Sie sind auf Seite 1von 24

Module 14

The GSM/GPRS Modem

Module Objectives

In this module we will discuss:


 GSM/GPRS Theory of operation
 Schneider recommendations for
configuration
 Troubleshooting tips

ETG 3000 V 1.1 Evolutions




TSX ETG 3021 / 3022


GSM / GPRS
Embedded modem

Main V 1.1 features


Provide GSM/GPRS communications on TSX ETG 3021
Euro Band (900-1800 Mhz)
Launch TSX ETG 3022 GSM/GPRS communications - US
frequency (850-1900 MHz)
Call back on ring function: on PSTN and GSM / GPRS
Implement Security features on GPRS over internet

VPN remote access, data encryption support,


IP filtering (mini firewall: filtering of IP client
addresses)
Implement transparent routing access capabilities on
GPRS

When VPN is used

GPRS Overview (General Packet Radio Service)




Available on TSX ETG 3021 / 3022 modules


(V1.1 version)

GPRS is a packet oriented Data Service based on


GSM technology. (Global System for Mobile)

Provides a cost effective solution for wireless and


continuous remote connection to distributed
installations

Main advantages over GSM and PSTN

Internet
Internet
GPRS
GPRS
Network
Network

Communications cost : Data transfer is typically


charged per amount of data exchanged (amount of
megabytes per month),
while data communication via traditional circuit
switching is billed per minute of connection time.


GPRS allows continuous / permanent remote


connections

Higher Data rates than GSM > Theoretically

GPRS/VPN ETG 302X Applications




PC (Internet connected) access to Remote ETG 302x and devices


Using remote devices address

GPRS
GPRS
Network
Network

Internet
Internet

139.158.10.20

Ethernet

VPN

139.158.10.23

139.158.10.24

Modbus

ETG 302x access to Remote ETG 302x and devices


85.20.65.101

Ethernet

Internet
Internet

GPRS
GPRS
Network
Network

139.158.10.20

Ethernet

VPN
85.20.65.110

Modbus

139.158.10.23 139.158.10.24

Modbus

GPRS Communications
During a GPRS connection:
The ETG302x module connects to the GPRS network via
an Access Point Name (APN) given by the GPRS
service provider
The Access Point Name (APN) creates the gateway
between the GPRS network and the internet
The client PC or application is also connected to the
internet.

Internet
Internet
APN

N
VP

GPRS
GPRS
Network
Network

To ensure a secure remote access, ETG302x


modules also implement security services such
as:
VPN (Virtual Private Network)
IP filtering
Data encryption capabilities

GPRS Connection Principles




A SIM card and a specific GPRS subscription / contract


provided by a GPRS service Provider is required

Connections are always established from modem to GPRS


network, and never from GPRS network to modem

Internet
Internet
APN

It is not possible for a client application to directly open a


connection by dialing the ETG302x directly as in PSTN

The ETG 302x module accepts incoming GSM or PSTN calls


and supports Internet Call back function in order to connect
itself to the GPRS network from a remote request

ETG 302x modules provides two modes for connecting


to GPRS network

GPRS
GPRS
Network
Network

Permanent mode:
Automatic connection at startup or after a boot or after
a connection loss
On Demand mode:
on a process or application condition. (via internal
registers)
via Call back function

GPRS Connection Principles (Cont)


Upon a connection:
 The ETG302x module receives an IP address
from the provider

Internet
Internet

either a Public IP or a private IP address


either a Static IP or a Dynamic IP address depending
on the GPRS subscription

N
VP

APN

GPRS
GPRS
Network
Network

ETG302x supports both Static or Dynamics IP


addresses.
For Dynamic IP addresses, ETG 302x provides
DynDNS support
Note =S= recommends subscriptions have:
Public APN with public IP address (reachable from
the internet)
Static IP address the service assigns the module a
static IP address. You can eliminate DynDNS

Private/Public APN


Private APN with private IP Address


Dedicated access within a company intranet (same as =S= VPN)
ETG and connected devices can access the internet
Nobody from the internet can reach the ETG and connected devices
Private
APN

Internet/Intranet
Internet/Intranet

GPRS network

Ethernet
Modbus

Public APN with public IP address


ETG and connected devices can access internet
Public can reach ETG and connected devices
PC or other devices from internet
APN
Internet
Internet

GPRS network

Ethernet
Modbus

Note: Requires enhanced security such as VPN. Some ports may be


blocked by provider (ports < 1024). VPN gets around this via a tunnel

More Subscription Details

GPRS
GPRS
Internet
Internet Network
Network

GSM/GPRS service providers typically offer dedicated


subscriptions well adapted to industrial applications, also called
M2M (Machine to Machine) subscriptions.

Various GPRS subscriptions are available with different options:

various different Data exchange rates (billing on data amount in Megabytes per
month)
option for Static IP or Dynamic IP address
Incoming TCP ports blocked or not : some providers are offering only
subscriptions with TCP ports, blocked for security reasons, for instance lower
than port 1024

Note: =S= recommends that you choose subscriptions with:

Public APN with public IP address (visible from internet


a Static IP address
and no TCP ports blocked thus lowering remote connection constraints. It also
allows connections to devices connected to the ETG
You must have the right features in you service or the module will not be able to
do everything it is capable of doing

Dynamic IP Addressing 2 Solutions


What is the ETGs address?
IP = 123,1,2,45

YourETG.DYNDNS.ORG

If your GPRS subscription came with a Dynamic GPRS IP


address, it is changed / renewed frequently by your service
provider.
There are two solutions for Dynamic GPRS IP addresses:

DynDNS service for working with the IP address Publication:

DNS Inc. (DynDns.com) is a free DNS service that allows you to create your own domain name.
There are limits on how many domain names you can have under the free service

Email module emails you its address when connected

VPN Overview
VPN technology allows an ETG302x to establish secure, private, bi-directional,
encrypted tunneled connections over the Internet between your central sites and
your remote equipment

VPN

VPN service provides:


 Secured connections between PC connected to
Internet and remote ETG302x gateways


VPN

bringing remote devices 'virtually' into your own LAN. Once


the tunnel mode is established, your programming software
and monitoring tools access the remote device transparently,
as if it are in the same local network.

Secured Site-to-Site Connections via VPN tunnels


between two remote ETG302x gateways.

any device from one site can access any other device in the
remote site. This capability can also be useful for instance
as alternative solution for replacing leased lines between
sites

Getting Ready - GSM Physical Setup - Step 1

1
2




Attach the antenna (1)


Insert the SIM chip in the rear of the ETG (2)

Module Configuration IP Address Step 2

2
1





Connect to the module with an


Internet Browser
Select Setup then Modem (1)
Enter the SIM PIN code (if one
exists)
Many providers dont have one, it
depends on your account

Power up and go to the Modem


Diagnostics area (3)
operator from connection
signal strength good connection
shown

GPRS Configuration Step 3

Select GPRS enable check box and enter the GPRS parameters:





Connection mode: =S= recommends start with On Demand option


Access Point Name ( APN ) : Enter the APN according to your GPRS
provider and contract
Username/Password of the APN
DynDNS optional, if dynamic IP, posts IP to DynDNS account

Helps you connect to module using your custom URL

Apply settings and reboot

Is it Working? Step 4

1
2




If you have trouble establishing a connection, check the log file (1)
Good connection have frames sent/received counters

PC to ETG Connection (no VPN) Step 6

Ethernet

Do this to verify that you can connect to the ETG before VPN
 Connect ETG to Internet/Intranet
 Connect PC to internet, verify that it can connect to ETG
Firewall issues
No bridging to Ethernet devices inside gateway is possible

VPN Client Overview


VPN server

When connecting a PC to a remote ETG 302x


the ETG302x acts as a VPN server. You must run a
VPN client interface on the PC
VPN required for bridging to Ethernet devices
connected to ETG

VPN

VPN server

When connecting an ETG302x client to a


remote ETG 302x
the ETG302x client can act as a VPN client.
ETG302x VPN setup includes this client
configuration.

VPN

Various VPN clients can be used:


thegreenbow.com VPN client software
(recommended)
Trail version is available

VPN client service provided by Windows operating


systems XP, 2000, Vista (=S= provides a sample
batch file to run this service)

VPN Client Configuration





Remote Gateway address from either DYNdns or IP address


Preshared key must match key setup in module. Used to
authenticate the connection
IKE encryption used for key authentication

VPN Configuration






Module Remote Address = PC or


different ETG
Preshared key = same in both VPN
Client & Module
Tunnel Mode - use if you wish to
connect to devices on inside of gateway
Remote LAN virtual LAN must match
in Thegreenbow and in the module (1)

Module Setup

PC to ETG

tunnel

PC connects to internet

Firewall issues

Launch tunnel connection

Ethernet

Authentication, tunnel created

When tunnel is established, communication to ETG and attached devices is possiple


No VPN tunnel necessary for serial out of ETG

Most likely want to use VPN for security access

ETG to ETG
ETG1
Ethernet






ETG2
tunnel

Etg1 calls Etg2


Etg2 calls back network
On first data exchange attempt, tunnel is created
Data exchange takes place

Ethernet

ETG to ETG, PC to ETG


tun
nel

Ethernet

ETG1






Ethernet

tunnel

ETG2

Etg1 calls Etg2


Etg2 calls back network
On first data exchange attempt, tunnel is created
PC could also be added and can connect to either ETG and to
connected PLCs

Module
Exercise
1 14 Demo

Configuring an ETG for ESM Modem Operation