Professional Documents
Culture Documents
INTRODUCTION
The access point router in the SEL-3530 Real-Time Automation Controller (RTAC) is one of the
more powerful features of the RTAC. In this application guide, we show how to configure an
access point router and use it for remote engineering to communicate with intelligent electronic
devices (IEDs). These devices could be relays, meters, programmable automation controllers, or
other similar devices. Engineering access is used to do various things such as check the status of
IEDs, obtain event reports or Sequential Events Recorder data, or interact with an IED in various
other ways.
SYSTEM ARCHITECTURE
A system with an RTAC used for supervisory control and data acquisition (SCADA) will look
very much like what is shown in Figure 1.
In Figure 1, the RTAC polls the IEDs for data and provides these data to the SCADA master
station. The RTAC also accepts commands from the SCADA master and performs various
controls through the IEDs. In this application guide, we show various features of the access point
router in the RTAC that we will use to manage engineering access connections from remote
computers to IEDs attached to the RTAC.
ACCESS POINTS
To understand the access point router, it is first necessary to understand what an access point is.
An access point is a communications connection or port into or out of the RTAC. We will set up
one access point that will listen for an incoming Ethernet connection and another access point for
serial transparent communication to an IED. It is the access point router that makes the
connection between the various access points.
The addition of the direct access point (that will be listening for an incoming Ethernet connection
associated with the Feeder_131 IED) is shown in Figure 3.
After we click the Insert button, the access point is added as one of the devices. This is for the
direct-connect access point. We then set the Network Connection Type to Raw TCP and the
Local Port Number to 50001, as shown in Figure 4. The Feeder_131 IED has already been
configured in the RTAC project file and is connected to serial Port 1 on the RTAC. The 50001
port number that was selected as the local port number is arbitrary. It should be in the range of
1024 to 65535. Many ports below 1024 are already used for specific services (e.g., Telnet, Secure
Shell [SSH], HTML, and File Transfer Protocol), and we want to avoid a conflict with these other
ports.
Figure 4 Set Network Connection Type and Local Port Number for Ethernet
Listening Direct Connection for Feeder_131 IED
We can follow the same steps to add the transparent access point for the Feeder_131 IED. This is
shown in Figure 5.
Figure 5 Set Network Connection Type and Local Port Number for Ethernet
Listening Transparent Connection for Feeder_131 IED
We set the Local Port Number for the transparent access point to 51001. The local port numbers
are associated with the Internet Protocol (IP) address of the RTAC that we used to make the
connection to the IED. If a direct connection is made to an IED with Ethernet (not through the
RTAC access point router), connect to the IP address of the IED and use Port 23, which is the
default Telnet port. In this case, we used the RTAC IP address and Ports 50001 and 51001 to
make a connection to the Feeder_131 IED on serial Port 1 of the RTAC for a direct connection
and transparent connection, respectively.
It is useful to have a convention for associating the local port number with a physical port. Local
port numbers 50001 and 51001 reference the IED on serial Port 1, but the connection made via
Port 50001 is a direct connection while the connection made via Port 51001 is a transparent
connection. Access points for all of the IEDs requiring remote access should be created following
the same procedure. It is not necessary to create both the direct and transparent connections, only
what is needed for the application. Additional access points were added for the Feeder_132 IED
that is connected to Port 2 of the RTAC. The access point and transparent access point were
assigned Ports 50002 and 51002, respectively. This is shown in Figure 6.
Figure 6 Set Network Connection Type and Port Number for Ethernet Listening
Transparent Connection for Feeder_132 IED
Figure 7 Configure the Access Point Router for the Direct Connection for Feeder_131 IED
An access point router for the transparent connection to the Feeder_131 IED should also be
created. We will not check the Enable Legacy Commands box. This is a feature that allows the
access point router to look similar in function to the SEL-2030 or SEL-2032 Communications
Processor port command for remote access.
Access point routers should be created for the direct and transparent connections for the
Feeder_132 IED also.
The last thing we need to do for each of the access point routers is to set the Default Value to
TRUE for Auto_Connect. This is shown in Figure 8. This allows the access point router to
establish the connection between the port it is listening on and the port connected to the IED
when an incoming connection is detected.
Figure 8 Set Auto_Connect in the Access Point Router to Establish the Connection
Automatically When an Incoming Connection Is Detected
Like many other devices, the RTAC will disconnect a user if there is no activity for a specific
amount of time. If we select one of the access point routers and then select the Settings tab, there
are some settings the user can modify, including inactivity on the source or destination. There is a
Source_Inactivity_Timeout and a Destination_Inactivity_Timeout setting. These are set in
milliseconds, and the default is 300,000 milliseconds, or 5 minutes. If there are no data coming
into the access point router from the source for longer than the Source_Inactivity_Timeout or
there are no data coming into the access point router from the destination for longer than the
Destination_Inactivity_Timeout, the access point router terminates the connection. These
settings (shown in Figure 9) can be changed as necessary, depending on the application.
The number 10.10.52.5 is the IP address of the RTAC Ethernet interface that is connected to an
Ethernet network, and 51001 is the port used earlier that the RTAC is listening on for a
connection attempt to a particular IED. If a connection attempt is made, the access point router in
the RTAC connects the source access point to the correct destination access point as defined by
the access point router.
Once the connection is made, the user will see the = prompt of the SEL IED (the user may need
to press the <Enter> key to get the prompt). The user can log in and execute any valid commands
for that device. This is shown in Figure 11.
Figure 11 Result of STATUS Command of IED Communicating Via Access Point Router
Now that we have the access point router working to provide access to the IEDs, the remainder of
this application guide shows how to take advantage of some advanced features using the access
point router.
If a connection via the access point router is attempted when Source_Authentication is set to
True, the user is prompted to enter a valid user ID and password for the RTAC the user is
connecting through. This is shown in Figure 13 and Figure 14.
At this stage, the user is connected to the IED, as shown in Figure 11, and the IED passwords
must be entered. Using source authentication adds one additional layer of security. It is important
to note that the user ID and password in the RTAC can be on a per-user basis. This is not the case
for the IEDs. In an IED, there is one password for Level 1 access and a different password for
Level 2 access. There is no way to know who logged into an IED. Using source authentication in
the RTAC makes it possible to know who made a remote connection to an IED.
Using the Tag Processor, we can map these points to a SCADA status point polled by the master
station. We can bring these points back individually or combine them using the OR function. In
Figure 16, we show the transparent connection and the direct transparent connection combined by
the OR function into one point per IED that is reported back to the master station. The user may
decide to have one point for each IED or have an indication that there is a transparent connection
to any IED by using OR to combine all of these points into a single SCADA point.
Figure 16 Map the Indication of an Active Connection to an IED to a SCADA Binary Input Point
When a transparent connection or a direct transparent connection to the Feeder_131 IED occurs,
DNP3 Binary Point 0002 asserts to indicate that a connection has been opened to that IED. Once
this connection ends, that SCADA point deasserts.
We can control the behavior of the access point router using this POU. We use the status of the
Aux_LED_01 to assert or deassert the EN (enable) input on the POU. If the Aux_LED_01 is
illuminated (asserted), a 1 will be applied to the EN input of the POU. If the Aux_LED_01 is not
illuminated (deasserted), a 0 will be applied to the EN input of the POU. The toolbox in Figure 19
will appear on the right of the screen shown in Figure 18 and contains inputs and other items that
can be selected. If the toolbox is not visible, click on the View tab at the top of the screen and
click on the Show Toolbox button. The toolbox will then appear on the right side of the screen.
Drag an input from the toolbox into a position to the left of the
APR_TRANSPARENT_Feeder_132_POU.
We then connect the input from the toolbox to the EN input on the POU with a line. This is done
by dragging from the line that extends from the right side of the input to the line that extends
from the left side of the POU EN input, as shown in Figure 20. We then enter the point name that
will follow the status of the Aux_LED_01 into the input. This is done by clicking on the input
and then entering the point name. Some suggested choices will appear that match names that
already exist. The point name has .stVal added to the end. It is important to realize that any point
in the RTAC is really a structure that contains a great deal of information, including the status
value, quality, and time. In our case, we are interested in the status value, which is why we are
using SystemTags.Aux_LED_01.status.stVal.
Figure 20 Enable Access Point Router POU Using the Status of Aux_LED_01
It is also desirable to indicate to SCADA that the access point router has been enabled. This can
be done by monitoring either the status of the Aux_LED_01 or the enable status of the various
access point routers. If we are going to use the status of the Aux_LED_01 to control multiple
access point routers, it is probably simplest to monitor the status of the Aux_LED_01 to indicate
that access is enabled to several access point routers. We have mapped the status of the
Aux_LED_01 to SCADA_DNP.BI-004 in the Tag Processor. This is shown in Figure 21.
Figure 21 Map the Status of the LED Back to SCADA to Indicate an Access Point Router Is Enabled
The access point router is now turned on and off via SCADA. This required one action to enable
access and another action to disable access. It is possible to accidentally leave the access point
router enabled. To address this concern, we will now set up the access point router to allow
access for a specific amount of time. We create a program with a time-delay dropout timer that is
started with the close of a trip/close DNP3 control. This turns on the Aux_LED_01 immediately
and turns it off when the time-delay dropout timer times out. We use the status of the
Aux_LED_01 to enable or disable the access point router as well as to provide the status of the
access point router to SCADA.
In order to create a program, we must first click on the IEC 61131-3 User Logic button at the top
of the ACSELERATOR RTAC Software. This is shown in Figure 22.
We are then prompted to enter a Name and a Language for the program, as shown in Figure 23.
We call our program APP_TMR and use Continuous Function Chart (CFC) as the language.
This is a graphical programming language.
Figure 23 Select CFC as the Language and Provide a Name for the Program
The programming for this task is relatively simple. We need to add an instance of a time-off or
time-delay dropout timer (TOF). This is added under the variables (VAR) section of the program
at the top of the screen. We name it my_tmr and declare it as type TOF. We then use the toolbox
in Figure 19 to create the logic. We need to drag two inputs, a box, and two outputs to create the
logic. These components can be dragged around to make the logic easier to read. Earlier, we
entered the status of the Aux_LED_01 into an input to control the POU for the access point
router. In this case, we do the same thing to define what the functions are for the inputs, the box,
and the outputs. The completed logic is shown in Figure 24.
Figure 24 CFC Logic for Timer That Enables Access Point Router for 15 Minutes
This logic operates by taking a pulse that comes from a SCADA control and applying it to a TOF
timer (called my_tmr) input (IN) with a dropout time set at 15 minutes (T#15m). The dropout
time is specified in the box connected to the time-delay input (PT). This can be changed to any
value. After a pulse is applied to the input via SCADA, the Q output of the timer asserts
immediately and remains asserted for 15 minutes after the pulse from the
SCADA_DNP.BO_0001 deasserts.
We have two outputs connected to Q. One of the outputs is to set the Aux_LED_01, and the
other is to clear the Aux_LED_01. Note that there is a little circle in front of the output to clear
the Aux_LED_01. This is the symbol to invert the signal. This is inserted by right-clicking on the
line on the left side connected to the output and selecting Negate. When the Q output of the TOF
timer is asserted, the SystemTags.Aux_LED_01.operSet.ctlVal control is executed, which
results in the Aux_LED_01 turning on. When the Q output of my_tmr is deasserted, the
SystemTags.Aux_LED_01.operClear.ctlVal control is executed, which results in the
Aux_LED_01 turning off. We use the status of the Aux_LED_01 to turn on and off the access
point router and provide a status point to SCADA, as we did in Figure 20 and Figure 21,
respectively.
Figure 25 shows the logic we just created in online mode when connected to the RTAC. We can
see the present state of the logic and watch the changes as they occur. In this case, we sent a
SCADA close control on SCADA_DNP.BO_0001, which started the TOF timer. The Q output
is asserted, and the elapsed time (ET) is on the timer. Once the timer counts up to 15 minutes, the
Q output deasserts, which results in the Aux_LED_01 turning off and terminating the connection
to the IED via the access point router. Watching the logic in real time can be a very effective aid
in troubleshooting.
Figure 25 Online View of Timer Showing Logic Status and Timer Value
The connection to the IED via the RTAC can now be done securely with a communications
program that supports SSH. ACSELERATOR QuickSet and Tera Term are two examples of
programs that support SSH. The Communication Parameters screen of ACSELERATOR
QuickSet is shown in Figure 27.
Enter the IP address of the RTAC and the port number established to make the connection to the
particular IED. Now, enter the user ID and password for a valid account on the RTAC in order to
connect to the IED. The Level One Password and Level Two Password are the passwords for
the IED to which we are connecting.
CONCLUSION
The access point router is a very powerful feature in the SEL-3530 RTAC. Various techniques in
this application guide can be used alone or in combination to provide safe and secure access to
IEDs in remote substations.
FACTORY ASSISTANCE
We appreciate your interest in SEL products and services. If you have questions or comments,
please contact us at:
Schweitzer Engineering Laboratories, Inc.
2350 NE Hopkins Court
Pullman, WA 99163-5603 USA
Telephone: +1.509.332.1890
Fax: +1.509.332.7990
www.selinc.com • info@selinc.com