Schweitzer Engineering Laboratories SEL3X21 SEL-3021 User Manual Copy 3021 01

Schweitzer Engineering Laboratories, Inc. SEL-3021 Copy 3021 01

Users Manual

Date Code 20041005 Instruction Manual SEL-3021 TransceiverSection 1Introduction & SpecificationsIntroductionThis section includes the following overviews of the SEL-3021 Serial Encrypting Transceiver:➤Product Overview➤Connections, Reset Button, and LED Indications➤Software System Requirements➤General Safety and Care Information➤SpecificationsPreliminary Copy
SEL-3021 Transceiver Instruction Manual Date Code 20041005Introduction & SpecificationsProduct Overview1.2Product OverviewThe SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device designed to add strong cryptographic security to new serial communications links and to provide an easy and effective security solution for existing serial communications networks. It is designed for use on both point-to-point byte oriented communications links and multidrop SCADA networks.The SEL-3021 provides data confidentiality by encrypting passwords and other sensitive data prior to transport over insecure channels. The SEL-3021 also prevents unauthorized device access by rejecting all communication session requests from sources that cannot pass cryptographic session authentication. Figure 1.1 shows a typical SCADA connection where a master device retrieves data from a remote device over an insecure communications channel such as a leased phone circuit, a dial-up connection, or a wireless link. Unauthorized individuals could monitor or alter the data these media carry. Someone could also access the channel and inject malicious data to force some type of action such as an unauthorized breaker operation.Figure 1.1 Typical SCADA Communications ChannelFigure 1.2 shows the SCADA communications link now secured by two SEL-3021 Serial Encrypting Transceivers. Install the SEL-3021 between the master device and modem at the master location and install an SEL-3021 between the remote device and modem at the remote location to provide electronic security. With the SEL-3021, legitimate communication still flows seamlessly between the master and remote devices, but a potential attacker cannot intercept or interpret the sensitive contents of the encrypted frames. The SEL-3021 transceivers block all unauthorized access to the master or remote device.Intended CommunicationsInsecure ChannelModem ModemModemSCADAMasterSCADARTUUnauthorizedDevice orAttackerMalicious CommunicationMalicious CommunicationPreliminary Copy
Date Code 20041005 Instruction Manual SEL-3021 TransceiverIntroduction & SpecificationsProduct Overview1.3Figure 1.2 Secure SCADA Communications ChannelEncrypted Communications Over an Insecure ChannelInsecureChannelSEL-3021Modem ModemModemSCADAMasterSCADARTUUnauthorizedDevice orAttackerUnauthorized CommunicationBlocked by an SEL-3021Unauthorized CommunicationBlocked by an SEL-3021SEL-3021Preliminary Copy
SEL-3021 Transceiver Instruction Manual Date Code 20041005Introduction & SpecificationsConnections, Reset Button, and LED Indications1.4Connections, Reset Button, and LED IndicationsThe figure below shows typical connections for the SEL-3021.Figure 1.3 Typical Connections for the SEL-3021Power Supply ConnectionsYou can apply 5 to 24 Vdc directly to the SEL-3021 power terminals, which are available either as compression terminals or a 2.5 mm jack. You must use an auxiliary power supply to supply a voltage source other than 5 to 24 Vdc. See Specifications on page 1.10 for power requirements.IMPORTANT: Use only one power connection at a time.Untrusted InterfaceInsecure NetworkModem+SEL-2030SEL-2506SEL-421 SEL-311LPC Computer or PDA with 802.11bTrusted Interface5–24 Vdc125 VdcFuseAES Encrypted Wireless 802.11b link fromcomputer to SEL-3021EIA-232EIA-232Contact InputPreliminary Copy
Date Code 20041005 Instruction Manual SEL-3021 TransceiverIntroduction & SpecificationsConnections, Reset Button, and LED Indications1.5Alarm Output ConnectionUse the solid-state alarm contact to alert you to problems either with the communications channel or the SEL-3021. See Section 5: Testing and Troubleshooting for more details. To maintain the UL rating of the SEL-3021, connect the alarm output contact as follows:1. Use an external load to limit current to less than 100 mA through the alarm contact. There is no means within the SEL-3021 to limit current through the alarm contact. You must ensure that the external circuit connected to the SEL-3021 limits the current. For example, a typical SEL contact input draws 4 mA. Figure 1.4 shows a typical connection of a wetting source (125 Vdc), the SEL-3021 solid-state output, an SEL-2030 contact input, and an optional load resistor. In this case, because the contact input impedance limits the current to less than 100 mA, the load resistor is not necessary. If the sensing input does not have a means of limiting the current to less than 100 mA, then you must use a high wattage resistor. Select a load resistor with the proper wattage rating to limit the current. For example, assume the wetting source is 125 Vdc and that the sensing input requires 10 mA to assert. You can use the following calculation to determine the load resistor: 125 Vdc/ 10 mA = 12.5 kΩ. Calculate the minimum wattage: (10 mA)2 • 12.5 kΩ = 1.25 W. You would typically double this parameter to 2.5 W to ensure proper operation over temperature and life. You should verify proper derating with the resistor data sheet.2. Circuit protection should include an in-line fuse rated for 0.5 A or less with a voltage rating greater than the voltage you intend to use.Figure 1.4 shows a typical alarm output installation.CAUTION: Current through the alarm output must be limited to less than 100 mA.!Preliminary Copy
SEL-3021 Transceiver Instruction Manual Date Code 20041005Introduction & SpecificationsConnections, Reset Button, and LED Indications1.6Figure 1.4 Typical Alarm Output InstallationSerial Port Pin-Out ConnectionThe SEL-3021 has a fully compliant DTE and DCE serial port. SEL offers many cable configurations for use between the SEL-3021 and other devices.The serial port pin-out descriptions for the DTE and DCE ports are as follows.Ta b le 1 .1 DT E ( M ale DB 9 ) Pin Description1 Data Carrier Detect (Input)2 Received Data (Input)3 Transmitted Data (Output)4 Data Terminal Ready (Output)5Ground6 Data Set Ready (Input)7 Request to Send (Output)8 Clear to Send (Input)9 Ring Indicator (Input)SEL-3021Alarm Output ContactDo not apply 125 Vdcdirectly to the SEL-3021power supply connectionsTypical SEL contact inputs draw 4 mA ofnominal wetting source voltageSEL-2030Contact InputWetting Voltage125 Vdc0.5 A, 250 VFast Blow FuseOptional Load Resistor+—Preliminary Copy
Date Code 20041005 Instruction Manual SEL-3021 TransceiverIntroduction & SpecificationsConnections, Reset Button, and LED Indications1.7Reset ButtonUse the {RESET} button to reset and delete all security related settings. You can access the {RESET} button through the small hole in the end of the SEL-3021 near the status LED. Use a paper clip or other similar device to press the {RESET} button for at least 2 seconds, which resets the SEL-3021 into a default state. Power must be applied to the SEL-3021 for the reset operation to occur.IMPORTANT: Pressing the {RESET} button erases all security parameters and interrupts transmission of encrypted data until you initialize the SEL-3021. See Initializing the SEL-3021 on page 2.5 in Section 2: Installation.Status LEDUse the status LED to determine the state of the SEL-3021. If the status LED is solidly lit, the SEL-3021 is operating correctly. If the LED is blinking, the SEL-3021 is in a failed or reset mode. Refer to Section 5: Testing and Troubleshooting for more details.Table 1.2 DCE (Female DB9)Pin Description1 Data Carrier Detect (Output)2 Transmitted Data (Output)3 Received Data (Input)4 Data Terminal Ready (Input)5Ground6 Data Set Ready (Output)7 Request to Send (Input)8 Clear to Send (Output)9 Ring Indicator (Output)Preliminary Copy
SEL-3021 Transceiver Instruction Manual Date Code 20041005Introduction & SpecificationsSoftware System Requirements1.8Software System RequirementsThe SEL-3021 comes with configuration and monitoring software, referred to as the SEL-5809 Settings Software. The SEL-5809 Settings Software is the only means to set and monitor the SEL-3021. The software comes in two versions: one version is for a Personal Computer (PC) and one is for a Personal Digital Assistant (PDA) operating system. The following operating systems have been tested with the software.Table 1.3 Operating Systems Tested With the SEL-5809 Settings SoftwareDevices Qualified SystemsPCs WinXP Professional Edition (Service Pack 1)Windows 2000 (Service Pack 4) with .NET framework (Version 1.1) installedWindows XP with .NET framework installedPDAs Pocket PC 2002/2003 or higher with .NET compact framework (Version 1.0 Service Pack 2)Wireless (802.11b) ModulesNetgear MA111Linksys WPC11Preliminary Copy
Date Code 20041005 Instruction Manual SEL-3021 TransceiverIntroduction & SpecificationsGeneral Safety and Care Information1.9General Safety and Care InformationGeneral Safety NotesThe SEL-3021 is designed for restricted access locations. Access shall be limited to qualified service personnel.The SEL-3021 should not be installed or operated in a condition not specified in this manual.CAUTION: The SEL-3021 is an intentional radiator. Changes or modifications not expressly approved by SEL for compliance could void the user’s authority to operate the equipment.!CAUTION: The SEL-3021 is an intentional radiator. The radio has been authorized by the FCC for mobile use only. Users and nearby persons must maintain a separation distance of at least 20 cm (8 inches) from the radio during operation.!Cleaning InstructionsThe SEL-3021 should be de-energized (by removing the power connection to both the power and alarm connection) before cleaning.The case can be wiped down with a damp cloth. Solvent-based cleaners should not be used on plastic parts or labels.Preliminary Copy
SEL-3021 Transceiver Instruction Manual Date Code 20041005Introduction & SpecificationsSpecifications1.10SpecificationsIndicatorsGreen LED: Device StatusSolid-State Output100 mA continuous250 Vdc or 120 Vac Operational VoltageMax. On Resistance: 50 ΩMin. Off Resistance: 10 MΩInsulation: 1500 VdcWiring size: 14 AWG Max.26 AWG Min.0.4 mm Min. Insulation105° C, 250 V Min.Encryption ProtocolsAES: 128-bit encryptionSerial PortConnectors: DB-9 Male (DTE)DB-9 Female (DCE)Data Rate: 300 bps to 38400 bpsInterface: EIA-232Wi-Fi/802.11b Configuration PortProtocol: IEEE 802.11bModulation: DSSSFrequency Band: 2.4 GHzEncryption: 128-bit WEP and128-bit AESAuthentication: HMAC SHA-1 128-bit keyPower Requirements+5 to +24 Vdc: <5 Wsupplied through compression terminals or a 2.5 mm jackOperating Temperature Range–40° to +85°C (–40° to +185°F)802.11b module (0° to +70°C)5 to 95% humidity (noncondensing)Dimensions3.675" wide4.8" deep1" high, without DIN mountType TestsElectromagnetic CompatibilityRadiated Emissions: IEC 60255-25:2000, Class AFCC part 15 Class AElectromagnetic Compatibility ImmunityConducted RF Immunity: ENV 50141:1993, 10 V rmsIEC 61000-4-6:1996,10 V rmsDigital Radio Telephone RF: ENV 50204:1995, 10 V/m at 900 MHzand 1.89 GHzElectrostatic Discharge: IEC 60255-22-2:1996,IEC 61000-4-2:1999,[EN 61000-4-2–1995], Levels 1, 2, 3, 4Fast Transient Disturbance: IEC 61000-4-4:1995,IEC 60255-22-4:1992,4 kV at 2.5 and 5 kHzRadiated Radio Frequency: ENV 50140–1993,IEC 60255-22-3:1989, 10 V/mIEEE C37.90.2–1995,35 V/mType Test Compliance Criteria:1) The SEL-3021 does not damage or impede IED operation.2) The SEL-3021 is allowed to lose data during testing events.3) The SEL-3021 must recover without external intervention.EnvironmentalCold: IEC 60068-2-1:1990[EN 60068-2-1–1993], Test Ad: 16 hrs @ –40°CDry Heat: IEC 60068-2-2:1974[EN 60068-2-2–1993],Test Bd: 16 hrs @ +85°CDamp Heat, Cyclic: IEC 60068-2-30:1980,Test Db: +25° to +55°C, 6 cycles, 95% humidityVibration: IEC 60255-21-1:1988,Class 1IEC 60255-21-2:1988, Class 1IEC 60255-21-3:1993, Class 2Max. Altitude: 2000 mPreliminary Copy
Date Code 20041005 Instruction Manual SEL-3021 TransceiverIntroduction & SpecificationsSpecifications1.11CertificationsISO: Device is designed and manufactured usingISO 9001 certified quality program.Listings: CE MarkUL 61010C-1/CSA C22.2 No. 1010-1-92/EN 61010-1FCC: 15.247IC: ICES-001FIPS: 140-2, Security Level 2(pending)Preliminary Copy
This page intentionally left blankPreliminary Copy

Navigation menu