module 14 - gsm modem
DESCRIPTION
SCHNEIDERTRANSCRIPT
-
Module 14
The GSM/GPRS Modem
-
Module Objectives
In this module we will discuss:
GSM/GPRS Theory of operation
Schneider recommendations for
configuration
Troubleshooting tips
-
ETG 3000 V 1.1 Evolutions
Main V 1.1 features
Provide GSM/GPRS communications on TSX ETG 3021
Euro Band (900-1800 Mhz)
Launch TSX ETG 3022 GSM/GPRS communications - US
frequency (850-1900 MHz)
Call back on ring function: on PSTN and GSM / GPRS
Implement Security features on GPRS over internet
VPN remote access, data encryption support,
IP filtering (mini firewall: filtering of IP client
addresses)
Implement transparent routing access capabilities on
GPRS
When VPN is used
TSX ETG 3021 / 3022
GSM / GPRS
Embedded modem
rlimaymantaNotaPERMITE TENER COMUNCIACION A ACCESO REMOTO A TRAVEZ DE UNA ENCRIPTACION DE DATOS
-
GPRS Overview (General Packet Radio Service)
Available on TSX ETG 3021 / 3022 modules (V1.1 version)
GPRS is a packet oriented Data Service based on GSM technology. (Global System for Mobile)
Provides a cost effective solution for wireless and continuous remote connection to distributed installations
Main advantages over GSM and PSTN Communications cost : Data transfer is typically
charged per amount of data exchanged (amount of megabytes per month),
while data communication via traditional circuit switching is billed per minute of connection time.
GPRS allows continuous / permanent remote connections
Higher Data rates than GSM > Theoretically
InternetInternet
GPRS
Network
GPRS
Network
rlimaymantaNotaGPRS LA EMPRESA COBRA POR CONSUMO DE DATOS Y EN GSM COBRA POR TIEMPO DE CONEXION
-
GPRS/VPN ETG 302X Applications
PC (Internet connected) access to Remote ETG 302x and devices
Using remote devices address
ETG 302x access to Remote ETG 302x and devices
139.158.10.24
Ethernet
Modbus 139.158.10.23
139.158.10.20
Ethernet
Modbus
85.20.65.101
85.20.65.110
InternetInternetGPRS
Network
GPRS
Network
VPN
139.158.10.24
Ethernet
Modbus
InternetInternetGPRS
Network
GPRS
Network
VPN
139.158.10.23
139.158.10.20
-
GPRS Communications
During a GPRS connection:
The ETG302x module connects to the GPRS network via
an Access Point Name (APN) given by the GPRS
service provider
The Access Point Name (APN) creates the gateway
between the GPRS network and the internet
The client PC or application is also connected to the
internet.
To ensure a secure remote access, ETG302x
modules also implement security services such
as:
VPN (Virtual Private Network)
IP filtering
Data encryption capabilities
InternetInternet
GPRS
Network
GPRS
Network
APN
VPN
-
GPRS Connection Principles
A SIM card and a specific GPRS subscription / contract provided by a GPRS service Provider is required
Connections are always established from modem to GPRS network, and never from GPRS network to modem It is not possible for a client application to directly open a
connection by dialing the ETG302x directly as in PSTN
The ETG 302x module accepts incoming GSM or PSTN calls and supports Internet Call back function in order to connect itself to the GPRS network from a remote request
ETG 302x modules provides two modes for connecting to GPRS network Permanent mode:
Automatic connection at startup or after a boot or after a connection loss
On Demand mode:
on a process or application condition. (via internal registers)
via Call back function
InternetInternet
GPRS
Network
GPRS
Network
APN
-
GPRS Connection Principles (Cont)
Upon a connection:
The ETG302x module receives an IP address
from the provider
either a Public IP or a private IP address
either a Static IP or a Dynamic IP address depending
on the GPRS subscription
ETG302x supports both Static or Dynamics IP
addresses.
For Dynamic IP addresses, ETG 302x provides
DynDNS support
Note =S= recommends subscriptions have:
Public APN with public IP address (reachable from
the internet)
Static IP address the service assigns the module a
static IP address. You can eliminate DynDNS
InternetInternet
GPRS
Network
GPRS
Network
APN
VPN
-
Private/Public APN
Private APN with private IP Address
Dedicated access within a company intranet (same as =S= VPN)
ETG and connected devices can access the internet
Nobody from the internet can reach the ETG and connected devices
Public APN with public IP address
ETG and connected devices can access internet
PC or other devices from internet can reach ETG and connected devices
Note: Requires enhanced security such as VPN. Some ports may be
blocked by provider (ports < 1024). VPN gets around this via a tunnel
Internet/IntranetInternet/Intranet
Private
APN
GPRS network Ethernet
Modbus
InternetInternet
Public
APN
GPRS network Ethernet
Modbus
-
More Subscription Details
GSM/GPRS service providers typically offer dedicated subscriptions well adapted to industrial applications, also called M2M (Machine to Machine) subscriptions.
Various GPRS subscriptions are available with different options: various different Data exchange rates (billing on data amount in Megabytes per
month)
option for Static IP or Dynamic IP address
Incoming TCP ports blocked or not : some providers are offering only subscriptions with TCP ports, blocked for security reasons, for instance lower than port 1024
Note: =S= recommends that you choose subscriptions with: Public APN with public IP address (visible from internet
a Static IP address
and no TCP ports blocked thus lowering remote connection constraints. It also allows connections to devices connected to the ETG
You must have the right features in you service or the module will not be able to do everything it is capable of doing
InternetInternetGPRS
Network
GPRS
Network
-
Dynamic IP Addressing 2 Solutions
If your GPRS subscription came with a Dynamic GPRS IP
address, it is changed / renewed frequently by your service
provider.
There are two solutions for Dynamic GPRS IP addresses: DynDNS service for working with the IP address Publication:
DNS Inc. (DynDns.com) is a free DNS service that allows you to create your own domain name.
There are limits on how many domain names you can have under the free service
Email module emails you its address when connected
What is the ETGs address?IP = 123,1,2,45
YourETG.DYNDNS.ORG
-
VPN Overview
VPN service provides:
Secured connections between PC connected to
Internet and remote ETG302x gateways bringing remote devices 'virtually' into your own LAN. Once
the tunnel mode is established, your programming software
and monitoring tools access the remote device transparently,
as if it are in the same local network.
Secured Site-to-Site Connections via VPN tunnels
between two remote ETG302x gateways. any device from one site can access any other device in the
remote site. This capability can also be useful for instance
as alternative solution for replacing leased lines between
sites
VPN
VPN
VPN technology allows an ETG302x to establish secure, private, bi-directional,
encrypted tunneled connections over the Internet between your central sites and
your remote equipment
-
Getting Ready - GSM Physical Setup - Step 1
Attach the antenna (1)
Insert the SIM chip in the rear of the ETG (2)
1
2
-
Module Configuration IP Address Step 2
Connect to the module with an Internet Browser
Select Setup then Modem (1)
Enter the SIM PIN code (if one exists) Many providers dont have one, it
depends on your account
Power up and go to the Modem Diagnostics area (3) operator from connection
signal strength good connection shown
12
3
-
GPRS Configuration Step 3
Select GPRS enable check box and enter the GPRS parameters:
Connection mode: =S= recommends start with On Demand option Access Point Name ( APN ) : Enter the APN according to your GPRS
provider and contract
Username/Password of the APN
DynDNS optional, if dynamic IP, posts IP to DynDNS account Helps you connect to module using your custom URL
Apply settings and reboot
rlimaymantaNotaUN APN TE PERMITE INGRESAR A LA RED DE UNA EMPRESA TELEFONICACOMANDO PARA VER LOS PUERTOS HABILITADOS:
netstat -n
-
Is it Working? Step 4
If you have trouble establishing a connection, check the log file (1)
Good connection have frames sent/received counters
1
2
-
PC to ETG Connection (no VPN) Step 6
Do this to verify that you can connect to the ETG before VPN
Connect ETG to Internet/Intranet
Connect PC to internet, verify that it can connect to ETG
Firewall issues
No bridging to Ethernet devices inside gateway is possible
Ethernet
-
VPN Client Overview
When connecting a PC to a remote ETG 302x the ETG302x acts as a VPN server. You must run a
VPN client interface on the PC
VPN required for bridging to Ethernet devices connected to ETG
When connecting an ETG302x client to a remote ETG 302x the ETG302x client can act as a VPN client.
ETG302x VPN setup includes this client configuration.
Various VPN clients can be used: thegreenbow.com VPN client software
(recommended)
Trail version is available
VPN client service provided by Windows operating
systems XP, 2000, Vista (=S= provides a sample batch file to run this service)
VPN server
VPN
VPN
VPN server
-
VPN Client Configuration
Remote Gateway address from either DYNdns or IP address
Preshared key must match key setup in module. Used to authenticate the connection
IKE encryption used for key authentication
-
VPN Configuration
Module Remote Address = PC or
different ETG
Preshared key = same in both VPN
Client & Module
Tunnel Mode - use if you wish to
connect to devices on inside of gateway
Remote LAN virtual LAN must match
in Thegreenbow and in the module (1)
Module Setup
1
1
-
PC connects to internet Firewall issues
Launch tunnel connection Authentication, tunnel created
When tunnel is established, communication to ETG and attached devices is possiple
No VPN tunnel necessary for serial out of ETG Most likely want to use VPN for security access
PC to ETG
tunnel Ethernet
-
Etg1 calls Etg2
Etg2 calls back network
On first data exchange attempt, tunnel is created
Data exchange takes place
ETG to ETG
tunnelEthernetEthernet
ETG1 ETG2
-
Etg1 calls Etg2
Etg2 calls back network
On first data exchange attempt, tunnel is created
PC could also be added and can connect to either ETG and to
connected PLCs
ETG to ETG, PC to ETG
tunnelEthernetEthernet
tunnel
ETG1 ETG2
-
Exercise 1Module 14 DemoConfiguring an ETG for ESM Modem Operation