704100 xot 193.219.181.219
x25 route ^603 xot 193.219.181.219
x25 route ^(...)(...).. xot dns \2.\
x25 host netzhansa-router 23000100
line con 0
?stopbits 1
line aux 0
?stopbits 1
line vty 0 4
?password cisco
?login
end
Am Mo., 10. Apr. 2023 um 11:33?Uhr schrieb Mantas Mikul?nas < grawity@...>: Hi Mantas,
this is a bit puzzling:? If I make an outbound connection to?14704100 (on?193.219.181.219), the connection is established with the default parameters:
*Apr 10 10:54:10.993: [193.219.181.219,1998/,64238]: XOT O P2 Call (22) 8 lci 1024
*Apr 10 10:54:10.993: ? From (6): 230001 To (8): 14704100
*Apr 10 10:54:10.997: ? Facilities: (6)
*Apr 10 10:54:10.997: ? ? Packet sizes: 128 128
*Apr 10 10:54:10.997: ? ? Window sizes: 2 2
*Apr 10 10:54:10.997: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:54:11.077: [193.219.181.219,1998/,64238]: XOT I P2 Call Confirm (11) 8 lci 1024
*Apr 10 10:54:11.077: ? From (0): ?To (0):
*Apr 10 10:54:11.077: ? Facilities: (6)
*Apr 10 10:54:11.077: ? ? Packet sizes: 128 128
*Apr 10 10:54:11.077: ? ? Window sizes: 2 2
If I add the TELEBAHN profile to xot, however, the connection is refused:
*Apr 10 10:52:20.957: [193.219.181.219,1998/,35675]: XOT O P2 Call (22) 128 lci 1024
*Apr 10 10:52:20.957: ? From (6): 230001 To (8): 14704100
*Apr 10 10:52:20.957: ? Facilities: (6)
*Apr 10 10:52:20.957: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:20.957: ? ? Window sizes: 15 15
*Apr 10 10:52:20.957: ? Call User Data (4): 0x01000000 (pad)
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT I P2 Call Confirm (11) 128 lci 1024
*Apr 10 10:52:21.045: ? From (0): ?To (0):
*Apr 10 10:52:21.045: ? Facilities: (6)
*Apr 10 10:52:21.045: ? ? Packet sizes: 1024 1024
*Apr 10 10:52:21.045: ? ? Window sizes: 15 15
*Apr 10 10:52:21.045: XOT Call Confirm packet, Bad value for facility, Window size is not within permitted range
*Apr 10 10:52:21.045: [193.219.181.219,1998/,35675]: XOT O P2 Clear (5) 128 lci 1024
*Apr 10 10:52:21.045: ? Cause 3, Diag 66 (Invalid facility request/Facility parameter not allowed)
It seems that the xot listener on?192.168.178.9 is not using the TELEBAHN profile, but I'm not sure as I'm still very new to this.
I couldn't get it to work locally before either, but strangely now it works without issues between local systems. Actually, I *think* you have to unapply and re-apply the "xot access-group" configuration for it to pick up the new profile parameters (at least in my IOS version).
(Looks like "x25 subscribe windowsize permit 2 15" in the profile would allow for dynamic negotiation?)
?
I'm wondering why it was decided to have non-standard packet and window sizes in the first place?? I understand that they improve performance, but that's not really the point of TELEBAHN or is it? :)
|
