Access Point Router Exercise

Hands-On RTAC Session Access Point Router Exercise Figure 1 Connection Diagram Access Point Router The access point router application allows you to...
Author: Tobias Skinner
1 downloads 4 Views 792KB Size
Hands-On RTAC Session Access Point Router Exercise

Figure 1 Connection Diagram

Access Point Router The access point router application allows you to connect remotely to a device that is attached to the SEL-3530 Real-Time Automation Controller (RTAC) via an Ethernet or serial connection (e.g., a modem). This feature in the RTAC provides the remote engineering access application.

Exercise Step 1.

Using the ACSELERATOR RTAC® SEL-5033 Software, right-click Devices and select Add Other Device > Access Point to create your incoming engineering access point.

Figure 2 Add Access Point to Your Devices

Access Point Router Exercise

Page 1 of 14

20120723

Step 2.

Select your engineering access point type. Provide a Device Name (e.g., Engineering). Select Ethernet Incoming (Listens for Connections) as your Connection Type.

Figure 3 Engineering Access Connection Type

Step 3.

Assign a connection type and Transmission Control Protocol (TCP) port number (50001) for your engineering access. Use Telnet as the Network Connection Type.

Figure 4 TCP Port Settings for Engineering Access

Access Point Router Exercise

Page 2 of 14

20120723

Step 4.

Right-click on Access Point Routers, and select Add Access Point Router.

Figure 5 Add Access Point Routers

Step 5.

Assign a unique Name for your port routers. Use the access point you created as the Source Access Point. The Destination Access Points will be your various intelligent electronic devices (IEDs). Devices that end with TAP are for transparent (interleave) connections. Devices that end with AP are for direct transparent connections (Direct - SCADA polling is stopped while the access point router is in use). Select Feeder_1_SEL_AP as your destination access point.

Figure 6 Add Access Routers

Access Point Router Exercise

Page 3 of 14

20120723

Step 6.

Next, set the program organizational unit (POU) settings. Set Auto_Connect to TRUE in the POU Pin Settings tab. This will automatically connect the incoming access point to the outgoing access point once the RTAC detects an incoming connection.

Figure 7 POU Pin Settings

Step 7.

Save and send the settings to your RTAC.

Step 8.

Use any terminal software package to connect to your RTAC Internet Protocol (IP) address and use the engineering access point TCP port you configured. Ensure that the local-area network (LAN) adapter on the computer is set to an address on the same subnet as your RTAC. Be sure to specify the Host IP address of the interface you are connecting to on the RTAC.

Figure 8 Example Settings in Tera Term

Access Point Router Exercise

Page 4 of 14

20120723

Step 9.

Use the ID command to verify connectivity. Notice the Port 1 light-emitting diode (LED). Normal polling has stopped; only the remote access traffic is allowed to pass to the relay.

Figure 9 Engineering Access

Access Point Router Exercise

Page 5 of 14

20120723

Step 10.

Close your terminal emulation program, open ACSELERATOR QuickSet® SEL-5030 Software, and connect to the same access point. Because the RTAC does not have a traditional prompt, you need to modify the communications settings so ACSELERATOR QuickSet will not look for a prompt to determine if a connection is made. From the Tools menu, select Options. Find the Communications tab, check the Enable Advanced Communication Settings, and acknowledge the warning. Uncheck the Auto-Detect Connection box, and select OK.

Figure 10 QuickSet Advanced Communications Settings

Access Point Router Exercise

Page 6 of 14

20120723

Step 11.

From the Communications menu, open the Communication Parameters tab. Set the Active Connection Type and parameters as shown below in Figure 11. The Level One Password is OTTER, and the Level Two Password is TAIL. Click Apply, and confirm communication to the SEL-751 Feeder Protection Relay.

Figure 11 ACSELERATOR QuickSet Communication Parameters

Step 12.

Add a second Ethernet incoming access point named Engineering_Transparent. Set the Network Connection Type to Telnet, and set the Local Port Number to 50002.

Figure 12 Configure Engineering_Transparent Access Point

Access Point Router Exercise

Page 7 of 14

20120723

Step 13.

Add another access point router named Engineering_Transparent, but this time select the TAP connection from the Destination Access Points. Do not forget to set Auto_Connect to TRUE, as in Step 6.

Figure 13 Set Source and Destination Access Points

Figure 14 POU Setting for Feeder1_Transparent Access Point Router

Step 14.

Save and send the settings to your RTAC.

Access Point Router Exercise

Page 8 of 14

20120723

Step 15.

Configure ACSELERATOR QuickSet or a terminal emulation program as in Step 8, but this time, use TCP Port 50002. Use the ID command to validate your connection. Notice this time what happens with the Port 1 LEDs. Some (binary) data collection will continue with the TAP (transparent) connection. Because the TAP connection is being used, none of the ASCII polls will be sent, only the binary polls.

Step 16.

Open the settings for the Feeder1_Transparent access point router, and set the Source_Authentication to True. With this setting, the RTAC will prompt you for a username and password before it allows you to connect to a relay.

Figure 15 Set Source_Authentication

Access Point Router Exercise

Page 9 of 14

20120723

Step 17.

After saving and sending the new settings to the RTAC, use the same connection parameters as in Step 15 to test the transparent connection. This time, you will be prompted for a login name and password. They must be for a valid account on the RTAC.

Figure 16 Enter Username So the RTAC Will Allow Remote Connection

Figure 17 Enter Password So the RTAC Will Allow Remote Connection

Access Point Router Exercise

Page 10 of 14

20120723

Step 18.

Log in to the RTAC web interface, and look at the Sequence of Events (SOE) logs. You should be able to find a log of SEL remotely accessing a device. Note that SEL, in this case, is a username. The RTAC also logs all unsuccessful login attempts.

Figure 18 RTAC SOE Log

Step 19.

Open the settings for the Engineering_AP access point, and change the Network Connection Type to SSH. This will encrypt the data between your terminal program and the RTAC.

Figure 19 Set Access Point for SSH

Step 20.

Save and send these settings to the RTAC.

Access Point Router Exercise

Page 11 of 14

20120723

Step 21.

Using ACSELERATOR QuickSet, select Communication Parameters from the Communications menu. Set the Active Connection Type to Network, the Host IP Address to the RTAC IP address, the Port Number to 50001 and the File Transfer Option to SSH. The User ID and Password settings must match a valid user account on the RTAC. The Level One Password and Level Two Password settings are for the relay you are connecting to.

Figure 20 Communication Parameters in ACSELERATOR QuickSet

Access Point Router Exercise

Page 12 of 14

20120723

Step 22.

Select OK in the Communication Parameters window, and ACSELERATOR QuickSet will connect to the RTAC and, ultimately, the relay. You may see a Device Authentication warning. In this case, select Trust, and the connection will be made.

Figure 21 Device Authentication

Step 23.

In ACSELERATOR QuickSet, click on the Terminal Window button to open the Terminal Emulator.

Figure 22 Terminal Window Button in ACSELERATOR QuickSet

Access Point Router Exercise

Page 13 of 14

20120723

Step 24.

Use the ID command again to validate the connection.

Figure 23 Validate Connection to the SEL-751

Step 25.

Log in to the RTAC web interface to check the SOE logs. You should be able to find an entry showing a remote connection even without Source Authentication turned on in this access point router.

Figure 24 RTAC SOE Report

Access Point Router Exercise

Page 14 of 14

20120723