Hands-On RTAC Session Access Point Router Exercise
Figure 1 Connection Diagram
Access Point Router The access point router application allows you to connect remotely to a device that is attached to the SEL-3530 Real-Time Automation Controller (RTAC) via an Ethernet or serial connection (e.g., a modem). This feature in the RTAC provides the remote engineering access application.
Exercise Step 1.
Using the ACSELERATOR RTAC® SEL-5033 Software, right-click Devices and select Add Other Device > Access Point to create your incoming engineering access point.
Figure 2 Add Access Point to Your Devices
Access Point Router Exercise
Page 1 of 14
20120723
Step 2.
Select your engineering access point type. Provide a Device Name (e.g., Engineering). Select Ethernet Incoming (Listens for Connections) as your Connection Type.
Figure 3 Engineering Access Connection Type
Step 3.
Assign a connection type and Transmission Control Protocol (TCP) port number (50001) for your engineering access. Use Telnet as the Network Connection Type.
Figure 4 TCP Port Settings for Engineering Access
Access Point Router Exercise
Page 2 of 14
20120723
Step 4.
Right-click on Access Point Routers, and select Add Access Point Router.
Figure 5 Add Access Point Routers
Step 5.
Assign a unique Name for your port routers. Use the access point you created as the Source Access Point. The Destination Access Points will be your various intelligent electronic devices (IEDs). Devices that end with TAP are for transparent (interleave) connections. Devices that end with AP are for direct transparent connections (Direct - SCADA polling is stopped while the access point router is in use). Select Feeder_1_SEL_AP as your destination access point.
Figure 6 Add Access Routers
Access Point Router Exercise
Page 3 of 14
20120723
Step 6.
Next, set the program organizational unit (POU) settings. Set Auto_Connect to TRUE in the POU Pin Settings tab. This will automatically connect the incoming access point to the outgoing access point once the RTAC detects an incoming connection.
Figure 7 POU Pin Settings
Step 7.
Save and send the settings to your RTAC.
Step 8.
Use any terminal software package to connect to your RTAC Internet Protocol (IP) address and use the engineering access point TCP port you configured. Ensure that the local-area network (LAN) adapter on the computer is set to an address on the same subnet as your RTAC. Be sure to specify the Host IP address of the interface you are connecting to on the RTAC.
Figure 8 Example Settings in Tera Term
Access Point Router Exercise
Page 4 of 14
20120723
Step 9.
Use the ID command to verify connectivity. Notice the Port 1 light-emitting diode (LED). Normal polling has stopped; only the remote access traffic is allowed to pass to the relay.
Figure 9 Engineering Access
Access Point Router Exercise
Page 5 of 14
20120723
Step 10.
Close your terminal emulation program, open ACSELERATOR QuickSet® SEL-5030 Software, and connect to the same access point. Because the RTAC does not have a traditional prompt, you need to modify the communications settings so ACSELERATOR QuickSet will not look for a prompt to determine if a connection is made. From the Tools menu, select Options. Find the Communications tab, check the Enable Advanced Communication Settings, and acknowledge the warning. Uncheck the Auto-Detect Connection box, and select OK.
Figure 10 QuickSet Advanced Communications Settings
Access Point Router Exercise
Page 6 of 14
20120723
Step 11.
From the Communications menu, open the Communication Parameters tab. Set the Active Connection Type and parameters as shown below in Figure 11. The Level One Password is OTTER, and the Level Two Password is TAIL. Click Apply, and confirm communication to the SEL-751 Feeder Protection Relay.
Figure 11 ACSELERATOR QuickSet Communication Parameters
Step 12.
Add a second Ethernet incoming access point named Engineering_Transparent. Set the Network Connection Type to Telnet, and set the Local Port Number to 50002.
Figure 12 Configure Engineering_Transparent Access Point
Access Point Router Exercise
Page 7 of 14
20120723
Step 13.
Add another access point router named Engineering_Transparent, but this time select the TAP connection from the Destination Access Points. Do not forget to set Auto_Connect to TRUE, as in Step 6.
Figure 13 Set Source and Destination Access Points
Figure 14 POU Setting for Feeder1_Transparent Access Point Router
Step 14.
Save and send the settings to your RTAC.
Access Point Router Exercise
Page 8 of 14
20120723
Step 15.
Configure ACSELERATOR QuickSet or a terminal emulation program as in Step 8, but this time, use TCP Port 50002. Use the ID command to validate your connection. Notice this time what happens with the Port 1 LEDs. Some (binary) data collection will continue with the TAP (transparent) connection. Because the TAP connection is being used, none of the ASCII polls will be sent, only the binary polls.
Step 16.
Open the settings for the Feeder1_Transparent access point router, and set the Source_Authentication to True. With this setting, the RTAC will prompt you for a username and password before it allows you to connect to a relay.
Figure 15 Set Source_Authentication
Access Point Router Exercise
Page 9 of 14
20120723
Step 17.
After saving and sending the new settings to the RTAC, use the same connection parameters as in Step 15 to test the transparent connection. This time, you will be prompted for a login name and password. They must be for a valid account on the RTAC.
Figure 16 Enter Username So the RTAC Will Allow Remote Connection
Figure 17 Enter Password So the RTAC Will Allow Remote Connection
Access Point Router Exercise
Page 10 of 14
20120723
Step 18.
Log in to the RTAC web interface, and look at the Sequence of Events (SOE) logs. You should be able to find a log of SEL remotely accessing a device. Note that SEL, in this case, is a username. The RTAC also logs all unsuccessful login attempts.
Figure 18 RTAC SOE Log
Step 19.
Open the settings for the Engineering_AP access point, and change the Network Connection Type to SSH. This will encrypt the data between your terminal program and the RTAC.
Figure 19 Set Access Point for SSH
Step 20.
Save and send these settings to the RTAC.
Access Point Router Exercise
Page 11 of 14
20120723
Step 21.
Using ACSELERATOR QuickSet, select Communication Parameters from the Communications menu. Set the Active Connection Type to Network, the Host IP Address to the RTAC IP address, the Port Number to 50001 and the File Transfer Option to SSH. The User ID and Password settings must match a valid user account on the RTAC. The Level One Password and Level Two Password settings are for the relay you are connecting to.
Figure 20 Communication Parameters in ACSELERATOR QuickSet
Access Point Router Exercise
Page 12 of 14
20120723
Step 22.
Select OK in the Communication Parameters window, and ACSELERATOR QuickSet will connect to the RTAC and, ultimately, the relay. You may see a Device Authentication warning. In this case, select Trust, and the connection will be made.
Figure 21 Device Authentication
Step 23.
In ACSELERATOR QuickSet, click on the Terminal Window button to open the Terminal Emulator.
Figure 22 Terminal Window Button in ACSELERATOR QuickSet
Access Point Router Exercise
Page 13 of 14
20120723
Step 24.
Use the ID command again to validate the connection.
Figure 23 Validate Connection to the SEL-751
Step 25.
Log in to the RTAC web interface to check the SOE logs. You should be able to find an entry showing a remote connection even without Source Authentication turned on in this access point router.
Figure 24 RTAC SOE Report
Access Point Router Exercise
Page 14 of 14
20120723