Application Guide Volume VII AG2011-18

Basic and Advanced Applications of the

SEL-3530 RTAC Access Point Router
Mark Diehl

INTRODUCTION
The access point router in the SEL-3530 Real-Time Automation Controller (RTAC) is one of the
more powerful features of the RTAC. In this application guide, we show how to configure an
access point router and use it for remote engineering to communicate with intelligent electronic
devices (IEDs). These devices could be relays, meters, programmable automation controllers, or
other similar devices. Engineering access is used to do various things such as check the status of
IEDs, obtain event reports or Sequential Events Recorder data, or interact with an IED in various
other ways.

SYSTEM ARCHITECTURE
A system with an RTAC used for supervisory control and data acquisition (SCADA) will look
very much like what is shown in Figure 1.

Figure 1 Diagram of SCADA, RTAC, and IED System

In Figure 1, the RTAC polls the IEDs for data and provides these data to the SCADA master
station. The RTAC also accepts commands from the SCADA master and performs various
controls through the IEDs. In this application guide, we show various features of the access point
router in the RTAC that we will use to manage engineering access connections from remote
computers to IEDs attached to the RTAC.

ACCESS POINTS
To understand the access point router, it is first necessary to understand what an access point is.
An access point is a communications connection or port into or out of the RTAC. We will set up
one access point that will listen for an incoming Ethernet connection and another access point for
serial transparent communication to an IED. It is the access point router that makes the
connection between the various access points.

Date Code 20131030 SEL Application Guide 2011-18

2

Configuration of the Access Points

We will show how to use the access point router to make transparent connections between an
incoming Ethernet access point and a serial access point connected to an SEL IED. When an SEL
IED (using SEL Fast Message protocol) is added to a project, an access point and a transparent
access point are automatically created and associated with that SEL IED. The RTAC uses the
same port for polling the IED with SEL Fast Message and for transparent communication with
the IED. If the access point is used, the polling is suspended while the access to the IED occurs. If
the transparent access point is used, the polling continues, while at the same time, the transparent
communication occurs. This is known as interleaved communication. Some communications
software does not tolerate interleaved communication. If this is the case, use an access point and
not a transparent access point.
If we use the RTAC to connect with a non-SEL IED, we need to create an access point to connect
from the RTAC to that IED. This might be done if the IED is being polled with DNP3 or
Modbus® RTU and a second port is used on the SEL-3530 for engineering access to that IED via
the access point router, because DNP3 and Modbus do not allow engineering access over the
same channel that is being used for DNP3 or Modbus.
We configured a simple project with a DNP3 server connection back to a master station and two
SEL-751A Feeder Protection Relays being polled by the RTAC on serial Ports 1 and 2. The main
screen of the ACSELERATOR RTAC® SEL-5033 Software for this project is shown in Figure 2.

Figure 2 ACSELERATOR RTAC Main Screen

There are two feeder IEDs (Feeder_131_751A_SEL and Feeder_132_751A_SEL) and a

SCADA server (SCADA_DNP) in this project.
We need to add an access point for each incoming connection to an IED. In the case of the
SEL-751A Relays, we add two access points for each. We set up one as a transparent access point
and one as a regular access point.

SEL Application Guide 2011-18 Date Code 20131030

 3

The addition of the direct access point (that will be listening for an incoming Ethernet connection
associated with the Feeder_131 IED) is shown in Figure 3.

Figure 3 Create Access Point for Ethernet Listening Connection

After we click the Insert button, the access point is added as one of the devices. This is for the
direct-connect access point. We then set the Network Connection Type to Raw TCP and the
Local Port Number to 50001, as shown in Figure 4. The Feeder_131 IED has already been
configured in the RTAC project file and is connected to serial Port 1 on the RTAC. The 50001
port number that was selected as the local port number is arbitrary. It should be in the range of
1024 to 65535. Many ports below 1024 are already used for specific services (e.g., Telnet, Secure
Shell [SSH], HTML, and File Transfer Protocol), and we want to avoid a conflict with these other
ports.

Figure 4 Set Network Connection Type and Local Port Number for Ethernet
Listening Direct Connection for Feeder_131 IED

We can follow the same steps to add the transparent access point for the Feeder_131 IED. This is
shown in Figure 5.

Figure 5 Set Network Connection Type and Local Port Number for Ethernet
Listening Transparent Connection for Feeder_131 IED

We set the Local Port Number for the transparent access point to 51001. The local port numbers
are associated with the Internet Protocol (IP) address of the RTAC that we used to make the

Date Code 20131030 SEL Application Guide 2011-18

4

connection to the IED. If a direct connection is made to an IED with Ethernet (not through the
RTAC access point router), connect to the IP address of the IED and use Port 23, which is the
default Telnet port. In this case, we used the RTAC IP address and Ports 50001 and 51001 to
make a connection to the Feeder_131 IED on serial Port 1 of the RTAC for a direct connection
and transparent connection, respectively.
It is useful to have a convention for associating the local port number with a physical port. Local
port numbers 50001 and 51001 reference the IED on serial Port 1, but the connection made via
Port 50001 is a direct connection while the connection made via Port 51001 is a transparent
connection. Access points for all of the IEDs requiring remote access should be created following
the same procedure. It is not necessary to create both the direct and transparent connections, only
what is needed for the application. Additional access points were added for the Feeder_132 IED
that is connected to Port 2 of the RTAC. The access point and transparent access point were
assigned Ports 50002 and 51002, respectively. This is shown in Figure 6.

Figure 6 Set Network Connection Type and Port Number for Ethernet Listening
Transparent Connection for Feeder_132 IED

Configuration of the Access Point Router

At this stage, we have the incoming access points and the outgoing access points. Now, we need
to connect the access point that is listening for an incoming Ethernet connection to the access
point that connects a particular IED. To do this, we add an access point router. Click on Access
Point Routers on the Insert tab at the top of the ACSELERATOR RTAC screen. The dialog box
for the first access point router we are adding is shown in Figure 7. We have given this access
point router a unique name. This is the access point router that will listen on the RTAC IP address
on Port 50001 and make a direct (not transparent) connection to the Feeder_131 IED. We select
ETH_DIRECT_Feeder_131_AP_AP as the Source Access Point from the drop-down box and
select Feeder_131_751A_SEL_AP via the checkbox. This makes a connection between the
access point that is listening for an incoming connection on Port 50001 on the RTAC and the
access point associated with the Feeder_131 IED.

Figure 7 Configure the Access Point Router for the Direct Connection for Feeder_131 IED

SEL Application Guide 2011-18 Date Code 20131030

 5

An access point router for the transparent connection to the Feeder_131 IED should also be
created. We will not check the Enable Legacy Commands box. This is a feature that allows the
access point router to look similar in function to the SEL-2030 or SEL-2032 Communications
Processor port command for remote access.
Access point routers should be created for the direct and transparent connections for the
Feeder_132 IED also.
The last thing we need to do for each of the access point routers is to set the Default Value to
TRUE for Auto_Connect. This is shown in Figure 8. This allows the access point router to
establish the connection between the port it is listening on and the port connected to the IED
when an incoming connection is detected.

Figure 8 Set Auto_Connect in the Access Point Router to Establish the Connection
Automatically When an Incoming Connection Is Detected

Like many other devices, the RTAC will disconnect a user if there is no activity for a specific
amount of time. If we select one of the access point routers and then select the Settings tab, there
are some settings the user can modify, including inactivity on the source or destination. There is a
Source_Inactivity_Timeout and a Destination_Inactivity_Timeout setting. These are set in
milliseconds, and the default is 300,000 milliseconds, or 5 minutes. If there are no data coming
into the access point router from the source for longer than the Source_Inactivity_Timeout or
there are no data coming into the access point router from the destination for longer than the
Destination_Inactivity_Timeout, the access point router terminates the connection. These
settings (shown in Figure 9) can be changed as necessary, depending on the application.

Figure 9 Set Inactivity Time-Outs on the Access Point Router

Date Code 20131030 SEL Application Guide 2011-18

6

Connecting to an IED Via the Access Point Router

We will use a simple terminal program called Tera Term to demonstrate communication to an
IED via the access point router. Any communications program (including ACSELERATOR
QuickSet® SEL-5030 Software and the SEL-5010 Relay Assistant Software) can be used. To
make a transparent connection to the Feeder_131 IED via the access point router, we enter the
parameters shown in Figure 10.

Figure 10 Terminal Program Communications Parameters to Communicate

With IED Via Access Point Router

The number 10.10.52.5 is the IP address of the RTAC Ethernet interface that is connected to an
Ethernet network, and 51001 is the port used earlier that the RTAC is listening on for a
connection attempt to a particular IED. If a connection attempt is made, the access point router in
the RTAC connects the source access point to the correct destination access point as defined by
the access point router.
Once the connection is made, the user will see the = prompt of the SEL IED (the user may need
to press the <Enter> key to get the prompt). The user can log in and execute any valid commands
for that device. This is shown in Figure 11.

Figure 11 Result of STATUS Command of IED Communicating Via Access Point Router

SEL Application Guide 2011-18 Date Code 20131030

 7

Now that we have the access point router working to provide access to the IEDs, the remainder of
this application guide shows how to take advantage of some advanced features using the access
point router.

USING SOURCE AUTHENTICATION FOR ADDITIONAL SECURITY

In Figure 11, the IED prompted for the Level 1 password that most users are familiar with when
using SEL IEDs. We can provide additional security by requiring a user ID and password to
establish a transparent connection to an IED. These user IDs and passwords are for individual
users and are associated with the RTAC, not the IED. Enable the use of the user ID and password
by setting Source_Authentication to True in the settings associated with each of the access
point routers created. This is shown in Figure 12.

Figure 12 Set Source Authentication to True in the Access Point Router

If a connection via the access point router is attempted when Source_Authentication is set to
True, the user is prompted to enter a valid user ID and password for the RTAC the user is
connecting through. This is shown in Figure 13 and Figure 14.

Figure 13 Prompt for User ID From RTAC

Figure 14 Prompt for Password From RTAC

At this stage, the user is connected to the IED, as shown in Figure 11, and the IED passwords
must be entered. Using source authentication adds one additional layer of security. It is important
to note that the user ID and password in the RTAC can be on a per-user basis. This is not the case
for the IEDs. In an IED, there is one password for Level 1 access and a different password for
Level 2 access. There is no way to know who logged into an IED. Using source authentication in
the RTAC makes it possible to know who made a remote connection to an IED.

Date Code 20131030 SEL Application Guide 2011-18

8

PROVIDING SCADA INDICATION OF A CONNECTION VIA THE ACCESS

POINT ROUTER
Indication that a connection is made to an IED via the access point router is information that may
be of interest to operations personnel at a control center. If an SEL IED is being used with the
RTAC, two points indicate that a connection to an IED is active: one point for a direct connection
and another point for a transparent connection. These are seen in Figure 15. In this case, there is a
direct transparent connection in progress. The status of the Direct_Transparent_Connection
point is TRUE.

Figure 15 Indication of an Active Direct Transparent Connection

Using the Tag Processor, we can map these points to a SCADA status point polled by the master
station. We can bring these points back individually or combine them using the OR function. In
Figure 16, we show the transparent connection and the direct transparent connection combined by
the OR function into one point per IED that is reported back to the master station. The user may
decide to have one point for each IED or have an indication that there is a transparent connection
to any IED by using OR to combine all of these points into a single SCADA point.

Figure 16 Map the Indication of an Active Connection to an IED to a SCADA Binary Input Point

When a transparent connection or a direct transparent connection to the Feeder_131 IED occurs,
DNP3 Binary Point 0002 asserts to indicate that a connection has been opened to that IED. Once
this connection ends, that SCADA point deasserts.

SEL Application Guide 2011-18 Date Code 20131030

 9

ENABLING AND DISABLING THE ACCESS POINT ROUTER VIA SCADA

With the access point router configured as in the “Configuration of the Access Point Router”
section, any user can connect to an IED, provided the user has the appropriate passwords. We can
configure the RTAC to enable or disable the access point routers via SCADA for remote access
when required. To do this, we use a DNP3 trip/close control pair to turn off or turn on the access
point router. We also illuminate a light-emitting diode (LED) on the front of the RTAC and
provide a status point back to the master station to indicate that remote access is enabled.
First, we set up the SCADA controls in the tag processor to turn on and off the Aux_LED_01 on
the RTAC. We have SCADA_DNP.BO_0000.operClose turn on the Aux_LED_01 and
SCADA_DNP.BO_0000.operTrip turn off the Aux_LED_01. This is shown in Figure 17.

Figure 17 Map Controls for Aux_LED_01 Via SCADA

When a pulse on the SCADA_DNP.BO_0000.operTrip occurs, the

SystemTags.Aux_LED_01.operClear.ctlVal control is executed, which results in the
Aux_LED_01 turning off. When a pulse on the SCADA_DNP.BO_0000.operClose occurs, the
SystemTags.Aux_LED_01.operSet.ctlVal control is executed, which results in the
Aux_LED_01 turning on. This provides a visual indication on the RTAC that the access point
router is enabled.
We can now use the status of this LED to turn on and off the individual access point routers for
the various IEDs. We need to do this for each of the access point routers that we created. We use
one control (DNP3 Binary Output 0 via Aux_LED_01) to turn on or off all of the access point
routers. In order to allow control to some IEDs and not others, we can use different binary outputs
to control various groups of access point routers. The various DNP3 binary outputs drive different
LEDs, which can be used to control various access point routers. It is possible to enable or disable
the access point routers for all transmission or distribution IEDs at the same time.
We have selected the access point router for the transparent connection to Feeder_132 to
demonstrate this. Click on the Controller tab to see the program organizational unit (POU)
associated with this particular access point router, as shown in Figure 18.

Figure 18 Access Point Router POU

We can control the behavior of the access point router using this POU. We use the status of the
Aux_LED_01 to assert or deassert the EN (enable) input on the POU. If the Aux_LED_01 is

Date Code 20131030 SEL Application Guide 2011-18

10

illuminated (asserted), a 1 will be applied to the EN input of the POU. If the Aux_LED_01 is not
illuminated (deasserted), a 0 will be applied to the EN input of the POU. The toolbox in Figure 19
will appear on the right of the screen shown in Figure 18 and contains inputs and other items that
can be selected. If the toolbox is not visible, click on the View tab at the top of the screen and
click on the Show Toolbox button. The toolbox will then appear on the right side of the screen.
Drag an input from the toolbox into a position to the left of the
APR_TRANSPARENT_Feeder_132_POU.

Figure 19 CFC Logic Toolbox

We then connect the input from the toolbox to the EN input on the POU with a line. This is done
by dragging from the line that extends from the right side of the input to the line that extends
from the left side of the POU EN input, as shown in Figure 20. We then enter the point name that
will follow the status of the Aux_LED_01 into the input. This is done by clicking on the input
and then entering the point name. Some suggested choices will appear that match names that
already exist. The point name has .stVal added to the end. It is important to realize that any point
in the RTAC is really a structure that contains a great deal of information, including the status
value, quality, and time. In our case, we are interested in the status value, which is why we are
using SystemTags.Aux_LED_01.status.stVal.

Figure 20 Enable Access Point Router POU Using the Status of Aux_LED_01

SEL Application Guide 2011-18 Date Code 20131030

 11

It is also desirable to indicate to SCADA that the access point router has been enabled. This can
be done by monitoring either the status of the Aux_LED_01 or the enable status of the various
access point routers. If we are going to use the status of the Aux_LED_01 to control multiple
access point routers, it is probably simplest to monitor the status of the Aux_LED_01 to indicate
that access is enabled to several access point routers. We have mapped the status of the
Aux_LED_01 to SCADA_DNP.BI-004 in the Tag Processor. This is shown in Figure 21.

Figure 21 Map the Status of the LED Back to SCADA to Indicate an Access Point Router Is Enabled

The access point router is now turned on and off via SCADA. This required one action to enable
access and another action to disable access. It is possible to accidentally leave the access point
router enabled. To address this concern, we will now set up the access point router to allow
access for a specific amount of time. We create a program with a time-delay dropout timer that is
started with the close of a trip/close DNP3 control. This turns on the Aux_LED_01 immediately
and turns it off when the time-delay dropout timer times out. We use the status of the
Aux_LED_01 to enable or disable the access point router as well as to provide the status of the
access point router to SCADA.
In order to create a program, we must first click on the IEC 61131-3 User Logic button at the top
of the ACSELERATOR RTAC Software. This is shown in Figure 22.

Figure 22 Create a Program Using the IEC 61131-3 Button

We are then prompted to enter a Name and a Language for the program, as shown in Figure 23.
We call our program APP_TMR and use Continuous Function Chart (CFC) as the language.
This is a graphical programming language.

Figure 23 Select CFC as the Language and Provide a Name for the Program

The programming for this task is relatively simple. We need to add an instance of a time-off or
time-delay dropout timer (TOF). This is added under the variables (VAR) section of the program
at the top of the screen. We name it my_tmr and declare it as type TOF. We then use the toolbox
in Figure 19 to create the logic. We need to drag two inputs, a box, and two outputs to create the
logic. These components can be dragged around to make the logic easier to read. Earlier, we
entered the status of the Aux_LED_01 into an input to control the POU for the access point

Date Code 20131030 SEL Application Guide 2011-18

12

router. In this case, we do the same thing to define what the functions are for the inputs, the box,
and the outputs. The completed logic is shown in Figure 24.

Figure 24 CFC Logic for Timer That Enables Access Point Router for 15 Minutes

This logic operates by taking a pulse that comes from a SCADA control and applying it to a TOF
timer (called my_tmr) input (IN) with a dropout time set at 15 minutes (T#15m). The dropout
time is specified in the box connected to the time-delay input (PT). This can be changed to any
value. After a pulse is applied to the input via SCADA, the Q output of the timer asserts
immediately and remains asserted for 15 minutes after the pulse from the
SCADA_DNP.BO_0001 deasserts.
We have two outputs connected to Q. One of the outputs is to set the Aux_LED_01, and the
other is to clear the Aux_LED_01. Note that there is a little circle in front of the output to clear
the Aux_LED_01. This is the symbol to invert the signal. This is inserted by right-clicking on the
line on the left side connected to the output and selecting Negate. When the Q output of the TOF
timer is asserted, the SystemTags.Aux_LED_01.operSet.ctlVal control is executed, which
results in the Aux_LED_01 turning on. When the Q output of my_tmr is deasserted, the
SystemTags.Aux_LED_01.operClear.ctlVal control is executed, which results in the
Aux_LED_01 turning off. We use the status of the Aux_LED_01 to turn on and off the access
point router and provide a status point to SCADA, as we did in Figure 20 and Figure 21,
respectively.
Figure 25 shows the logic we just created in online mode when connected to the RTAC. We can
see the present state of the logic and watch the changes as they occur. In this case, we sent a
SCADA close control on SCADA_DNP.BO_0001, which started the TOF timer. The Q output
is asserted, and the elapsed time (ET) is on the timer. Once the timer counts up to 15 minutes, the
Q output deasserts, which results in the Aux_LED_01 turning off and terminating the connection
to the IED via the access point router. Watching the logic in real time can be a very effective aid
in troubleshooting.

Figure 25 Online View of Timer Showing Logic Status and Timer Value

SEL Application Guide 2011-18 Date Code 20131030

 13

IMPLEMENTING AN ENCRYPTED SSH CONNECTION TO AN IED

Up to this point, all of the communications between the computer and the IED (via the RTAC)
were unencrypted. A person with the right software and skills can intercept the communications
and see what was communicated and also obtain the passwords to the IEDs. The RTAC supports
SSH to allow for secure encrypted communication between the remote computer and the RTAC
(communication between the RTAC and the IED is not encrypted). This is easy to implement. All
that is required is to change the Network Connection Type from Raw TCP to SSH. This is
shown in Figure 26.

Figure 26 SSH Settings Associated With Listening Access Point

The connection to the IED via the RTAC can now be done securely with a communications
program that supports SSH. ACSELERATOR QuickSet and Tera Term are two examples of
programs that support SSH. The Communication Parameters screen of ACSELERATOR
QuickSet is shown in Figure 27.
Enter the IP address of the RTAC and the port number established to make the connection to the
particular IED. Now, enter the user ID and password for a valid account on the RTAC in order to
connect to the IED. The Level One Password and Level Two Password are the passwords for
the IED to which we are connecting.

Figure 27 ACSELERATOR QuickSet Communications Parameters for

Making an SSH Connection Via the Access Point Router

Date Code 20131030 SEL Application Guide 2011-18

14

CONCLUSION
The access point router is a very powerful feature in the SEL-3530 RTAC. Various techniques in
this application guide can be used alone or in combination to provide safe and secure access to
IEDs in remote substations.

FACTORY ASSISTANCE
We appreciate your interest in SEL products and services. If you have questions or comments,
please contact us at:
Schweitzer Engineering Laboratories, Inc.
2350 NE Hopkins Court
Pullman, WA 99163-5603 USA
Telephone: +1.509.332.1890
Fax: +1.509.332.7990
www.selinc.com • info@selinc.com

© 2011, 2013 by Schweitzer Engineering Laboratories, Inc.

All rights reserved.

All brand or product names appearing in this document are

the trademark or registered trademark of their respective
holders. No SEL trademarks may be used without written
permission.

SEL products appearing in this document may be covered by

U.S. and Foreign patents. *AG2011-18*
SEL Application Guide 2011-18 Date Code 20131030