# Manual 1.9.3 # 1 Overview This document is intended to act as a user manual and explain WCC Lite usage in detail. It is expected the person referring to this manual is experienced in programmable logic controllers (PLC), networking (IPv4, ethernet) and the use of the operating system of choice (Windows, Linux, Mac, etc.). This document might not cover all of the use cases. For usage not described in this document please contact Elseta technical support (contact info available on the last page of this document).# 2 Hardware and software requirements To get the WCC Lite up and running a PC/Mac is required, capable of running a web browser and an MS Excel compatible spreadsheet editor (e.g. LibreOffice or an online spreadsheet editor such as Google Sheets). A built­in or external Ethernet adapter is also required to connect to the WCC Lite.# 3 Technical information
##### System
ProcessorMIPS CPU (AR9331, 400MHz)
Memory16 MB Flash/64 MB DDR2 RAM
Wireless802.11 b/g/n
I/O1x Binary input (hardware version >=1.4) 1x Relay output
Additional storage SD card (2GB by default)SD card (2GB by default)
Ethernet 10/100 Base­T ­ RJ­45 connector up to 2 independent ports10/100 Base­T ­ RJ­45 connector up to 2 independent ports
Serial ports1x RS­485 1x RS­485 / RS­232 (switchable)
Time synchronizationNTP client + server, IEC 60870­5­101, IEC 60870­5­104
GSM2G(GPRS, EDGE) / 4G(LTE) 2G(GPRS, EDGE) / 3G(UMTS, HSDPA, HSUPA) 2G(GPRS, EDGE) / 3G(UMTS, HSDPA, HSUPA) / 4G(LTE) Single OR Dual SIM card modem
##### Power requirements
Power supply 12 ­- 24 VDC
Power consumption < 6W
Dimensions 101 (H) x 22.5 (W) x 119 (L), mm
Mounting Wall mount, Din rail
##### Environmental
Operating temperature­40°C to +85°C
Warranty 2 year
Humidity2-95% RH (non-condensing)
##### Software
Compatibility with HMI (Human Machine Interface)Compatible with cloud-based SCADA system -CloudIndustries.eu
Routing• Isolated LAN interface • Isolated LAN interface, but omitted to provide TCP / UDP ports or VPN mergers • Routed LAN internet connection masking data for GSM interfaces • Secure LAN data transfer via VPN • Secure LAN data transmission through VPN access to the Internet • Single OR Dual SIM card modem
Database• File-based database • Data buffering in case of network outage
Data security• All data between WCC Lite and Cloud-based SCADA exchange over a secure encrypted VPN tunnel • Firewall to prevent intrusion and DoS attacks • A VPN solution with a VPN gateway can be used to manage (configure and update) and monitor VPN and WCC devices from a single place
Device maintenanceIt is possible to configure and monitor devices and protocols connected to the WCC Lite through Elseta cloud-based SCADA system CloudIndustries.eu or 3rd party SCADAs and see device­based alarms such as communication errors, etc.
Supported protocols• Modbus master/slave (RTU / ASCII / TCP) • M­Bus master (Serial / TCP) • IEC 60870­5­ 101 master/slave • IEC 60870­5­ 103 master • IEC 60870­5­ 104 master/slave • IEC 62056­31 master • IEC 62056­21 (since v1.2.13) • DNP3 master / slave • SMA Net • DLMS (since v1.3.0) • Resol VBus • IEC 61499 (since v1.4.0) • IEC 61850 master/slave (since v1.5.0)
Supported devices• Other Elseta products • Aurora PV inverters • Delta inverters • Kaco PV inverters • SMA PV inverters • Ginlong PV inverters • Solplus PV inverters • Kostal devices • Windlog data logger • Vestas Wind turbines • Elgama elektronika electricity meters
Network features• IPsec • OpenVPN • xl2tp • Firewall • Routing • RADIUS • SNMP • ser2net • API • NTP synchronization
Extra features• Software update • Remote configuration via CloudIndustries.eu administration • Device fault notifications • Internal web page for configuration and diagnostics
# 4 WCC Lite status indication and control # 4.1 Status indication [![image-1727419134055.png](https://wiki.elseta.com/uploads/images/gallery/2024-09/scaled-1680-/image-1727419134055.png)](https://wiki.elseta.com/uploads/images/gallery/2024-09/image-1727419134055.png) Figure 1: Front panel status indication # 4.2 Reset button The reset button is located on the front panel of WCC Lite, to access it, remove a transparent front panel cover. Different time lengths of button pressing call for different behaviour.
Pressing timeDescriptionIndication
Short PressSystem rebootThe red STATUS LED starts blinking
Long press (>3s)Reset to factory settingsRed STATUS LED turns on
# 5 Installing the WCC Lite # 5.1 Mounting To mount the device: 1. Secure the top of the mounting clip onto a DIN rail. 2. Push the bottom of a device forward to fix the clip in place. To dismount the device: 1. Pull the red-coloured clip downwards (found at the bottom side of the DIN rail). 2. Pull back the bottom of the device. 3. Pull the device upwards to dismount it. [![image-1669193856312.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669193856312.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669193856312.png)[![image-1669193865786.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669193865786.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669193865786.png) Figure 2: WCC Lite DIN rail mounting clip # 5.2 Power It is recommended to power WCC Lite from a 6W (minimum) 12-24V DC power supply. A full range is 5V to 36V. [![image-1669193966138.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669193966138.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669193966138.png) Figure 3: Power input connector

Note: Make sure that the device is compatible with your power source before proceeding! Check the label next to the power connector or on the side of the device.

# 5.3 SIM card slot WCC Lite has an optional Dual-SIM card modem. To access both SIM cards, remove a transparent front panel cover and press through the marked hole with a small tool until the SIM holder pops out. [![image-1669194010051.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669194010051.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669194010051.png) Figure 5: WCC Lite Dual-SIM card slot # 5.4 Dual-SIM card slot WCC Lite has an optional dual-SIM card modem. To access both SIM cards, remove a transparent front panel cover and press through the marked hole with a small tool until the SIM holder pops out. [![image-1669194054543.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669194054543.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669194054543.png) Figure 6: WCC Lite Dual-SIM card holder To insert SIM cards, remove the Dual-SIM holder and fit SIM cards into it. Insert the holder with SIM cards into the slot.

Note: Be careful when removing or inserting a DUAL-SIM holder, as SIM cards can fall out.

Note: WCC Lite will automatically detect a SIM card insertion or removal.

# 6 Interfaces WCC lite supports various interfaces to acquire data and control external circuitry. That includes two serial port interfaces, relay output, digital input, and external cellular connection antenna. # 6.1 Serial port interfaces WCC Lite WCC Lite has 2 serial ports (Figure 7). Selectable RS485 (by default) or RS232 interface on PORT1 and RS485 interface on PORT2. [![image-1669194105015.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669194105015.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669194105015.png) Figure 7: WCC Lite ports WCC Lite RS485 interface supports baud rates up to 115200 and has an integrated 120 termination resistor. It is recommended to use termination at each end of the RS485 cable. To reduce reflections, keep the stubs (cable distance from the main RS485 bus line) as short as possible when connecting the device. See the typical RS485 connection diagram in Figure 8.

Note: Double-check if the A and B wires are not mixed up.

WCC Lite 3-wire RS232 interface is available on PORT1 and can be selected by the user (see Port settings). Baud rates up to 115200 are supported. See the typical RS232 connection diagram in Figure 9. [![image-1647614290547.png](https://wiki.elseta.com/uploads/images/gallery/2022-03/scaled-1680-/image-1647614290547.png)](https://wiki.elseta.com/uploads/images/gallery/2022-03/image-1647614290547.png) Figure 8: Typical WCC Lite RS-485 connection diagram [![image-1647614310588.png](https://wiki.elseta.com/uploads/images/gallery/2022-03/scaled-1680-/image-1647614310588.png)](https://wiki.elseta.com/uploads/images/gallery/2022-03/image-1647614310588.png) Figure 9: Typical WCC Lite RS-232 connection diagram # 6.2 Relay output WCC Lite integrates 1 signal relay (3-way RO connector) with COM (common), NC (normally closed), and NO (normally open) signals. [![image-1669194156568.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669194156568.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669194156568.png) Figure 10: Signal relay connector Maximum switching power is 60W, maximum contact current is 2A, maximum switching voltage is 60VDC/60VAC. The lower is switching power, the higher the lifecycle of Relay Output. Relay electrical endurance: - resistive load, 30VDC / 1A - 30W min. 1x105 operations; - resistive load, 30VDC / 2A - 60W min. 1x104 operations. # 6.3 Digital Input With WCC Lite hardware version 1.4, a digital input functionality has been introduced. Software configuration guidelines are discussed in the [WCC Lite internal signals section.](https://wiki.elseta.com/books/manual/page/19-wcc-lite-internal-signals) It changes state when the voltage is between 12-48V (The supported range is between 10-60V).
Input voltage12-48 VDC (accepts 10-60V)
Protection±60 VDC reverse polarity protection Isolated from the main logic
[![image-1669194223199.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669194223199.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669194223199.png) Figure 11: Signal relay connector # 6.4 GSM WCC Lite comes with an optional GSM module. There are a few hardware configurations available: - Without a GSM modem. - With single SIM modem (HW version 1.0 - 1.2) - 2G/3G (GPRS, EDGE / UMTS, HSDPA, HSUPA) version - 5.76Mb/s upload, 7.2Mb/s download. UMTS/HSPA bands 900, 2100. GSM bands 900, 1800. Modem chip - Ublox Sara-U270. - With single SIM modem (HW version 1.0 - 1.2) - 2G/4G (GPRS, EDGE / LTE) Cat 1 version - 10.3Mb/s upload, 5.2Mb/s download. LTE bands 3, 7, 20. GSM bands 900, 1800. Modem chip - Ublox Lara-R211. - With dual SIM modem (HW version 1.0 - 1.2) - 2G/3G (GPRS, EDGE / UMTS, HSDPA, HSUPA) version - 5.76Mb/s upload, 7.2Mb/s download. UMTS/HSPA bands 900, 2100. GSM bands 900, 1800. Modem chip - Ublox Sara-U270. - With dual SIM modem (HW version 1.0 - 1.2) - 2G/4G (GPRS, EDGE / LTE) Cat 1 version - 10.3Mb/s upload, 5.2Mb/s download. LTE bands 3, 7, 20. GSM bands 900, 1800. Modem chip - Ublox Lara-R211. - With dual SIM modem (HW version 1.3 - 1.4) - 2G/3G/4G (GPRS, EDGE / UMTS, HSDPA, HSUPA / LTE) Cat 4 version - 50Mb/s (max) upload, 150Mb/s (max) download. LTE bands 1, 3, 5, 7, 8, 20, 38, 40, 41. GSM bands 3, 8. UMTS bands 1, 5, 8. Modem chip - Quectel EC25-E. They are based on a mini PCI-e standard connector and are compatible with any other device. Check the label on the package for current modifications. [![image-1669194279091.png](https://wiki.elseta.com/uploads/images/gallery/2022-11/scaled-1680-/image-1669194279091.png)](https://wiki.elseta.com/uploads/images/gallery/2022-11/image-1669194279091.png) Figure 12: GSM antenna connector Connect an antenna to the SMA connector labelled “ANT1“. Select a good antenna placement spot considering the operation environment and network coverage of your mobile provider in the area. To enable MIMO functionality for 4G (LTE) modems a second antenna should be connected to the SMA connector labelled ”ANT2”.

4G (LTE) Cat 1 version modem both antennas are used for LTE communication. In such cases, an internal WIFI antenna is used. The network can be limited in distance and speed, especially in metal-based panels.

Make sure the signal level is over -80dBm to have a stable connection to the network. # 6.5 Wi-Fi For hardware versions older than version **1.4**, in case a Wi-Fi connection is needed, connect a Wi-fi antenna to the SMA connector labelled “WIFI“. Select a good antenna placement spot considering the operation environment. [![image-1693316807761.png](https://wiki.elseta.com/uploads/images/gallery/2023-08/scaled-1680-/image-1693316807761.png)](https://wiki.elseta.com/uploads/images/gallery/2023-08/image-1693316807761.png)Figure 1. Wi-Fi antenna connector (hardware version older than **1.4**) Newer hardware versions don’t have an option of connecting an external Wi-Fi antenna as MIMO capability for cellular modems has been introduced. In case stronger reach is needed, a user should contact the manufacturer to provide possible solutions. [![image-1694092887560.png](https://wiki.elseta.com/uploads/images/gallery/2023-09/scaled-1680-/image-1694092887560.png)](https://wiki.elseta.com/uploads/images/gallery/2023-09/image-1694092887560.png)Figure 2. Wi-Fi antenna connector (hardware version newer than **1.3**)

Given that the default hardware configurations are set for GSM on connectors **ANT 1** and **ANT 2**, the Wi-Fi antenna shall remain non-operational in versions exceeding **1.3**. Users are advised to contact the manufacturer before purchasing the product if Wi-Fi functionality is required.

Make sure the signal level is over -80dBm to have a stable connection to the network.

# 7 Tags #### Single point Commonly used in storing digital states single point values have only one bit of information. The value of such tags can be either one or zero. On the internal web of WCC Lite states of this type of tags are shown in colored boxes with customisable labels.
ValueRepresentation
0OFF
1ON
#### Double point Double-point signals contain two bits of information that allow four different states, therefore they contain additional information compared to single-point ones. The INDETERMINATE state might, for example, mean that part of the equipment has been turned off or a mechanical part which does the switching has stuck between states. ERROR state might mean that both contacts are connected and there might be a short circuit in the equipment.
ValueRepresentation
00INDETERMINATE
01OFF
10ON
11ERROR
# 8 Internal web page WCC Lite is configured via an internal web browser, so no additional software is required. # 8.1 Initial Setup WCC Lite comes with a static network configuration with its IP set to 192.168.1.1. For initial setup set a static IP address on your computer and connect your network card to the WCC Lite with an ethernet cable. ### 8.1.1 Static IP Address Setup on Windows 1\. Press Win+R on your keyboard. This will open the run window. Enter *ncpa.cpl* and press OK. This will open the Network Connections window. [![image-1637917371163.png](https://wiki.elseta.com/uploads/images/gallery/2021-11/scaled-1680-/image-1637917371163.png)](https://wiki.elseta.com/uploads/images/gallery/2021-11/image-1637917371163.png) 2\. Right­-click on the *Local Area Connection* icon, then select Properties [![image-1689074528373.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689074528373.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689074528373.png) 3\. In the window that opens, click on *Internet Protocol Version 4 (TCP/IPv4)* (you may need to scroll down to find it). Next, click on the Properties button. [![image-1637918015359.png](https://wiki.elseta.com/uploads/images/gallery/2021-11/scaled-1680-/image-1637918015359.png)](https://wiki.elseta.com/uploads/images/gallery/2021-11/image-1637918015359.png) 4\. In the window that opens, click the Use the following IP address radio button. Fill in the following fields and click OK: - IP address: *192.168.1.2* - Subnet mask: *255.255.255.0* - Default gateway: (leave empty) [![image-1637918059194.png](https://wiki.elseta.com/uploads/images/gallery/2021-11/scaled-1680-/image-1637918059194.png)](https://wiki.elseta.com/uploads/images/gallery/2021-11/image-1637918059194.png) ### 8.1.2 Connecting to an internal web page If your computer IP address is set up and an ethernet cable is connected, power up the device. Wait a few minutes until the device boots. Then open your web browser and enter the following URL: *http://192.168.1.1/* Supported web browsers: - Google Chrome (recommended) - Mozilla Firefox - Internet Explorer 8 or later [![image-1637918176782.png](https://wiki.elseta.com/uploads/images/gallery/2021-11/scaled-1680-/image-1637918176782.png)](https://wiki.elseta.com/uploads/images/gallery/2021-11/image-1637918176782.png) Login with the root user: - *Username*: *root* - *Password*: *wcclite*

It is recommended to change the password immediately to avoid any unauthorized access.

Before plugging WCC Lite with a static IP address into the local computer network, make sure to check if such an address is not already reserved by other devices.

# 8.2 Site layout [![image-1637918414929.png](https://wiki.elseta.com/uploads/images/gallery/2021-11/scaled-1680-/image-1637918414929.png)](https://wiki.elseta.com/uploads/images/gallery/2021-11/image-1637918414929.png) It provides the main navigation through the website. Contains the following sections: - *PROTOCOL HUB*: configuration related to data exchange between WCC Lite and other devices. - *STATUS:* system information and diagnostics. - SYSTEM*:* basic system settings such as time setup. - *SERVICES:* various other services. - *NETWORK:* network-related settings and services. - *USERS*: existing user groups and management of their permissions - *LOGOUT:* user logout. # 8.3 Protocol Hub The Protocol HUB section stores the configuration for every connected device. You can configure it by importing settings from an Excel file. #### Configuration [![image-1689075886564.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689075886564.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689075886564.png) In this tab, a user can: - Import new configuration from Excel file (.xls, .xlsx formats). If any errors in the file are found, the device will not be imported, and the importing process will be stopped. - Import .fboot file for PLC. - Import the IEC61850 Server model file - Import IEC61850 Client model file - Download the current configuration Excel file. - Download a template configuration Excel file. #### Imported Signals [![image-1718626336899.png](https://wiki.elseta.com/uploads/images/gallery/2024-06/scaled-1680-/image-1718626336899.png)](https://wiki.elseta.com/uploads/images/gallery/2024-06/image-1718626336899.png) The imported signals section shows basic information about the applied configuration. This section is used for viewing only. Column filter allows to filter the signals according to the information needed. #### Event Log [![image-1718626973937.png](https://wiki.elseta.com/uploads/images/gallery/2024-06/scaled-1680-/image-1718626973937.png)](https://wiki.elseta.com/uploads/images/gallery/2024-06/image-1718626973937.png) Event Log is the time­stamped status data. It allows reviewing of the latest events and changes for devices' state changes in chronological order. The newest events are shown at the top of the list. WCC Lite will time­stamp the status data with a time resolution of one millisecond. Column filter allows to filter the data according to the information needed. Initially, all breakers, protection contacts digital status input points in the WCCLite; events captured from IEDs (Intelligent electronic devices) shall be configured as Event Log points. It’s possible to assign any digital status input data point in the WCCLite as an SOE point with an Excel template during configuration. Each time a device changes state, the WCClite will save it with time­tag in internal storage. Event Log can also be downloaded by pressing the download button at the bottom of the page.

Events are recorded only for devices that have the *log* field set to 1.

#### Protocol Connections [![image-1718627148317.png](https://wiki.elseta.com/uploads/images/gallery/2024-06/scaled-1680-/image-1718627148317.png)](https://wiki.elseta.com/uploads/images/gallery/2024-06/image-1718627148317.png) The protocol connections section shows configured devices and their respective ports, statuses. # 8.4 Status ### Overview #### System [![image-1704969826976.png](https://wiki.elseta.com/uploads/images/gallery/2024-01/scaled-1680-/image-1704969826976.png)](https://wiki.elseta.com/uploads/images/gallery/2024-01/image-1704969826976.png) The system section in the status tab shows basic information about the system's current status. Hostname: The label that is used to identify the device in the network. Model: Model of the device. Firmware version: Current firmware version. Kernel version: Current kernel version. Local Time: Current local time. Uptime: The time a device has been working. Load average: Measure CPU utilization of the last 1, 5, and 15-minute periods. A load of 0.5 means the CPU has been utilized 50% over the previous period. Values over 1.0 mean the system was overloaded. #### Memory [![image-1601551636726.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601551636726.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601551636726.png) The ”Memory” window provides information on memory usage on the device. Total available memory: The amount of available memory that could be used over installed physical memory. Free: The amount of physical memory that is not currently used over installed physical memory. Buffered: The amount of buffered memory currently used for active I/O operations over installed physical memory. #### Network [![image-1601551674236.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601551674236.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601551674236.png) IPv4 WAN, IPv6 WAN status, and active connections of the device. Type: Type of addressing of IPv4 network interface – DHCP or static. Address: IP address of the device. Netmask: Netmask of the device. Gateway: IP address of the Gateway. DNS: IP address of DNS server. Expires: DHCP lease expiration time of the connection. Connected: The time a device has been connected. Active Connections: The number of active connections with the device. #### Interfaces [![image-1722943858982.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1722943858982.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1722943858982.png) Shows the IP of every active interface connection. #### DHCP leases [![image-1601551755263.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601551755263.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601551755263.png) DHCPv4 and DHCPv6 lease expiration time. Hostname: The label that is used to identify the device in the network. IPv4-Address: IPv4 address of network interface. MAC-Address: The media access control address of the IPv4 network interface. DUID: DHCP Unique Identifier of IPv6 network interface. Lease Time remaining: The amount of time the device will be allowed to connect to the Router. #### Wireless[![image-1601551793225.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601551793225.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601551793225.png) WiFi interface information window. SSID: The sequence of characters that uniquely names a wireless local area network. Mode: Shows how the device is connected to the wireless network – Master or Client. Channel: The number of channels and radio frequency for connection to the access point. Bitrate: The number of bits that pass the device in a given amount of time. BSSID: The MAC address of the wireless access point. Encryption: Security protocol for the wireless network. #### Associated stations [![image-1601551830832.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601551830832.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601551830832.png)List of associated stations (clients). Network: Mode and SSID of network point. MAC-Address: The media access control address of the IPv4 network interface. Hostname: The label or IP address that is used to identify the device in the network. Signal/Noise: Received signal level over the background noise level. -30 dBm is the maximum achievable signal strength, and -70 dBm is the minimum signal strength for reliable packet delivery in the wireless network. RX Rate/TX rate: Used to measure data transmission in the wireless network over bandwidth. RX Rate represents the rate at which data packets are received by the device, and the TX Rate represents the rate at which data packets are sent from the device. #### Board information [![image-1601551883930.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601551883930.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601551883930.png)Board information provides the following details: Hardware version: Current hardware version; Serial number: Serial number of the board; SoC ID: Unique identifier of CPU unit; ### Firewall #### IPv4 Firewall [![image-1601552021522.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552021522.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552021522.png) Firewall rule list for IPv4 traffic. Table: The four distinct tables which store rules regulating operations on the packet. Filter concerns filtering rules. NAT concerns the translation of source or destination addresses and ports of packages. The mangle table is for specialized packet alteration. The raw table is for configuration exceptions. Chain: The list of rules. Filter table has the following built-in chains: Input – concerns packets whose destination is the firewall itself, Forward – concerns packets transiting through the firewall, Output – concerns packets emitted by the firewall, Reject – reject the packet, Accept – allow the packet to go on its way. NAT table has the following built-in chains: Prerouting – to modify packets as soon as they arrive, Postrouting – to modify packets when they are ready to go on their way. Mangle table has one built-in chain: Forward for transiting packets through the firewall. Pkts.: The packets are processed by the firewall. Traffic: The amount of data processed by the firewall. Target: The chain of the table of the firewall. Prot.: The transport layer protocol is processed by the firewall. In: The network interface for the input chain processed by the firewall. Out: The network interface for the output chain is processed by the firewall. Source: IPv4 address of the device that the packet comes from. Destination: IPv4 address of the device that the packet goes to. Options: The options for configuring the firewall. #### IPv6 Firewall [![image-1601552266384.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552266384.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552266384.png) Firewall rule list for IPv6 traffic. Table: The three distinct tables which store rules regulating operations on the packet. Filter concerns filtering rules. The mangle table is for specialized packet alteration. The raw table is for configuration exceptions. Chain: The list of rules. Filter table has the following built-in chains: Input – concerns packets whose destination is the firewall itself, Forward – concerns packets transiting through the firewall, Output – concerns packets emitted by the firewall, Reject – reject the packet, Accept – allow the packet to go on its way. Mangle table has one built-in chain: Forward for transiting packets through the firewall. Pkts.: The packets are processed by the firewall. Traffic: The amount of data processed by the firewall. Target: The chain of the table of the firewall. Prot.: The transport layer protocol is processed by the firewall. In: The network interface for the input chain processed by the firewall. Out: The network interface for the output chain is processed by the firewall. Source: IPv6 address of the device that the packet comes from. Destination: IPv6 address of the device that the packet goes to. Options: The options for configuring the firewall. ### Routes [![image-1601552456174.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552456174.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552456174.png) The routing tables provide information on how datagrams are sent to their destinations. ARP: An address Resolution Protocol which defines how the IP address is converted to a physical hardware address needed to deliver packets to the devices. Interface: The type of Network interface. br-lan refers to the virtual bridged interface: to make multiple network interfaces act as if they were one network interface. Network: The type of network through which the traffic will be sent to the destination subnet. Target: An address of the destination network. The prefix /24 refers to the subnet mask 255.255.255.0. IPv4-Gateway: IP address of the gateway to which traffic intended for the destination subnet will be sent. Metric: The number of hops required to reach destinations via the gateway. Table: The type of routing tables: main (default), local (maintained by the kernel). IPv6 Neighbours: The devices on the same network with IPv6 addresses. ### System Log [![image-1601552517322.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552517322.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552517322.png) The system log window shows a table containing the events that are logged by the device. It has the following columns: - \# (sequence number); - Time (day of the week, month, day of the month, time and year); - facility; - process (who generated the message); - priority level; - message. Messages can be sorted and filtered to extract a particular set of messages. This might be useful when debugging kernel or protocol-level problems. ### Kernel Log [![image-1601552562425.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552562425.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552562425.png) The kernel log shows a list of the events that are logged by the kernel of the device. Log format: time in seconds since the kernel started and message. ### Chronos [![image-1722944541181.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1722944541181.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1722944541181.png) Shows the source and status of the time synchronization service. ### Processes [![image-1601552597976.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552597976.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552597976.png) List of processes running on the system. PID: Process ID. Owner: User to whom the process belongs. Command: Process. CPU usage: It is the CPU usage of the individual process. CPU usage above 90 % is an indicator of insufficient processing power. Memory usage: Memory usage of the individual process. Hang Up: To freeze the process. Terminate: To end the process cleanly. Kill: To end the process immediately. ### Realtime graph #### Realtime Load [![image-1601552704789.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552704789.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552704789.png) CPU utilization graph. A load of 0.5 means the CPU has been 50% utilized over the last period. Values over 1.0 mean the system was overloaded. #### Realtime Traffic [![image-1601552745346.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552745346.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552745346.png) Graphs representing the status of the virtual and physical network interfaces of the device. Inbound: The speed at which the incoming packets arrive at the device. Outbound: The speed of the packets which were originated by the device. Phy. Rate: The speed at which bits can be transmitted over the physical layer. #### Realtime Wireless [![image-1601552775159.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552775159.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552775159.png) WiFi status graph. Signal: Signal strength level. Noise: Noise level. Phy. Rate: The speed at which bits can be transmitted on the physical layer. #### Active connections [![image-1601552803957.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552803957.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552803957.png) Graph representation of active connections with the device. UDP: Transport layer – User Datagram Protocol. TCP: Transport layer – Transmission Control Protocol. Network: Type of the network layer – IPv4 or IPv6. Source, Destination: IP address and the port number. Transfer: The amount of the transferred data in kB and packets. #### Realtime GSM Signal Quality [![image-1724396325411.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1724396325411.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1724396325411.png) Graph representation of gsm modem receiving signal quality. RSRP - RSRQ graph is shown, when connected to 4G/LTE network, RSSI - when 2G/3G networks are used. RSSI: Received Signal Strength Indicator in dBm. RSRP: Received Signal Reference Power in dBm.
RSRQ: Received Signal Reference Quality in dBm. ### GSM status This page shows all information that is related to the GSM modem. [![image-1601552902904.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601552902904.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601552902904.png) #### Hardware info All static information on the GSM modem. Modem model: Manufacturer and model of present modem. Modem type: Single SIM or Double SIM modem. Supported network modes: Shows which network modes (or their combinations) are supported (e.g. 2G 4G 2G/4G). IMEI: IMEI (International Mobile Equipment Identity number). #### Network info All dynamic information on the GSM modem and connected network. IMSI: IMSI (International Mobile Subscriber Identity) number related to the current SIM card user. ICCID: ICCID (Integrated Circuit Card Identifier) number related to a physical SIM card. Registration status: Curren status of network connection. Internet status: Status of connection to the internet ( valid, when gsm-pinger is enabled and can reach provided hosts). Operator: Operator’s name, to which modem is currently connected. Service provider: IMEI (Service provider for SIM card. Data interface: Shows, whether WCC Lite has a data connection through gsm or not (possible values: ”Up”, ”Down”). SIM state: Shows the current status of the SIM card (needs PIN, needs PUK, not inserted etc.). Signal quality: Shows current signal strength value in dBms. The RSSI value is shown when connected to 2G/3G networks, and RSRP-RSRQ values - when connected to 4G networks. Radio access tech.: Current radio technology used (2G, 3G, or 4G). Active SIM: Shows which SIM card is active (if the modem is Dual SIM). Roaming status: Current status of roaming (”Off”, ”On”). Little bars with a percentage at the center-left shows signal strength. It is calculated with the respect to current radio access technology used (RSSI or RSRP). Two buttons at the bottom can reset (cold-reset) the modem or manually switch SIM cards (if it is a Dual SIM modem and both cards are enabled). [![image-1601554364523.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601554364523.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601554364523.png)

Signal quality is described in different ways for different types of mobile services: Received Signal Strength Indication (RSSI) in GSM (2G) and UMTS (3G), the Reference Signal Received Quality (RSRQ) in LTE RAT.

The Reference Signal Received Power (RSRP) is an LTE-specific measure that averages the power received by the subcarriers carrying the reference signal. The RSRP measurement bandwidth is equivalent to a single LTE subcarrier: its value is therefore much lower than the total received power usually referred to as RSSI. In LTE the RSSI depends on the currently allocated bandwidth, which is not pre-determined. Therefore the RSSI is not useful to describe the signal level in the cell.

### VNSTAT Traffic monitor To monitor the traffic of various network interfaces VNSTAT Traffic monitor can be used. Traffic tracking can be useful if the user wants to have precise information on how much data is used because it can have a dependency on data transmission costs, for example, mobile (cellular) data. #### Graph [![image-1601554562243.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601554562243.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601554562243.png) An example graph shows the statistics gathered for two network interfaces. In these graphs: eth1: Network interface (e.g. Ethernet). br-lan: Virtual network interface (bridge). rx: Data packets received by the device. tx: Data packets sent from the device. #### Configuration [![image-1689081624381.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689081624381.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689081624381.png) Interfaces to be monitored can be selected in a configuration screen. It includes all the network interfaces configured in a system. To start or stop monitoring user should either select or unselect the respective checkbox and save settings by pressing Save & Apply. # 8.5 System ### System The system tab includes various properties, configurations, and settings of the system and contains the following pages: [![image-1689082353519.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689082353519.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689082353519.png) • SYSTEM: properties and settings of the system. • ADMINISTRATION: settings of the administration for various services. • SOFTWARE: settings of the packages. • STARTUP: process management. • SCHEDULED TASKS: settings of the scheduled tasks. • MOUNT POINTS: settings for the mount points. • BOARD: board configuration. • CERTIFICATE STORAGE: certificate management panel. • LED CONFIGURATION: settings for the LEDs. • TIME SYNC: time synchronization of WCC Lite • BACKUP/FLASH FIRMWARE: management of the configuration files and firmware image upgrade. • REBOOT: device reboot page. #### System Basic aspects of the device can be configured. These include time settings, hostname, system event logging settings, language and theme selection. ##### **System Properties** ##### General Settings [![image-1689082863834.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689082863834.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689082863834.png) The general settings of the WCC Lite device are defined as follows: Local Time: Current local time. Hostname: The label that is used to identify the device in the network. Timezone: A region of the globe that observes a uniform standard time. The time zone number indicates the number of hours by which the time is shifted ahead of or behind UTC – Coordinated Universal Time. Some zones are, however, shifted by 30 or 45 minutes. ##### Logging [![image-1689082988260.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689082988260.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689082988260.png) Logging settings of the WCC Lite device are defined as follows: System log buffer size: The number of records that are recorded before writing these data to the disk. External system log server: IP address of the server. External system log server port: An endpoint of communication with the server. External system log server protocol: A standard that defines how to establish and maintain a network connection: UDP - User Datagram Protocol, TCP - Transmission Control Protocol. Write system log to file: The name of the file with the path to it. Log output level: Log output messages can be grouped by their importance to the user. Levels are described in the table below.
**Log output level****Description**
EmergencySystem is unusable
AlertAction must be taken immediately
CriticalCritical conditions
ErrorError conditions
WarningPotentially hazardous conditions
NoticeNormal conditions that might need action
InfoInformation messages
DebugDebugging messages
Cron Log Level: Cron has three output levels to choose from when writing to its logs. Possible options are described in the table below.
**Cron log level****Description**
DebugDebugging messages
NormalGeneral administrative messages
WarningPotentially hazardous conditions
##### Language and styles [![image-1601559832754.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601559832754.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601559832754.png) Language and Style settings are defined as follows: Language: The language of the Web interface of the device. Design: The theme of the Web interface of the device. #### Administration ##### Administrator Password [![image-1689083519619.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689083519619.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689083519619.png) The administrator password can be changed. To change it the combination of digits and letters of the alphabet should be entered and then confirmed in the confirmation field by typing in again.

It is advised not to use the default password.

##### Password policy [![image-1689083560180.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689083560180.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689083560180.png) Users can configure a password policy for future password changes to create a safer password. Here password requirements can be made such as minimum password length, minimum number of upper or lower case letters, digits and special characters. By ticking the box for checking similar characters, a new password will be required not to have repeated characters. ##### SSH Access WCC Lite has a compact secure shell (SSH) server named Dropbear. Multiple options are available to be changed via the WCC Lite web interface, ranging from automatic firewall rules to authentication flexibility. [![image-1689157365613.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689157365613.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689157365613.png) Dropbear options are defined as follows: Interface: Listen only on the given interface or on all, in unspecified. Port: Specifies the listening port of this interface. Password authentication: Allow SSH password authentication. Allow root logins with password: Allow the root user to log in with the password. Gateway ports: Allow remote hosts to connect to local SSH forwarded ports. #### SSH-keys [![image-1601560050675.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560050675.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560050675.png) SSH keys can be added via the WCC Lite web interface. They might be helpful if the user logs into the device frequently and does not want to always have to write his credentials. ##### Login Attempt limiter

This feature is available from firmware version 1.9.1

[![image-1723018327646.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1723018327646.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1723018327646.png) Enforce a limit of invalid access attempts and deny access from a virtual port for a set time. ##### RADIUS Client [![image-1689157681368.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689157681368.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689157681368.png) RADIUS client redirects user authorization to a remote server, which controls users and their access. A user can add multiple RADIUS clients by clicking add and entering the information required. ##### HTTPS certificate [![image-1601560081935.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560081935.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560081935.png) WCC Lite by default is shipped with a default certificate for HTTPS connection. This certificate only enables connecting to the device via a web interface and might cause warnings from a web browser. To eliminate them, the user can use his certificate to secure access to the web interface. Users can use certificates uploaded to a certificate storage. It should be noted that only valid certificates with \*.pem extension can be used. The certificate to be used is validated every time the device is restarted. If validation fails, a default certificate is used. This is done to prevent users from losing device access via the web interface. For the new certificate to come into effect user should restart the device. ### Software Individual packages can be installed via the WCC Lite web interface. They can either be installed using a web link or selected from the pre-defined feeds. [![image-1723100604294.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1723100604294.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1723100604294.png) Various options can be selected when installing packages, however, default ones should work well enough and it’s advised only to change them for advanced users. [![image-1601560339950.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560339950.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560339950.png) Feeds from which packages are listed for the update are defined in the Open PacKaGe management (OPKG) configuration that can be changed easily from the user interface. [![image-1601560359726.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560359726.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560359726.png) Specific distribution feeds can also be added for special cases if standard ones do not fit the needs. [![image-1601560377187.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560377187.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560377187.png) [![image-1723103500206.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1723103500206.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1723103500206.png) The installed packages tab indicates every installed package in alphabetical order. Users can also remove certain packages by clicking the Remove button on the left. [![image-1723103835627.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1723103835627.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1723103835627.png) In this tab, the user can search for a package by the first letter of its name. Those packages are available but not installed, so the user can choose to install them by clicking on the Install button on the left. ### Startup All of the processes that have init.d scripts can optionally be enabled or disabled. This can be very useful if the user intends to use only part of the processes. [![image-1601560412520.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560412520.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560412520.png)

Users should not disable processes that are essential for device operation as it can render the device unusable.

[![image-1601560436943.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560436943.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560436943.png) Users can optionally run scripts and programs on device startup by putting them into a /etc/rc.local file. This file can be updated from the WCC Web interface. ### Scheduled tasks [![image-1601560465567.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560465567.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560465567.png) Various tasks can be scheduled with the system crontab. New tasks can be included by creating and saving new rules conforming to cron rules. WCC Lite accepts full cron configuration functionality. The example in the pictures shows how to execute the disk usage command to get the directory sizes every 6 p.m. on the 1st through the 15th of each month. E-mail is sent to the specified email address. ### Mount points #### Global settings [![image-1689158646715.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689158646715.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689158646715.png) File system mount point configuration window. Generate Config: Find all currently attached filesystems and swap and replace configuration with defaults based on what was detected. Anonymous Swap: Mount swap not specifically configured. Anonymous Mount: Mount filesystems not specifically configured. Automount Swap: Automatically mount swap on hotplug. Automount Filesystem: Automatically mount filesystems on hotplug. Check filesystems before mount: Automatically check the filesystem for errors before mounting. #### Mounted file systems [![image-1601560579298.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560579298.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560579298.png) List of mounted file systems, some of which can be dismounted manually. #### Mount points [![image-1601560604355.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560604355.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560604355.png) List of mount points which can be enabled, disabled or deleted. #### Swap The swap section is used to describe the virtual memory that can be used if there’s a lack of main memory. WCC Lite does not use any virtual memory by default. [![image-1601560651205.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601560651205.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601560651205.png)

It should be noted that virtual memory might do a lot of reading and writing operations. As WCC Lite uses an SD card as an additional flash memory, it is highly advised to not use a swap to reduce wearing.

### Board [![image-1689158839403.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689158839403.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689158839403.png) Here a user can configure PORT1 as RS-485 or RS-232. ### Certificate storage [![image-1689159555059.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689159555059.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689159555059.png) This section is intended to upload certificate files and view information about them. ### LED configuration WCC Lite has three LEDs that can be configured: WAN, LAN and WLAN. All of the LEDs have a default configuration which should fit most of the cases. [![image-1689159741014.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689159741014.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689159741014.png) All possible LED configuration options: Name: Name of the LED configuration. LED Name: Colour and location of the LED. These can be changed, however, normally they should be left unchanged. Default state of the LED: On/Off. Trigger: One of the various triggers can be assigned to an LED to change its state. Possible values are shown in the table below. Table. Possible trigger for an LED:
Trigger type Description
none No blinking function assigned to the LED
defaulton LED always stays on
timer Blinking according to a predefined timer pattern
heartbeat Simulating actual heartbeats
nand-disk Flashed as data is written to flash memory
netdev Flashes according to link status and send/receive activity
phy0rx, phy0tx, phy0radio, phy0tpt, phy0assoc Flashed on WiFi activity events
usbdev Turned on when the USB device is connected. Applicable for modems
Device: Network interface which is going to be tracked. ### Time sync [![image-1723104405979.png](https://wiki.elseta.com/uploads/images/gallery/2024-08/scaled-1680-/image-1723104405979.png)](https://wiki.elseta.com/uploads/images/gallery/2024-08/image-1723104405979.png) This service syncs WCC Lite time with the protocols shown. Here user can also select priority levels of protocols which sync with WCC Lite. WCC Lite has an NTP client to synchronize dates and times with external sources. It is not the only source for synchronization, it can also be done using methods defined in IEC-60870-5 protocols.

Please take care choosing a time sync method. If both NTP and IEC 60870-5 protocol slave interface time sync methods are activated simultaneously, they can interfere if there is a time difference. We strongly recommend using a single-time sync method to prevent time interference.

Time synchronization options are defined as: Enable NTP client: The local time of the device will sync with external time servers. Provide NTP server: Turn the device into a local NTP server. NTP server candidates: The network time protocol servers. ### Backup/flash firmware Software update allows to upgrade of the software running in WCC Lite. It is recommended to keep the device up to date to receive the latest features and stability fixes. Backup archives contain complete WCC Lite configuration that can be restored at any time. A file will be downloaded by your browser when creating a backup. This file can be later uploaded to the web page to restore configuration.

The generated backup archive should only be applied to the same firmware version it was generated. Applying backup to a different firmware version might render some parts of the operating system unstable or even unusable

[![image-1704970591344.png](https://wiki.elseta.com/uploads/images/gallery/2024-01/scaled-1680-/image-1704970591344.png)](https://wiki.elseta.com/uploads/images/gallery/2024-01/image-1704970591344.png)

Since version 1.8.3, users can save network settings before upgrading the firmware, such as firewall settings, traffic rules, interfaces etc. To do so, before upgrading firmware, the "Keep only network settings:" box should be checked.

A user can choose to keep existing settings after an upgrade. Marking the Keep Settings checkbox preserves files listed in /etc/sysupgrade.conf and /lib/upgrade/keep.d/. It is advised to do a clean install and use backup files to restore settings later if a user intends to make a major system upgrade.

Uploading firmware images, to preserve RAM, will stop all Protocol HUB processes. After upload, you will have 2 minutes to proceed with firmware flash or to cancel it. After 2 minutes, the firmware file will be deleted and Protocol HUB processes will be restarted.

[![image-1601561479820.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601561479820.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601561479820.png) A file name /etc/sysupgrade.conf can be updated via the WCC Web interface. To preserve additional files user should add them to the backup file and press Submit. To get the whole list of files that would be backed up press Open list... It is advised to check it before doing a backup or an upgrade while keeping settings. ### Reboot [![image-1601561516242.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601561516242.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601561516242.png) This reboots the operating system of the device. # 8.6 Services The services tab shows the services of the device and contains the following subsections: [![image-1601563935032.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601563935032.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601563935032.png) The services tab shows the services of the device and contains the following subsections: - TELEMETRY AGENT: device telemetry sent to a remote server; - IPSEC: encrypted virtual private network (VPN) configuration. - API: application programming interface configuration. - OPENVPN: shows the open-source software application that implements a virtual private network (VPN). - SER2NET: network-to-serial proxy; ### Telemetry agent Having data about the device helps to easily maintain it. Telemetry agent gathers information in a compact and easily decodable way. It uses UDP packets therefore only a small overhead is introduced. However, UDP does not guarantee the arrival of sent packets therefore not every message might reach the server saving these messages. To start using a Telemetry agent a user should configure and enable it. Four options are available: - Enable agent; - Server address; - Port (UDP); - Period (s). Every time the timer of period length expires, a message is sent to a server of the configured server if the service is enabled.

The telemetry agent doesn’t start as a service if the Enable agent checkbox is unchecked.

Enabling the agent and saving the configuration automatically starts the process with the new configuration.

### IPsec #### Background WCC Lite supports ipsec VPN and thus can deliver data securely over encrypted links. To establish ipsec vpn, a connection definition must be created by entering the appropriate configuration settings. For advanced connection description auxiliary settings sets can be defined. They can be joined to the connection and can be reusable several times according to the need. Each configuration record is identified by a unique name, which is assigned at the time of creation. The following diagram shows the relations between connection and auxiliary sets. [![image-1601564177757.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601564177757.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601564177757.png) #### Ipsec settings ##### Connection description Options supported by WCC lite are described below.
ItemTypeDescription
GatewaystringHost name or IP address of the remote peer.
TypeselectorTunnel mode: full packet encryption, covers host-to-host, host-to-subnet, subnet-to-subnet situations or transport mode: ip payload encryption, secures host-to-host data only.
Local subnetstringSpecifies local network, in the form of network/netmask, for example 192.168.11.0/24
Remote subnetstringSpecifies remote network at another side of a tunnel.
AuthenticationselectorPre-shared key or RSA certificate
Pre-shared keystringAvailable if Authentication is set to Pre-shared key
Certificate set selectorAvailable if Authentication is set to RSA certificate. Selectable from the configured auxiliary set.
Phase 1 proposal (IKE) selectorAuthentication-encryption schema, selectable from configured auxiliary set.
Phase 2 proposal (ESP) selectorAuthentication-encryption schema, selectable from configured auxiliary set.
Local ID stringSpecifies the identity of the local endpoint
Remote ID stringSpecifies the identity of the remote endpoint
Key exchange selector Sets method of key exchange IKEv2 or IKEv1. Default IKEv2.
Exchange mode selector Main or aggressive. Available if key exchange is set to IKEv1.
Use compression checkboxIf selected a compression ability will be proposed to the peer.
DPD action selector Controls the use of dead peer detection protocol, values: - none – default, disables sending of DPD messages. - clear – the connection closed with no action. - hold – keeps description, tries re-negotiate connection on demand. - restart – will try to re-negotiate immediately.
DPD delay stringTime interval in seconds between peer checks. Default 30.
DPD timeout stringTime in seconds after which peers consider it to be unusable. IKEv1 only. Default 150.
Key lifetime stringLifetime of data channel in seconds. Default 10800.
IKE lifetime stringLifetime of keying channel in seconds. Default 3600.
##### Auxiliary settings Phase 1 proposals - IKE/ISAKMP cypher suite components:
ItemTypeDescriptionNote
Encryption algorithm selector Encryption algorithm – 3DES, AES128, AES192, AES256. required
Hash algorithm selector Hash algorithm – MD5, SHA1, SHA256, SHA384 or SHA512. required
DH exponentiation selector Specifies Diffie-Hellman groups – 1,2,5,14,15,16,18 required
Phase 2 proposals - ESP cipher suite components:
ItemTypeDescriptionNote
Encryption algorithm selector Encryption algorithm – 3DES, AES128, AES192, AES256. required
Hash algorithm selector Hash algorithm – MD5, SHA1, SHA256, SHA384 or SHA512. required
DH exponentiation selector Specifies Diffie-Hellman groups – 1,2,5,14,15,16,18 optional

The following specification and topology map correspond to settings used in further configuration walk-through examples.

#### Creating a connection description ##### Site-to-Site VPN scenario [![image-1601565165686.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601565165686.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601565165686.png) ##### VPN connection details Tunnel: demoo ```demoo IPSec peer: ipsec.vpn.net Pre-shared key: thebigsecret Mode: tunnel Remote network: 10.10.10.10/24 Local network: 10.10.12.0/24 Local ID: wcclite IKE authentication: aes256 IKE hash: sha256 IKE DH group: 5 (modp1536) ESP authentication: aes128 ESP hash: sha1 ```

If auxiliary data is needed, it is recommended to check or define it first.

##### Creation of Phase 1 proposal - Enter the section “Phase 1 proposals”. - Create a new record by assigning a new name, for example, “aes256-sha256-dh5” and click the button “Add”. - Choose corresponding values: encryption, hash algorithm and DH exponentiation. - Push “save” to save the data. [![image-1601568023894.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601568023894.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601568023894.png) ##### Creation of Phase 2 proposal - Enter the section “Phase 2 proposals”. - Create a new record by assigning a new name for example “aes128-sha1” and click the button “Add”. - Choose corresponding values: encryption, hash algorithm. - Push “save” to save the data. [![image-1601568071003.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601568071003.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601568071003.png) ##### Creation of tunnel definition Enter section connections - Create a new record by assigning a new name (e.g.“demo0”) and clicking “Add”. - Call a detailed form by pushing the button “edit”. - Enter peer address into “Gateway”: “ipsec.vpn.net”. - Ensure “Type” is set to: “Tunnel”. - Fill local subnet to: 10.10.12.0/24. - Fill remote subnet to: 10.10.10.0/24. - Make sure authentication is set to: “Shared secret”. - Enter Pre-shared key (PSK): thebigsecret. - “Phase 1 proposal (IKE)”, choose a value: aes256\_sha256\_dh5. - “Phase 2 proposal (ESP)”, choose a value: aes128\_sha1. - Locate the combo box “additional field”, select “Local ID”, then set the value to wcclite. - Push “Save”. [![image-1601568148856.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601568148856.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601568148856.png) ##### Activating the tunnel - Return to the section “connections”. - Check the checkbox “Enabled”. - Push the button “save & apply”. - Examine the indicator “configured”, it should be “yes”, if not, review the settings just entered. - The tunnel should be prepared for operation and will be established on demand. - Optionally, it is possible to establish tunnel operation by pressing the button “start”. [![image-1601568201450.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601568201450.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601568201450.png) ### L2TP/IPsec Because of the lack of confidentiality inherent in the L2TP protocol, it is often implemented along with IPsec. This is referred to as L2TP/IPsec and is standardized in IETF RFC 3193. The process of setting up an L2TP/IPsec VPN is as follows: - Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500, and commonly uses either a shared password (so-called ”pre-shared keys”), public keys, or X.509 certificates on both ends, although other keying methods exist. - Establishment of Encapsulating Security Payload (ESP) communication in transport mode. The IP protocol number for ESP is 50 (compare TCP’s 6 and UDP’s 17). At this point, a secure channel has been established, but no tunnelling is taking place. - Negotiation and establishment of an L2TP tunnel between the SA endpoints. The actual negotiation of parameters takes place over the SA’s secure channel, within the IPsec encryption. L2TP uses UDP port 1701. When the process is complete, L2TP packets between the endpoints are encapsulated by IPsec. Since the L2TP packet itself is wrapped and hidden within the IPsec packet, no information about the internal private network can be gathered from the encrypted packet. Also, it is not necessary to open UDP port 1701 on firewalls between the endpoints, since the inner packets are not acted upon until after IPsec data has been decrypted and stripped, which only takes place at the endpoints. A potential point of confusion in L2TP/IPsec is the use of the terms tunnel and secure channel. The term tunnel refers to a channel which allows untouched packets of one network to be transported over another network. In the case of L2TP/PPP, it allows L2TP/PPP packets to be transported over IP. A secure channel refers to a connection within which the confidentiality of all data is guaranteed. In L2TP/IPsec, first IPsec provides a secure channel, and then L2TP provides a tunnel. ### API The firmware of the WCC Lite features a built-in API which is accessible via the web interface.

As of version 1.2.11, it does not implement any access restriction features apart from those provided by the firewall functionality.

Individual API endpoints can be enabled or disabled via the web configuration interface at Services->API.

All endpoints are disabled by default.

Available API endpoints are shown in the table below. Table. Available API endpoints:
EndpointDescription
/api/version Version of the API
/api/actions List of available points
/api/syncVersionA version of the sync service
/api/sync Protocol hub configuration sync (name=”file”)\*
/api/syslog Prints out the syslog
/api/systemInfo General system info
/api/gsmInfo GSM modem information
/api/devices List of configured devices
/api/device/info Device information (name=”device\_alias”)\*\*
/api/device/tags List of tags on a particular device (name=”device\_alias”)\*\*
/api/device/tag/value Tag value (name=”device\_alias”, name=”signal\_alias”)\*\*
/api/tags List of configured tags
/api/sysupgrade Firmware upgrade (name=”file”)\*
\* Endpoints accepting files \*\* Endpoints accepting field data The API accepts data and files as POST requests encoded as ”multipart/form-data”. ### OpenVPN #### OpenVPN Instances The primary goal is to get a working WCC Lite tunnel and establish a basic platform for further customization. Most users will require further configuration tailored to their individual needs. If you are creating an OpenVPN server (either type), you must create security certificates using the instructions below. If you are using OpenVPN as a client, the required certificates should have been provided with your configuration details. OpenVPN can be configured either by using the WCC Lite Web interface or uploading the OVPN file containing the necessary parameters. OpenVPN will automatically attempt to load all \*.conf files placed in the /etc/openvpn folder. Several OpenVPN recipes are suggested containing the most used configurations that may only require minor changes. If a user intends to set up OpenVPN without an OVPN file, it is highly advised to use these recipes and tweak them up to individual needs. [![image-1689162191122.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689162191122.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689162191122.png) The OpenVPN instances page contains parameters to be configured. Enabled: Flag to specify if a particular configuration should be enabled; Started: Specifies if a particular configuration has been started by OpenVPN; Start/Stop: Button to manually start or stop any configured tunnels; Port: Specifies the listening port of this service; Protocol: A standard that defines how to establish and maintain a network connection: UDP - User Datagram Protocol, TCP - Transmission Control Protocol. More parameters for every instance can be changed by pressing the Edit button, configuration can be removed with the Delete button. Pressing Edit takes the user to the main configuration screen containing the options usually used in particular OpenVPN recipes. To make more specific changes user should further select Switch to advanced configuration. OVPN files contain configuration in a textual form therefore changing parameters requires having prior knowledge about different OpenVPN parameters. It is advised to use OVPN files, however, if the configuration has been pre-built beforehand and is used without further changes. ### ser2net The ser2net daemon allows telnet and tcp sessions to be established with a device’s serial ports. The program comes up normally as a daemon, opens the TCP ports specified in the configuration file, and waits for connections. Once a connection occurs, the program attempts to set up the connection and open the serial port. If another user is already using the connection or serial port, the connection is refused with an error message. ### SNMP SNMP (Simple Network Management Protocol) is an internet-standard protocol for managing devices on IP networks. SNMP exposes management data in the form of a hierarchy of variables in an MIB (Management Information Base). WCC Lite supports SNMP service which is not added to the default build of firmware but can be installed as a module. It enables users to collect data on various parameters of the system: • CPU time - time spent for calculations of various processes: user - time for user processes; system - time for system processes; idle - time spent idling; interrupts - time spent handling interrupts. • CPU load average - CPU load average for 1, 5 and 15 minutes respectively; • Disk usage: total - the total amount of storage in the device (in kB) available - amount of storage available to store data (in kB) used - amount of storage used in the device (in KB) blocks used percentage - blocks (sectors) used to store data in a disk (in kB) inodes used percentage - the inode (index node) is a data structure in a Unix-style file system that describes a file-system object such as a file or a directory. Each inode stores the attributes and disk block location(s) of the object’s data. • Memory usage - RAM usage statistics: total - the total amount of RAM in the device (in kB); available - unused amount of RAM in the device (in kB); shared - shared amount of RAM between multiple processes (in kB); buffered - refers to an electronic buffer placed between the memory and the memory controller; cached - a portion of memory made of high-speed static RAM (SRAM) instead of the slower dynamic RAM (DRAM) used for main memory; • Network interfaces: MTU - maximum transmission unit to be sent over the network; speed - the rate of network transmission; physical address - unique MAC address assigned to a device; tx/rx: byte, packet, drop, error count; • System properties: uptime - time since the device was turned on; process uptime - time since the process has been started; hostname - a label that is assigned to a device connected to a computer network; name - name of the device (if defined); location - location of the device (if defined). # 8.7 Network [![image-1601981573216.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981573216.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981573216.png) The page shows information about the current interface status, and its configurations, provides various interface, and network properties configuration capabilities and contains the following subsections: • INTERFACES: shows information about current interface status, and allows for creating and configuring new ones. • WIRELESS: shows information about wireless radio stations, and covers the physical settings of the wireless hardware. • DHCP AND DNS: allows management of DHCP and DNS servers. • HOSTNAMES: allows management of host names. • STATIC ROUTES: allows management of IPv4 and IPv6 static routes. • FIREWALL: allows management of firewall zones and various firewall properties. • DIAGNOSTICS: provides network diagnostics utilities. • GSM: allows management of GSM modem and SIM cards. ### Interfaces [![image-1601981624366.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981624366.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981624366.png) Current information and status of various network interfaces (GSM, LAN, WAN). Uptime: The current interface uptime in hours, minutes and seconds. MAC address: Physical interface address. RX: Received data in bytes (packet count). TX: Transmitted data in bytes (packet count). IPv4: Internet protocol version 4 address. IPv6: Internet protocol version 6 address. In addition to the network interface status, several actions may be performed: Connect/Reconnect: Connect to the configured interface network if it does not do it automatically. If it is already connected to the network it will be trying to reconnect to it. Stop: Shutdown interface. If you are connected through this interface the connection may be lost. Edit: Edit interface settings. Delete: Delete interface. Add new interface: Adding new Ethernet, GSM or wireless interface with the custom name, protocol, etc.
eth0eth1
TypeStaticDHCP
Address192.168.1.1
Subnet mask255.255.255.0
Gateway

Changes will only take effect after the device reboots.

Network interfaces can be configured on the common page, which can be accessed through adding a new interface or an edit button. [![image-1689163491851.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689163491851.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689163491851.png) The following options can be defined in the interface creation panel: name of the interface, protocol, coverage of a particular interface or bridging with other interfaces. After the general setup is done, more detailed settings can be set. [![image-1601981923788.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981923788.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981923788.png) General common interface setup panel. [![image-1601981938817.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981938817.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981938817.png) Advanced common interface setup panel. [![image-1601981952607.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981952607.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981952607.png) Physical common interface setup panel. [![image-1601981969125.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981969125.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981969125.png) Firewall common interface setup panel. [![image-1601981983334.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981983334.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981983334.png) DHCP server general setup panel. [![image-1601981997552.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601981997552.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601981997552.png) DHCP server advanced setup panel. [![image-1601982015776.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982015776.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982015776.png) DHCP server IPv6 settings setup panel. **GSM** [![image-1601982038949.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982038949.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982038949.png) General Settings Information tab. Gives you the name of the physical GSM interface, and lets you choose the protocol (not recommended!).

Note: Make sure you won’t change the GSM interface's protocol, which is set by default to WWAN. Changing this parameter will lead to undefined GSM modem behaviour.

[![image-1601982122856.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982122856.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982122856.png) Advanced Settings tab enables users to configure advanced settings for mobile communication. It includes the following options: Bring up on boot: Checkbox to start a GSM interface on startup; Use built-in IPv6-management: Checkbox to select if the device is going to use its tools to manage IPv6 transport layer messages; Force link: Specifies whether IP address, route, and gateway are assigned to the interface regardless of whether the link is active or only after the link has become active; when active, carrier sense events do not invoke hotplug handlers; IPv6 support: The user can select if IPv6 support is handled automatically, manually or disabled altogether; Modem init timeout: Maximum amount of seconds before the device gives up on finishing initialization; Use default gateway: Uses the default gateway obtained through DHCP. If left unchecked, no default route is configured; Prefer PPP connection: If, the modem, supports PPP and any other communication protocol (e.g. QMI, RNDIS etc.), prioritize PPP type connection; Use gateway metric: The WAN configuration by default generates a routing table entry. In this field, you can alter the metric of that entry. Higher metric means higher priority; Use DNS servers advertised by peer: Uses DNS servers obtained from DHCP. If left unchecked, the advertised DNS server addresses are ignored; LCP echo failure threshold: LCP (link control protocol) is a part of PPP (Point-to-Point Protocol) and helps to determine the quality of data transmission. If enough failures happen, LCP presumes the link to be dead. 0 disables failure count checking; LCP echo interval: Determines the period of LCP echo requests. Only effective if the LCP echo failure threshold is more than zero; Inactivity timeout: Station inactivity limit in seconds: if a station does not send anything, the connection will be dropped. A value of 0 can be used to persist the connection. Override MTU: Set custom MTU to GSM interface.

Note: If the modem uses QMI connection protocol and the user hasn’t defined a custom MTU setting, the MTU on the interface will be set to the operator’s defined MTU value.

[![image-1601982419586.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982419586.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982419586.png) GSM configuration ends with firewall settings. A user can assign an already-defined firewall zone or create a new one. ### Wireless The wireless network interface parameters and configuration are described in this section. [![image-1601982558981.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982558981.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982558981.png) Configured interfaces for the physical radio device. Channel: Specifies the wireless channel to use. Bitrate: Specifies transfer rate in Mbit/s. SSID: The broadcasted service set identifier of the wireless network. Mode: Select the operation mode of the wireless network interface controller. BSSID: The basic service set identification of the network, only applicable in ad-hoc or STA mode. Encryption: Wireless encryption method. [![image-1601982595431.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982595431.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982595431.png) List of associated wireless stations. The Device Configuration section covers the physical settings of the radio hardware such as channel, transmit power or antenna selection which are shared among all defined wireless networks (if the radio hardware is multi-SSID capable). Network settings like encryption or operation mode are grouped in the Interface Configuration. [![image-1601982626129.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982626129.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982626129.png) General device settings. [![image-1689164526938.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164526938.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164526938.png) Advanced device settings. [![image-1689164604885.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164604885.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164604885.png) General interface settings. [![image-1689164644127.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164644127.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164644127.png) Wireless security interface settings. [![image-1689164733815.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164733815.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164733815.png) MAC-Filter settings. [![image-1689164771647.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164771647.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164771647.png) Advanced interface settings. ### DHCP and DNS DHCP server and DNS forward for NAT firewalls are described in this section. [![image-1689164834063.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164834063.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164834063.png) General DHCP settings. [![image-1689164924689.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164924689.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164924689.png) Resolve and host file settings. [![image-1689164959749.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164959749.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164959749.png) TFTP server settings. [![image-1689164984452.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689164984452.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689164984452.png) Advanced settings. [![image-1601982769138.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601982769138.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601982769138.png) List of active DHCP and static leases. It is also possible to assign fixed IP addresses to hosts on the network, based on their MAC (hardware) address. ### Hostnames [![image-1601983068649.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983068649.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983068649.png) List of existing host names. Addition or deletion is allowed for the user. ### Static routes Routes specify over which interface and gateway a certain host or network can be reached. [![image-1601983099686.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983099686.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983099686.png) Current IPv4 and IPv6 static routes configuration. Interface: Let to choose for which interface static route is created. Target: Defines target host IP or network. IPv4 Netmask: Defines netmask if the target is a network. IPv4/IPv6 Gateway: Defines IPv4 or IPv6 gateway. Metric: Specifies the route metric to use for the route. MTU: Maximum Transmit/Receive Unit, in bytes. Route type: All incoming packets can be: accepted, rejected, or dropped. ### Diagnostics [![image-1601983517039.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983517039.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983517039.png) Diagnostics tools which can be used to diagnose some of the networking problems: ping, traceroute and nslookup. ### Firewall This subsection is divided into four categories: general settings, port forwards, traffic rules and custom rules. #### General settings [![image-1689165180227.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689165180227.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689165180227.png) General firewall settings can be changed in the General Settings screen. These settings are defined as follows: Input: All incoming packets can be: accepted, rejected, or dropped. Output: All outgoing packets can be: accepted, rejected, or dropped. Forward: All packets being sent to another device can be: accepted, rejected, or dropped. [![image-1601983200596.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983200596.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983200596.png) Additional zones for the firewall can be created, edited or deleted. Zone => Forwardings: Defines zones and their traffic flow. Input: All incoming packets can be: accepted, rejected, or dropped. Output: All outgoing packets can be: accepted, rejected, or dropped. Forward: All packets being sent to another device can be: accepted, rejected, or dropped. Masquerading: Allows one or more devices in a zone network without assigned IP addresses to communicate with the Internet. MSS clamping: Change the maximum segment size (MSS) of all TCP connections passing through this zone with MTU lower than the Ethernet default of 1500.

Additional actions can be performed with zones: add, edit, delete.

[![image-1689165259861.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689165259861.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689165259861.png) Common properties of newly created or edited zones can be edited in this panel. The input and output options set the default policies for traffic entering and leaving this zone while the forward option describes the policy for forwarded traffic between different networks within the zone. Covered networks specify which available networks are members of this zone. [![image-1689165330491.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689165330491.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689165330491.png) Advanced settings of newly created or edited zones. Restrict to address family option defines to what IP families the zone belongs to IPv4, IPv6 or both. Restrict masquerading to given source/destination subnets defines one or more subnets for which the masquerading option is applied. Connection tracking and logging options enable additional information gathering on the zone. [![image-1689165393653.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689165393653.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689165393653.png) Controls the forwarding policies between new/edited zone and other zones. Destination zones cover forwarded traffic originating from the new/edited zone. Source zones match forwarded traffic from other zones targeted at the new/edited zone. The forwarding rule is unidirectional, e.g. a forward from LAN to WAN does not imply permission to forward from WAN to LAN as well. #### Port forwards [![image-1601983338573.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983338573.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983338573.png) Port forwarding allows remote computers on the Internet to connect to a specific computer or service within the private LAN. It is done in a way of routing network packets within a private network created by the device. Settings for the port forwarding of the device are defined as follows: Name: The name of the port forwarding rule. Match: Informs what port forward is matched to. Forward to: Informs where the port is forwarded to. Enable: Enable (checked) or disable port forward. Sort: Allows to sort port forwarding. The user can add, edit or delete port forwarding rules. #### Traffic rules [![image-1601983387128.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983387128.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983387128.png) Traffic rules define policies for packets travelling between different zones. Name: The name of the traffic rule. Match: Informs what ICMP types are matched. Action: Informs what action would be performed. Enable: Enable (checked) or disable the rule. Sort: Allows to sort rules. The user can add, edit or delete traffic rules. Every rule can be defined by these options: name, restrict to address family, protocol, match ICMP type, source and destination zones, source MAC, IP addresses and port, destination IP address and port, action and extra arguments, month and weekdays for which rule will apply, start/stop dates and times, time in UTC. [![image-1601983450903.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983450903.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983450903.png) Source NAT is a specific form of masquerading which allows fine-grained control over the source IP used for outgoing traffic, for example, to map multiple WAN addresses to internal subnets. The user can add, edit or delete source NAT rules. For every rule can be defined these options: name, protocol, source and destination zones, source, destination, SNAT IP addresses, ports, extra arguments, month and weekdays for which rule will apply, start/stop dates and times, time in UTC. #### Custom rules [![image-1601983486025.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601983486025.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601983486025.png) Custom rules allow the execution of arbitrary iptables commands which are not otherwise covered by the firewall framework. The commands are executed after each firewall restart, right after the default ruleset has been loaded. ### GSM #### Gsm settings

Note: If you have a WCC Lite without a modem, the GSM tab will still be visible, but these changes won't affect anything.

Note: From FW version 1.9.1 Pinger is disabled by default.

Note: If the SIM card has been blocked and a PUK code is required, after entering the new PIN code, delete the old one, as the new code won't be saved automatically.

[![image-1689165599853.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689165599853.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689165599853.png) #### SIM cards parameters Parameters for SIM card. If a single SIM modem is used, there won’t be ”SIM 1” and ”SIM 2” tabs. Enable: Enable or disable this SIM card. PIN code: PIN code to use on that SIM card. APN: APN to use on that SIM car. PAP/CHAP username: Username (optional). PAP/CHAP password: Password (optional). #### Modem parameters Enable data connection: Enable or disable data connection through a GSM modem. Priority SIM: Primary SIM card (if Dual SIM modem is used). Mainly used for pinger configuration. Service Type: Which radio access technology will be used when connecting to the GSM network. #### Pinger configuration Pinger is a service which pings defined hosts to check internet connection. If both of these hosts are unreachable pinger will wait and restart the modem (or switch SIM card, if Dual-SIM modem is installed in WCC Lite) Disable: Disable pinger functionality. Failed ping count: Limit of failed ping requests, before the pinger decides that the internet connection is lost. Reset modem: If checked, pinger resets the gsm modem after ”Failed ping count”. Switch SIM: If checked, pinger switches SIM to non-priority after ”Priority SIM retry count”. If an internet connection is not available with a non-priority SIM as well, the pinger switches back to a priority SIM after one failed ping attempt. Priority SIM retry count: How many blocks of failed pings will the pinger tolerate, before switching to non-priority SIM. Ping interval (minutes): Interval between ping requests. Primary host: The host that will be pinged first. Secondary host: The host that will be pinged second, if the primary host fails. Network interface: GSM network interface name.

GSM Pinger is used to detect the status of network connections via cellular networks. This status is written to file (/var/run/board/internet-status) and can be configured to be sent to SCADAs. If the pinger is disabled, the status is always set equal to zero and should not be trusted to represent internet status. Additionally, this status is reflected in the ”Status”-> “GSM Status” window.

This is Pinger functionality described step by step: • Pinger will ping the primary host every 2 minutes. • If the primary host fails, the pinger redirects to the secondary host immediately. • If either the primary or secondary host is responding to ping requests, the pinger will continue testing the connection with every ”Ping interval (minutes)” parameter and no further action is taken. • If both primary and secondary hosts are unreachable, the pinger will start pinging these hosts every ”Ping interval (minutes) / 2” minute for ”Failed ping count” times. • If hosts are still unreachable, the pinger will try to switch SIM and restart the modem (if corresponding parameters are set) or will restart immediately if a single SIM modem is used. • SIM card is switched to non-priority SIM after ”Priority SIM retry count” failed modem restarts with priority SIM. If a non-priority SIM fails, it is switched to a priority SIM in the next pinger action. #### Dual SIM start procedure The table below shows, which card is expected on boot when a selection is made between Enable/Disable SIM cards and Primary card.
SIM 1 EnabledSIM 2 EnabledPriority SIMSIM on boot
X 11
X 21
X12
X22
XX11
XX22
1Undefined
2Undefined
#### SMS Log

SMS logging is available from firmware version 1.9.1

Here the user can find all the messages that were sent to the device. It shows the time that the message was received, the sender's phone number and the text sent. The SIM card column shows to which SIM card (1 or 2) was the message sent. [![image-1722428314941.png](https://wiki.elseta.com/uploads/images/gallery/2024-07/scaled-1680-/image-1722428314941.png)](https://wiki.elseta.com/uploads/images/gallery/2024-07/image-1722428314941.png) ### Layer 2 Tunneling Protocol In computer networking, Layer 2 Tunneling Protocol (L2TP) is a tunnelling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself. Rather, it relies on an encryption protocol that it passes within the tunnel to provide privacy. #### Description The entire L2TP packet, including payload and L2TP header, is sent within a User Datagram Protocol (UDP) datagram. It is common to carry PPP sessions within an L2TP tunnel. L2TP does not provide confidentiality or strong authentication by itself. IPsec is often used to secure L2TP packets by providing confidentiality, authentication and integrity. The combination of these two protocols is generally known as L2TP/IPsec (discussed below). The two endpoints of an L2TP tunnel are called the LAC (L2TP Access Concentrator) and the LNS (L2TP Network Server). The LNS waits for new tunnels. Once a tunnel is established, the network traffic between the peers is bidirectional. To be useful for networking, higher-level protocols are then run through the L2TP tunnel. To facilitate this, an L2TP session (or ’call’) is established within the tunnel for each higher-level protocol such as PPP. Either the LAC or LNS may initiate sessions. The traffic for each session is isolated by L2TP, so it is possible to set up multiple virtual networks across a single tunnel. MTU should be considered when implementing L2TP. The packets exchanged within an L2TP tunnel are categorized as either control packets or data packets. L2TP provides reliability features for the control packets, but no reliability for data packets. Reliability, if desired, must be provided by the nested protocols running within each session of the L2TP tunnel. L2TP allows the creation of a virtual private dialup network (VPDN) to connect a remote client to its corporate network by using a shared infrastructure, which could be the Internet or a service provider’s network. #### Setting up the L2TP interface To create an L2TP tunnel following steps are required: 1\. Go to **Network > Interfaces > Add new interface:** [![image-1689167492396.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689167492396.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689167492396.png) 2\. Enter the interface name and select L2TP protocol: [![image-1689167536625.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689167536625.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689167536625.png) 3\. Enter the server name and authorization parameters: [![image-1601984049181.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601984049181.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601984049181.png) 4\. Save and apply the new configuration. A new network interface will appear. # 8.8 Users #### Edit groups [![image-1689228768652.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689228768652.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689228768652.png) On this page, user groups can be edited, deleted or added. Groups: name of the user group Status: shows authorization level set to the specific user group. The higher the lever, the higher the authorization requirements. Actions: edit or delete a user group ##### Add new group [![image-1689230250950.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689230250950.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689230250950.png) Configuration window for the new group. After the group name is determined, access level and permissions can be set. #### Edit users [![image-1689230967641.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689230967641.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689230967641.png) On the edit users window list of all the users is shown. Users: user name Status: shows if SSH access is enabled and which group the user belongs to. Actions: edit, delete or change the password for the user ##### Add new user[![image-1689231760999.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689231760999.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689231760999.png) Configuration window for new users. To create a new user, a name and password should be created and user group and SSH access should be set. #### Password [![image-1689232974821.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689232974821.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689232974821.png) Changes the password of the device. # 8.9 Logout [![image-1689167799567.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689167799567.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689167799567.png) To log out of the device graphical user interface a logout button in the interface’s upper right corner should be pressed. A user is automatically disconnected after ten minutes of inactivity. This ensures that the device would not be suspected of any deliberate damage made by unauthorized access. # 9 API The firmware of the WCC Lite features a built-­in API which is accessible via the web interface. The API (as of version 1.2.0) implements API key authorization, that is generated on the first boot of the device. The authorization can be enabled or disabled and the API key can be changed via the web configuration interface at Services → API. ##### Authentication API key authentication is enabled by default and it generates a random 12-character long key. The key is stored in the same uci configuration as API. To change the API key via the interface, it must be equal to or longer than 12 characters. When API authentication is enabled WCC Lite+ checks if the "apiKey" header exists in the request and then validates its value against the one in the configuration. If the value is correct it continues with the API request, if the apiKey is incorrect or doesn't exist it returns an error response 401 with the message. {
"error": "Unauthorized access."
}
Individual API endpoints can be enabled or disabled via the web configuration interface at Services->API. All endpoints are disabled by default. All endpoints are disabled by default. Available API endpoints are shown in the table below.
PathDescriptionRequest body (encoded as "multipart-form-data") Response body example (json format)
/api/versionVersion of the API { "api\_version": "2", "api\_patch": "1", "sync\_version": "lite1" }
/api/actions List of available points
/api/syncVersionA version of the sync service
/api/syncProtocol hub configuration upload (key name="file"). Returns excel-utility output )\*
{
"file": "config.xlsx"
}
/api/syslog Prints out the syslog
/api/systemInfoGeneral system info
/api/gsmInfo GSM modem information
/api/devices List of configured devices
/api/device/info Returns configured device information. (key name="device\_alias")\*\*
{
"device\_alias": "INV1"
}
{ "Devices": \[ { "device\_alias": "INV1", "name": "INV1", "protocol": "modbus rtu" } \] }
/api/device/tagsList of tags of a particular configured device. (key name="device\_alias")\*\*
{ "device_alias": "INV1" }
{ "total\_signals": "7", "signals": \[ { "signal\_name": "Active power", "source\_device\_alias": "", "input\_topic": "tag/INV1/P/rin", "output\_topic": "tag/INV1/P/out", "signal\_alias": "P" }, ...
/api/device/tag/valueReturns tags value, name, timestamp, and flags of a particular device. (key name="device\_alias", key name="signal\_alias")\*\* { "device\_alias": "INV1", "signal\_alias": "P" }{ "total\_signals": "1", "signal\_values": \[ { "signal\_name": "Active power", "value": "5.9589999999999996", "timestamp": "1708000203824", "flags": "" } \] }
/api/tags List of configured tags
/api/sysupgrade Firmware upgrade. (key name="file")\*{ "file": "1.8.0-rtu.sysupgrade" }If successfully started the upgrade: { "message": "Upgrade started" } If failed to begin: { "message": "Failed to begin upgrade" } If firmware validation failed: { "message": "Failed to validate image" }
\* Endpoints accepting files (requires WCC Lite Firmware version 1.8 or newer) \*\* Endpoints accepting field data (requires WCC Lite firmware version 1.8 or newer) The API accepts data and files as POST requests encoded as ”multipart/form­data”. If API authorization is enabled, you must add a header "apiKey" with the correct key.# 10 SNMP SNMP (Simple Network Management Protocol) is an internet­ standard protocol for managing devices on IP networks. SNMP exposes management data in the form of a hierarchy of variables in an MIB (Management Information Base). WCC Lite supports SNMP service which is not added to the default build of firmware but can be installed as a module. It enables users to collect data on various parameters of the system: - CPU time ­ time spent for calculations of various processes: - *user* ­- time for user processes; - *system* -­ time for system processes; - *idle* ­- time spent idling; - *interrupts* -­ time spent handling interrupts. - *CPU load average* -­ CPU load average for 1, 5 and 15 minutes respectively - Disk usage: - *total* ­- total amount of storage in the device (in kB) - *available* -­ amount of storage available to store data (in kB) - *used* -­ amount of storage used in the device (in KB) - *blocks used percentage* ­- blocks (sectors) used to store data in a disk (in kB) - *inodes used percentage* ­- the inode (index node) is a data structure in a Unix­ style file system that describes a file­system object such as a file or a directory. Each inode stores the attributes and disk block location(s) of the object’s data. - *Memory usage* ­- RAM usage statistics: - *total* ­- total amount of RAM in the device (in kB); - *available* -­ unused amount of RAM in the device (in kB); - *shared* -­ shared amount of RAM between multiple processes (in kB); - *buffered* - refers to an electronic buffer placed between the memory and the memory controller; - *cached* ­- a portion of memory made of high­ speed static RAM (SRAM) instead of the slower dynamic RAM (DRAM) used for main memory; - *Network interfaces*: - *MTU* ­- maximum transmission unit to be sent over network; - *speed* -­ rate of network transmission; - *physical address* ­- unique MAC address assigned to a device; - *tx/rx*: byte, packet, drop, error count; - *System properties*: - *uptime* -­ time since the device was turned on; - *process uptime* ­- time since the process has been started; - *hostname* ­- a label that is assigned to a device connected to a computer network - *name* ­- name of the device (if defined); - *location* ­- location of the device (if defined).# 11 SMS sender ### General SMS sender is a service that lets users configure WCC Lite to send SMS on a set tag triggers.

SMS sender functionality is available since firmware version v1.5.4, of WCC Lite.

### Configuring SMS sender To configure WCC Lite to use SMS sender and user must fill in the needed parameters in Excel configuration. These parameters are shown in the tables below. *SMS sender parameters for Devices tab:*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in configurationYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringSelection of protocolYes **SMS sender**
host
array
List of phone numbers to send SMS to, separated by space.Yes
[![image-1632837719431.png](https://wiki.elseta.com/uploads/images/gallery/2021-09/scaled-1680-/image-1632837719431.png)](https://wiki.elseta.com/uploads/images/gallery/2021-09/image-1632837719431.png) *SMS sender parameters for the Signals tab:*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique signal name to be usedYes
source\_device\_aliasstringdevice\_alias of the source deviceNo
source\_signal\_aliasstringsource\_alias of the source signalNo
enablebooleanEnabling/disabling of a signalNo101
log integerEnable logging in the event log No00
job\_todostringSpecific SMS sender tag typeYes send-sms, device-control, device-status
tag\_job\_todostringSMS sender tag for **send-sms**: *text message* Yes
triggerstringTrigger expression for the SMS to be sentNo (Only for send\_sms)value!=0
To configure the SMS sender, 3 types of signals are mandatory. These values should be written inside the *job\_todo* field for each signal: - **send-sms** - This signal takes value from the provided *source\_signal\_alias* field and checks if the value evaluates as true against the *trigger* field. If it is true, the SMS sender will send the text from the *tag\_job\_todo* field to the specified phone numbers. - **device-control** - This signal controls if the SMS sender is enabled or disabled. Its *tag\_job\_todo* parameter should be set to enable. It takes value from the *source\_signal\_alias* field and evaluates it against the *trigger* field. If the *trigger* is evaluated as true, the SMS sender will be enabled, otherwise, it will disable the SMS sender. - **device-status** - This signal indicates if the service is enabled or not. Its *tag\_job\_todo* parameter should be set to *enabled.* Trigger expressions can be configured with basic comparison operators: - Less than **<** - Greater than **>** - Less than or equal to **<=** - Greater than or equal to **>=** - Equal **==** - Not equal **!=** *Example configuration of SMS sender (Signals tab):* [![image-1689241823615.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689241823615.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689241823615.png) Configuration --> [Download](https://wiki.elseta.com/attachments/109)# 12 DNP 3.0 # 12.1 Introduction DNP3 (Distributed Network Protocol) is a set of communications protocols used between components in process automation systems. Its main use is in utilities such as electric and water companies. It was developed for communications between various types of data acquisition and control equipment. It plays a crucial role in SCADA systems, where it is used by SCADA Master Stations (a.k.a. Control Centers), Remote Terminal Units (RTUs), and Intelligent Electronic Devices (IEDs). It is primarily used for communications between a master station and RTUs or IEDs. ICCP, the Inter­Control Center Communications Protocol (a part of IEC-60870­6), is used for inter­master station communications. Elseta’s DNP3 stack has both Master and Slave protocols implemented. Both of them can serve multiple serial (over physical RS­485 line), TCP or TLS (over TCP) connections with high efficiency. IEEE­1815 defines 4 subset levels (1­4) that consist of the objects and function codes that must be supported by the master and outstation. Levels 1­3 are supported fully and level 4 is supported partially. To get more information about how DNP3 works and what capabilities are supported one should get a copy of the protocol specification and/or check the Slave Interoperability List/Configuration guides for both Master and Slave protocols.

To set up TLS connection for both DNP3 Master and Slave, refer to sections Excel configuration and Certificates. All keys and certificates should be provided in the PEM format.

If no configuration is set up, DNP3 Master and Slave services are not started.

# 12.2 DNP 3.0 Master Default groups and variation sets are used to send commands. If slave devices support different groups and variations, they can be adjusted in Excel configuration. For more information check section [Excel configuration](https://wiki.elseta.com/books/manual/chapter/18-excel-configuration). #### Configuring data points To use DNP3 Master in WCC Lite, it has to be configured via an Excel configuration. This configuration contains two Excel sheets where parameters have to be filled in ­Devices and Signals. ##### DNP3 Master parameters for Devices tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCP/ TLS SerialMinMax
namestring User-friendly device nameYesYes
descriptionstringDescription of a deviceNoNo
device\_aliasstringAlphanumeric string to identify a deviceYesYes
enablebooleanEnabling/disabling of a deviceNoNo101
protocolstringProtocol to be used (”dnp3 serial”/”dnp3 tcp” (case insensitive))YesYes DNP3 TCP, DNP3 serial
modestringChoosing between TCP, TLS and SERIAL modes. If the protocol provided DNP3 TCP mode defaults to tcp and if DNP3 serial is provided mode defaults to serialNoNoTCP (for DNP3 TCP) SERIAL (for DNP3 serial) TCP, TLS (for DNP3 TCP) SERIAL (for DNP3 serial)
hoststringThe IP address of the TCP slave deviceYes-
bind\_address stringThe IP address of the network adapter used to connect to the slave deviceNoNo0.0.0.0
portintegerTCP communication portNoNo20000
deviceintegerCommunication port (”PORT1” or ”PORT2”)-Yes
baudrateintegerCommunication speed, bauds/s-No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communication-No869
stopbitsintegerStop bit count for communication-No112
paritystringCommunication parity option-Nononenone, even, odd
flowcontrolstringCommunication device flow control option. -Nononenone
tlsbooleanEnable/disable the use of TLS Yes (for TLS)-001
tls\_local\_certificatestringLocal certificate for TLS connectionYes (for TLS)-
tls\_peer\_certificatestringCertificate authority file for TLS connectionNo (for TLS)-
tls\_private\_keystringA file consisting of the private key for TLS connectionNo (for TLS)-
max\_rx\_frag\_sizeintegerMaximum size of a received fragment.NoNo204802048
destination\_addressintegerAddress of a master stationNoNo1065535
source\_addressintegerAddress of a slave (local) station.NoNo1065535
unsol\_classesstringDefines which classes will have unsolicited actions on startup. (Example: "1,3,2")NoNono class13
unsol\_disableboolDisables unsolicited messages on startup. The parameter is going to be ignored if the unsol\_classes parameter has any values assigned.NoNo001
groups\_scan\_maskintegerBitmask for enabling separate group scans with x06 qualifier (all objects). The parameter value is converted into a binary number where each bit stands for a separate group. Bits indexes and the groups that they represent: 0 -­ Binary, 1 ­- Double­bit Binary, 2 ­- Binary Output Status, 3 ­- Counter, 4 ­- Frozen Counter, 5 ­- Analog, 6 ­- Analog Output Status, 7 ­- Octet String (Example: 115 (0111 0011) will trigger data polls for signals whose types are - Binary, Double­bit Binary, Frozen Counter, Analog, Analog Output Status)NoNo00255
groups\_scan\_intervalinteger, string The time between separate groups scans intervals in seconds. Set to 0 to disable.NoNo00
exception\_scan\_intervalinteger, string The time between exception scan (classes 1,2,3) intervals in seconds. Set to 0 to disable.NoNo00
integrity\_scan\_intervalinteger, string Time between integrity scan (classes 0,1,2,3) intervals in seconds (general interrogation). Set to 0 to disable.NoNo00
timesync\_modestringWill override the master default setting for choosing the time sync procedureNoNoNON-LAN (for Serial) LAN (for tcp) LAN, NON-LAN
time\_sync\_interval\_sec integer, string Periodic time sync interval in seconds. If > 0 ­- time syncs are forced and periodic. If = 0 ­- time syncs react to IIN bits from the slave. If < 0 -­ time syncs are disabled. NoNo
select\_msintegerSelect command timeout. Valid for all signals.NoNo10000
timeout\_msintegerResponse timeout in millisecondsNo No2000
keep\_alive\_timeoutintegerThe time interval for sending a keep-alive packet in milliseconds.No-60
use\_local\_timebooleanif enabled (1) communication uses system time instead of UTC.NoNo001
##### DNP3 Master parameters for the Signals tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
signal\_namestringUser-friendly signal nameYesYes
device\_aliasstringDevice alias from a Devices tabYesYes
signal\_alias
string
Unique alphanumeric name of the signal to be usedYesYes
enablebooleanEnabling/disabling a deviceNoNo101
indexintegerIndex of a signal.YesYes 065535
logbooleanEnable logging in the event logNoNo001
signal\_typestringDNP3 signal type. (case insensitive) YesYes ”binary”, ”doublebitbinary”, ”binaryoutputstatus”, ”binaryoutputcommand”, ”counter”, ”frozencounter”, ” analogue”, ”analogoutputstatus”, ”analogoutputcommand”, ”timeandinterval”, ”octetstring”
command\_variationintegerDNP3 command variation. *Supported variations depend on signal type and are provided in the table below* NoNo104
static\_variationintegerDNP3 command variation (). Supported variations depend on signal type and are provided in the table below.NoNo 0, 1, 2, 3, 4, 5, 6, 9, 10
event\_variationintegerDNP3 command variation. Supported variations depend on signal type and are provided in the table below.No No 08
control\_code
string
DNP3 control model code of CROB signal. TripClose and Pulse control model requires **PulseOn/off** times to be set YesYes LATCH, PULSE, TRIPCLOSE
pulse\_on\_time\_msintegerPulse ON time in milliseconds, when using Pulse or TripClose control models must be setYesYes
pulse\_off\_time\_msintegerPulse OFF time in milliseconds, when using Pulse or TripClose control models must be setYesYes
class\_numintegerClass assignment of the signal.NoNo003
operate\_typeintegerDefault command behaviour. If selected: ”­**-1**” ­- DirectOperateNoAck (FC=6), **”0”** - DirectOperate (FC=5), "**1"** - SelectBeforeOperate (FC=3). NoNo1-11
job\_todostringThe device status signal can be configured by providing one of the given values. NoNo communication\_status, device\_running, device\_error, unknown\_error
##### Device status signals To configure any device status signal for the DNP3 protocol additional job\_todo column is required. For DNP3 master required parameters for status signal will be: **signal\_name,** **device\_alias, signal\_alias, index, signal\_type**, **event\_variation** (1,2 or 3) and **job\_todo**. There are 4 possible signals: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ##### Command variations
Signal TypeAvailable Command VariationDefault Command Variation
Binary Output Command (Group12)0, 11
Analog Output Command (Group41)0, 1, 2, 3, 41
##### Static and Event variations
Signal TypeAvailable VariationsDefault Variations
BinaryStatic variation (Group1) 1, 2 Event variation (Group2) 1, 2, 3Static variation 2 Event variation 1
Double BinaryStatic variation (Group3) 2 Event variation (Group4) 1, 2, 3Static variation 2 Event variation 1
Binary Output StatusStatic variation (Group10) 1, 2 Event variation (Group11) 1, 2Static variation 2 Event variation 1
CounterStatic variation (Group20) 1, 2, 5, 6 Event variation (Group22) 1, 2, 5, 6Static variation 1 Event variation 1
Frozen CounterStatic variations (Group21) 1, 2, 5, 6, 9,10 Event variation (Group23) 1, 2, 5, 6Static variation 1 Event variation 1
AnalogStatic variation (Group30) 1, 2, 3, 4, 5, 6 Event variation (Group32) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Analog Output StatusStatic variation (Group40) 1, 2, 3, 4 Event variation (Group42) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Time and IntervalStatic variation (Group50) 1Static variation 1
Octet StringStatic variation (Group110) 0 Event variation (Group111) 0Static variation 0 Event variation 0
#### Debugging the DNP3 Master service If the configuration for DNP3 devices is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. DNP3 protocol runs a service called **dnp3-­master**. If DNP3 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the **dnp3-­master** process and run the **dnp3-m­aster** command with respective flags as in the table given below. Procedure for DNP3 Master protocol service debugging: - **Step 1**: Service must be stopped by entering the following command into the wcclite: **/etc/init.d/dnp3-­master stop** - **Step 2**: After the service is stopped it must be started with the preferred configuration file (JSON files found in the /etc/ folder) and a debug level 7: **dnp3­-master ­-c /etc/dnp3-­master/dnp3­master.json ­-d7**Additional output forming options described in the table below. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/dnp3-­master start** dnp3­-master command line debugging options
Option Description
­-h \[ –help \] Display help information
­-V \[ –version \] Show version
-p \[ –port \]­Show output for one port only
­-d <debug level>Set debugging level
-­c \[ –config \] Config path
-­a \[ –app \]Show application layer data
–l \[ –link \] Show link layer data
–t \[ –transport \] Show transport layer data
-­r \[ –redis \] Show Redis messages
-­R \[ –readyfile \] Ready notification file
# 12.3 DNP 3.0 Slave Default group and variation sets are used to send static and event values. If master devices support different groups and variations, they can be adjusted in Excel configuration. WCC Lite-supported variations are provided in *Static and Event variations* and *Command variations.* ##### DNP3 Slave parameters for Devices tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCP/ TLS RTUMinMax
namestring User-friendly device nameYesYes
descriptionstringDescription of a deviceNoNo
device\_aliasstringAlphanumeric string to identify a deviceYesYes
enablebooleanEnabling/disabling of a deviceNoNo101
protocolstringProtocol to be used.YesYes dnp3 tcp slave dnp3 serial slave
modestringChoosing between TCP, TLS and SERIAL modes. If the protocol is provided DNP3 TCP mode defaults to tcp and if DNP3 serial is provided mode defaults to SERIALNoNoTCP or SERIALTCP, SERIAL, TLS
hoststringThe IP address of the TCP slave deviceYes-
bind\_address stringThe IP address of the network adapter used to connect to the slave deviceNo -0.0.0.0
portintegerTCP communication portNo -20000
devicestringCommunication port (”PORT1” or ”PORT2”)-Yes
baudrateintegerCommunication speed, bauds/s-No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communication-No869
stopbitsintegerStop bit count for communication-No112
paritystringCommunication parity option-Nononenone, even, odd
flowcontrolstringCommunication device flow control option. -Nononenone
tlsbooleanEnable/disable the use of TLS Yes (for TLS)-001
tls\_local\_certificatestringLocal certificate for TLS connectionYes (for TLS)-
tls\_peer\_certificatestringCertificate authority file for TLS connectionNo (for TLS)-
tls\_private\_keystringA file consisting of the private key for TLS connectionNo (for TLS)-
max\_tx\_frag\_sizeintegerMaximum size of a received fragment.NoNo204802048
destination\_addressintegerAddress of a master stationNoNo1065535
source\_addressintegerAddress of a slave (local) station.NoNo1065535
unsol\_classesstringDefines which classes will have unsolicited actions on startup. (Example: "1,3,2")NoNono class13
time\_sync\_interval\_sec integer, string Periodic time sync interval in seconds. If 0 < ­- time syncs are forced and periodic. If = 0 ­- time syncs react to IIN bits from the slave. If < 0 -­ time syncs are disabled. NoNo00
select\_msintegerSelect command timeout. Valid for all signals.NoNo10000
timeout\_msintegerResponse timeout in millisecondsNo No2000
keep\_alive\_timeoutintegerThe time interval for sending a keep-alive packet in milliseconds.NoNo60
##### DNP3 Slave parameters for Signals tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
signal\_namestringUser-friendly signal nameYesYes
device\_aliasstringDevice alias from a Devices tabYesYes
signal\_alias
string
Unique alphanumeric name of the signal to be usedYesYes
enablebooleanEnabling/disabling of a deviceNoNo101
indexintegerIndex of a signal.YesYes 065535
logbooleanEnable logging in the event logNoNo00
deadbandinteger, stringDeadband for Analog, Analog Output Status, Counter, and Frozen Counter signals.NoNo0
signal\_typestringDNP3 signal type. (case insensitive) YesYes ”binary”, ”doublebitbinary”, ”binaryoutputstatus”, ”binaryoutputcommand”, ”counter”, ”frozencounter”, ”analog”, ”analogoutputstatus”, ”analogoutputcommand”
command\_variationintegerDNP3 command variation. *Supported variations depend on signal type and are provided in the table below* NoNo104
static\_variationintegerOverride default signal’s static variation. Valid for Status mode signals.NoNo 0, 1, 2, 3, 4, 5, 6, 9, 10
event\_variationintegerOverride default signal’s event variation. Valid for Status mode signals. No No 08
control\_code
string
DNP3 control model code of CROB signal. TripClose and Pulse control model requires **PulseOn/off** times to be set. YesYes LATCH, PULSE, TRIPCLOSE
pulse\_on\_time\_msintegerPulse ON time in milliseconds, when using Pulse or TripClose control models must be set.YesYes
pulse\_off\_time\_msintegerPulse OFF time in milliseconds, when using Pulse or TripClose control models must be set.YesYes
class\_numintegerClass assignment of this signal.NoNo003
operate\_typeintegerDefault command behaviour. If selected: ”­**-1**” ­- DirectOperateNoAck (FC=6), **”0”** - DirectOperate (FC=5), "**1"** -­ SelectBeforeOperate (FC=3). NoNo1-11
job\_todostringThe device status signal can be configured by providing one of the given values. NoNo communication\_status, device\_running, device\_error, unknown\_error
##### Device status signals
To configure any device status signal for DNP3 protocol additional job\_todo column is required. For DNP3 slave required parameters for status signal will be: **signal\_name, device\_alias, signal\_alias, index, signal\_type**, **event\_variation** (1,2 or 3) and **job\_todo**. There are 4 possible signals: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ##### Command variations
Signal TypeAvailable Command VariationDefault Command Variation
Binary Output Command (Group12)0, 11
Analog Output Command (Group41)0, 1, 2, 3, 41
##### Static and Event variations
Signal TypeAvailable VariationsDefault Variations
BinaryStatic variation (Group1) 1, 2 Event variation (Group2) 1, 2, 3Static variation 2 Event variation 1
Double BinaryStatic variation (Group3) 2 Event variation (Group4) 1, 2, 3Static variation 2 Event variation 1
Binary Output StatusStatic variation (Group10) 2 Event variation (Group11) 1, 2Static variation 2 Event variation 1
CounterStatic variation (Group20) 1, 2, 5, 6 Event variation (Group22) 1, 2, 5, 6Static variation 1 Event variation 1
Frozen CounterStatic variations (Group21) 1, 2, 5, 6, 9,10 Event variation (Group23) 1, 2, 5, 6Static variation 1 Event variation 1
AnalogStatic variation (Group30) 1, 2, 3, 4, 5, 6 Event variation (Group32) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
Analog Output StatusStatic variation (Group40) 1, 2, 3, 4 Event variation (Group42) 1, 2, 3, 4, 5, 6, 7, 8Static variation 1 Event variation 1
#### Debugging the DNP3 Slave service If the configuration for DNP3 devices is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. DNP3 protocol runs a service called **dnp3-­slave**. If DNP3 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the **dnp3-­slave** process and run the **dnp3-slave** command with respective flags as in the table given below. Procedure for DNP3 Master protocol service debugging: - **Step 1**: Service must be stopped by entering the following command into the wcclite: **/etc/init.d/dnp3-­slave stop** - **Step 2**: After the service is stopped it must be started with the preferred configuration file (JSON files found in the /etc/ folder) and a debug level 7: **dnp3­-slave ­-c /etc/dnp3-­slave/dnp3­slave.json ­-d7** Additional output forming options described in the table below. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/dnp3-­slave start** dnp3­-slave command line debugging options
Option Description
­-h \[ –help \] Display help information
­-V \[ –version \] Show version
-p \[ –port \]­Show output for one port only
­-d <debug level>Set debugging level
-­c \[ –config \] Config path
-­a \[ –app \]Show application layer data
–l \[ –link \] Show link layer data
–t \[ –transport \] Show transport layer data
-­r \[ –redis \] Show Redis messages
-­R \[ –readyfile \] Ready notification file
# 13 Modbus # 13.1 Introduction Modbus is a communication protocol for use with its programmable logic controllers (PLCs). Modbus has become a de facto standard communication protocol and is now a commonly available means of connecting industrial electronic devices. It was developed for industrial applications, is relatively easy to deploy and maintain compared to other standards, and places few restrictions other than size on the format of the data to be transmitted. Modbus enables communication among many devices connected to the same network, for example, a system that measures temperature and humidity and communicates the results to a computer. Modbus is often used to connect a supervisory computer with a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA) systems. Many of the data types are named from industry usage of Ladder logic and its use in driving relays: a single-bit physical output is called a coil, and a single-bit physical input is called a discrete input or a contact.
WCC Lite supports both Modbus Master and Slave protocols. One can select between transmission over TCP/IP or serial connection (RS-485/RS232). Bytes to transmit can either be encoded according to both RTU and ASCII parts of the standard. # 13.2 Modbus Master Modbus communication contains a single Master and may include more than 1, but not more than 247 devices. To gather data from peripheral devices, the master device requests a cluster of slave devices for data. If any device understands that this message is addressed to it, it will reply with data. As no timestamp is sent along with data, having recent data requires frequent polling. WCC Lite can be configured to acquire data periodically in custom-defined intervals. #### Configuring datapoints Modbus Master in WCC Lite has to be configured via Excel. This configuration contains two Excel sheets where parameters have to be filled in - Devices and Signals ##### Modbus Master parameters for the Devices tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTU/ASCIIMinMax
name stringUser-friendly name for a device YesYes
description stringDescription of a device NoNo
device\_alias stringAlphanumeric string to identify a device YesYes
enablebooleanEnabling/disabling of a device NoNo101
protocolstringProtocol to be used YesYes Modbus RTU, Modbus TCP
ipstringThe IP address of the TCP slave deviceYes-
portintegerTCP communication port Yes - 502
bind\_addressstringThe IP address of the network adapter used to connect to the slave device (Default: ”0.0.0.0”) NoNo0.0.0.0
idintegerModbus Slave IDYesYes
modestringChoosing between RTU (”rtu”), ASCII (”ascii”) and TCP(”tcp”) modes. ASCII is the same as RTU, but with ASCII symbols.NoNoTCP (for TCP) RTU (for Serial) rtu, ascii, tcp
timeout\_msintegerResponse timeout in milliseconds Yes Yes10000
devicestring Communication port (”PORT1”/”PORT2”) - YesPORT1 PORT2
baudrateintegerCommunication speed, baud/s - Yes9600 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication - Yes8 6 9
stopbitsintegerStop bit count for communication - Yes1 1 2
paritystring Communication parity option - Yesnone none, even, odd
flowcontrolstring Number of requests, before the link is considered lost (device status signals are changed) and reconnect attempt will be issued - Yesnone none
scan\_rate\_msintegerIf provided and positive - all jobs will have similar scan rates - all reads and writes will be executed within this timeframe (parameter scan\_rate\_ms in the Signals tab will be ignored) YesYes300
retry\_countintegerNumber of requests, before the link is considered lost (device status signals are changed) and reconnect attempt will be issued NoNo3
serial\_delayintegerRS485 delay between read and write operations in milliseconds - Yes50
keep\_alive\_timeout integerTime interval for sending a keep-alive packet (in milliseconds) NoNo60
modbus\_multi\_write booleanUse 15/16 functions to write 1 register/coil (Default: 0) NoNo001
comm\_restart\_delay integerTime delay between disconnecting from the slave device and restarting the connection (in milliseconds) (Default: 500) No -500
update booleanEnable to keep updating the tags even if they have the same value. No No 0 0 1
##### Modbus Master parameters for the Signals tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTU/ASCIIMinMax
signal\_name stringUser-friendly signal name YesYes
device\_alias stringAlphanumeric string to identify a device YesYes
signal\_alias stringUnique alphanumeric name of the signal to be Yes used YesYes
enablebooleanEnabling/disabling of an individual signal NoNo101
job\_todo stringRequest to send according to Modbus specification without device address and checksum. This field can be identical on several tags to fetch them in a single request YesYes
tag\_job\_todo stringSimilar format to the job\_todo field. Address and length must be a subset of the job field. Defines the individual tag’s register(s) or coil(s). Can be described in HEX or DEC formats YesYes
number\_type stringType of a number. Each allowed type can be prefixed by a single or a combination of swap prefixes (SW8, SW16, SW32), e.g. SW16.UNSIGNED32, SW32.SW16.SW8.DOUBLE YesYes DIGITAL, SIGNED8, UNSIGNED8, SIGNED16, UNSIGNED16, SIGNED32, UNSIGNED32, FLOAT, DOUBLE
log integerIf the log parameter is 1, the signal will be visible in the events log tab, if 0, signals will not be logged. NoNo0
pulse\_short\_time\_ms integerThe time interval for short output pulse to stay active NoNo0
pulse\_long\_time\_ms integerThe time interval for a long output pulse to stay active NoNo0
periodic\_update\_ms integerSignal value will be published periodically according to the value set. NoNo

Note: If the number type is more than 16 bits (this means FLOAT, SIGNED32, DOUBLE etc.), modbus multiwrite should be enabled (1).

##### Device status signals Modbus Master has an additional signal which can be configured to show communication status. It is used to indicate if the slave device has disconnected from the master (WCC Lite). To configure such signal for Modbus protocol, job\_todo and tag\_job\_todo fields with string values are required. For Modbus master required parameters for the status signal will be **signal\_name** **device\_alias, signal\_alias, number\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. Different device vendors can have different implementations of a Modbus protocol stack. A register table can be one of the primary differences. WCC Lite Modbus Master transmits the most significant word (byte) first, however, devices from some vendors might require transmitting the least significant word (byte) first. If that is the case, make sure to switch bytes as needed. To find out more about setting a correct number format, one should consult a section [`number_type`](https://wiki.elseta.com/link/859#bkmrk-number_type-field). Modbus job or tag (as a task to be completed) can be built in two different formats - the user can select a more convenient way for him: - hexadecimal format with every single byte separated by a | symbol. Device address, bytes containing output information and CRC (LRC) bytes should be excluded from the message; - decimal format containing function number, first address and address count, separated by ; symbol. All other information should be excluded from the message; `job_todo` can group several `tag_job_todo`’s. That way one Modbus message can be used to extract several tags. Grouping is accomplished dynamically meaning that if several identical jobs are found, their tags are grouped automatically. #### Debugging a Modbus Master application If the configuration for Modbus Master is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. Modbus Master command line debugging options `modbus-master ` ``` -h [ –help ] Display help information -V [ –version ] Show version -d Set debugging level -c [ –config ] Config path -r [ –raw ] Show raw telegram data -f [ –frame ] Show frame data -s [ –serial ] Show serial port data –tcp Show tcp packets –ascii Show ASCII messages –rtu Show RTU messages -e [ –redis ] Show redis debug information -R [ –readyfile ] Ready notification file ``` If Modbus Master does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the Modbus-master process and run the Modbus-master command with respective flags as shown above. # 13.3 Modbus Slave WCC Lite can act as one (or several) of slave devices in a communication line. This can be used to transmit data to SCADA systems or other RTU devices. It can reply to messages from Modbus Master with matching devices and register addresses. #### Configuring datapoints Modbus Slave in WCC Lite has to be configured via Excel. This configuration contains two Excel sheets where parameters have to be filled in - Devices and Signals

If TCP/IP is used as a transmission medium, only devices with IPs predefined in the host column are allowed to connect. All other connections are rejected

##### Modbus Slave parameters for Devices tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTU/ASCIIMinMax
name stringUser-friendly name for a device YesYes
description stringDescription of a device NoNo
device\_alias stringAlphanumeric string to identify a device YesYes
unknown
enablebooleanEnabling/disabling of a device NoNo101
protocolstringProtocol to be used YesYes Modbus serial Slave, Modbus TCP Slave
hoststringSpace-separated host IP addresses of master deviceYes-
portintegerTCP port to listen for incoming connections Yes -
bind\_addressstringThe IP address of the network adapter used to connect to the slave device (Default: ”0.0.0.0”) NoNo0.0.0.0
keep\_alive\_timeout integerThe minimum time a connection can be idle without being closed in milliseconds NoNo60
modestringChoosing between RTU (”rtu”), ASCII (”ascii”) and TCP(”tcp”) modes. ASCII is the same as RTU, but with ASCII symbols.NoNoTCP (for TCP) RTU (for Serial) rtu, ascii, tcp
devicestring Communication port (”PORT1”/”PORT2”) - YesPORT1 PORT2
baudrateintegerCommunication speed, baud/s - Yes9600 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication - Yes8 6 9
stopbitsintegerStop bit count for communication - Yes1 1 2
paritystring Communication parity option - Yesnone none, even, odd
flowcontrolstring The communication device’s flow control option. -Nonone none
##### Modbus Slave parameters for the Signals tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTU/ASCIIMinMax
signal\_name stringUser-friendly signal name YesYes
device\_alias stringAlphanumeric string to identify a device YesYes
signal\_alias stringUnique alphanumeric name of the signal to be used YesYes
enablebooleanEnabling/disabling an individual signal NoNo101
number\_type stringType of a number (FLOAT, DOUBLE, DIGITAL, etc.). This defines the size that will be read. YesYes
log integerIf the log parameter is equal to 1, the signal values and attributes will be seen in the events log. NoNo0
slave\_idintegerAddress of a slave deviceYesYes
functionintegerFunction numberYesYes 1, 2, 3, 4
register\_addressintegerRegister addressYesYes
periodic\_update\_msintegerSignal value is published periodically according to the value set.NoNo---
##### Device status signals
Modbus slave has an additional signal which can be configured to show communication status. It indicates if the master device has disconnected from the slave (WCC Lite). To configure such signal for Modbus protocol, job\_todo and tag\_job\_todo fields with string values are required. For Modbus slave required parameters for the status, the signal will be **signal\_name** **device\_alias, signal\_alias, number\_type, slave\_id, function**, **register\_address, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. #### Mapping values to registers Internally stored values aren’t organised in a register-like order, therefore mapping should be done by the user. This mapping includes setting the address of the device WCC Lite is simulating as well as the function number, register number and how many 16-bit registers are used to store a value. These values should be set in `common_address`, `function`, `info_address` and `size` columns respectively in the Excel configuration. To find out how many registers should be used for storing values, and how values can have their values swapped, a user should consult a section `number_type`.

If a Modbus master device requests data from a register that is mapped but doesn’t yet have an initial value, an ILLEGAL DATA ADDRESS error code will be returned. The same error code is returned if the requested size of the value is bigger than defined or if the register is not configured at all.

#### Debugging a Modbus Slave application If the configuration for Modbus Slave is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. Modbus Slave command line debugging options `modbus-slave` ``` -h [ –help ] Display help information -V [ –version ] Show version -d Set debugging level -c [ –config ] Config path -r [ –raw ] Show raw telegram data -f [ –frame ] Show frame data -s [ –serial ] Show serial port data –tcp Show tcp packets –ascii Show ASCII messages –rtu Show RTU messages -e [ –redis ] Show redis debug information -R [ –readyfile ] Ready notification file ```

If Modbus Slave does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly.

To launch a debugging session, a user should stop `modbus-slave` process and run `modbus-slave` command with respective flags as shown above.

# 14 IEC 60870-5-10X # 14.1 Introduction **IEC 60870 part 5** is one of the [IEC 60870](https://en.wikipedia.org/wiki/IEC_60870 "IEC 60870") set of standards which define systems used for telecontrol ([supervisory control and data acquisition](https://en.wikipedia.org/wiki/Supervisory_control_and_data_acquisition "Supervisory control and data acquisition")) in [electrical engineering](https://en.wikipedia.org/wiki/Electrical_engineering "Electrical engineering") and [power system automation](https://en.wikipedia.org/wiki/Power_system_automation "Power system automation") applications. Part 5 provides a communication profile for sending basic telecontrol messages between two systems, which uses permanent directly connected data circuits between the systems. The [IEC Technical Committee 57](https://en.wikipedia.org/wiki/IEC_TC_57 "IEC TC 57") (Working Group 03) has developed a [protocol](https://en.wikipedia.org/wiki/Communications_protocol "Communications protocol") standard for telecontrol, teleprotection, and associated telecommunications for [electric power](https://en.wikipedia.org/wiki/Electric_power "Electric power") systems. The result of this work is IEC 60870-5. Five documents specify the base IEC 60870-5: - IEC 60870-5-1 Transmission Frame Formats - IEC 60870-5-2 Data Link Transmission Services - IEC 60870-5-3 General Structure of Application Data - IEC 60870-5-4 Definition and Coding of Information Elements - IEC 60870-5-5 Basic Application Functions - IEC 60870-5-6 Guidelines for conformance testing for the IEC 60870-5 companion standards - IEC TS 60870-5-7 Security extensions to IEC 60870-5-101 and IEC 60870-5-104 protocols (applying IEC 62351) The IEC Technical Committee 57 has also generated companion standards: - IEC 60870-5-101 Transmission Protocols - companion standards especially for basic telecontrol tasks - IEC 60870-5-102 Transmission Protocols - Companion standard for the transmission of integrated totals in electric power systems (this standard is not widely used) - IEC 60870-5-103 Transmission Protocols - Companion standard for the informative interface of protection equipment - IEC 60870-5-104 Transmission Protocols - Network access for IEC 60870-5-101 using standard transport profiles - IEC TS 60870-5-601 Transmission protocols - Conformance test cases for the IEC 60870-5-101 companion standard - IEC TS 60870-5-604 Conformance test cases for the IEC 60870-5-104 companion standard IEC 60870-5-101/102/103/104 are companion standards generated for basic telecontrol tasks, the transmission of integrated totals, data exchange from protection equipment & network access of IEC101 respectively. Source: [https://en.wikipedia.org/wiki/IEC\_60870-5](https://en.wikipedia.org/wiki/IEC_60870-5 "Wikipedia") # 14.2 IEC 60870-5-101 Master The IEC 60870-­5-­101 protocol is a companion standard for power system monitoring, control associated communications for telecontrol, teleprotection and associated telecommunications for electric power systems. Standard IEC 60870-­5­-101 was prepared by IEC Technical Committee 57 (Power system control and associated communications). Standard IEC 60870-­5-­101 defines an **Application Service Data Unit** (**ASDU** Figure below). In ASDU there is an ASDU identifier (with the type of ASDU in it) and information objects.![image-1638258623652.png](https://wiki.elseta.com/uploads/images/gallery/2021-11/scaled-1680-/image-1638258623652.png) IEC 60870­-5-­101 ASDU structure **Common Address of ASDU** Defines the stations' address and can be configured in Devices asdu\_address field for source and *Signals* common\_address field for the destination. **Information Object Address** Used as destination object address in the control direction and as source object address in the monitor direction can be configured in the Signals info\_address field. Standard IEC 60870­-5­-101 transmission frames are separated into 3 different types: **frame with variable length**, **frame with fixed length,** and **single control characters** [![image-1638259001158.png](https://wiki.elseta.com/uploads/images/gallery/2021-11/scaled-1680-/image-1638259001158.png)](https://wiki.elseta.com/uploads/images/gallery/2021-11/image-1638259001158.png) IEC 60870­-5-­101 ASDU structure **The control field** provides information about the message direction, type of service, and checksum. **The address field** specifies the link address which points to the message's destination. WCC Lite supports IEC 60870-­5-­101 Master protocol over a serial link (according to EIA RS­485). Its full functionality list can be found in an [IEC 60870­-5-­101 PID Interoperability List](https://wiki.elseta.com/link/180#bkmrk-pid%27s) which can be downloaded separately from this user manual. ### Configuring datapoints (master) The IEC 60870-­5-­101 Master in WCC Lite has to be configured in Excel. This configuration contains two Excel sheets where parameters must be filled in ­Devices and Signals. ##### IEC 60870-­5-­101 master parameters for *Devices* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a device Yes
description stringDescription of a device No
device\_alias stringAlphanumeric string to identify a device Yes
enablebooleanEnabling/disabling of a device No101
protocolstringProtocol to be used Yes IEC 60870­-5-101 master
devicestring Communication port Yes PORT1 PORT2
baudrateintegerCommunication speed (bauds/s) No 9600 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication No 8 6 9
stopbitsintegerStop bit count for communication No 1 1 2
paritystring Communication parity option No none none, even, odd
flowcontrolstring Number of requests, before the link is considered lost (device status signals are changed) and reconnect attempt will be issued No none none
link\_addressintegerDestination address when in transmit and source address when broadcastingYes 065535
link\_sizeintegerLink address size in bytesNo112
asdu\_addressintegerApplication Service Data Unit addressYes 065535
asdu\_sizeintegerCommon address size in bytesNo112
ioa\_sizeintegerInformation object address (IOA) size in bytesNo213
cot\_sizeintegerCause of transmission (COT) size in bytesNo112
time\_sync\_interval\_secintegerDefines how often (in seconds) a slave will request time synchronization. **If greater than 0** ­slave will request synchronizations and will reset the timer if the master did it earlier. **If 0** slave won’t request timesyncs, but will allow them. **If ­1** ­ time syncs are not supported ­ requests will be dropped.No60
gi\_interval\_secintegerThe time frame between General Interrogation requests in seconds if 0 requests are disabledNo300
scan\_rate\_msintegerPolling interval in milliseconds. The time frame between two telegrams from the master Yes100
timeout\_msintegerResponse timeout in milliseconds Yes 1000
retry\_countintegerNumber of retries of failed requests before announcing that the device is in Error state Yes1
##### IEC 60870­-5-­101 master parameters for Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_name stringUser-friendly signal name Yes
device\_alias stringAlphanumeric string to identify a device Yes
signal\_alias stringUnique alphanumeric name of the signal to be used Yes
source\_device\_alias stringdevice\_alias of a source device For commands
source\_signal\_alias stringsignal\_alias of a source signal For commands
enablebooleanEnabling/disabling of an individual signal No101
log integerAllow signal to be logged. If the **log is 0 signal** will not be logged. If the **log is more than 0** signal will be logged No0
gibooleanIncluding/excluding (1 or 0) signals from General InterrogationNo001
common\_addressintegerAddress of a destination deviceYes1
info\_addressintegerInformation object addressYes
data\_typeintegerASDU type identifier Yes
1, 2, 3, 4, 5, 6, 9, 10, 11, 12, 13, 14, 30, 31, 32, 34, 35, 36, 45, 46, 47, 48, 49, 50
periodic\_update\_msintegerSignal value is published periodically according to the value set.No
##### Device status signals IEC 60870-­5-­101 has an additional signal which can be configured to show communication status. It is used to indicate if the slave device has disconnected from the master (WCC Lite). To configure such signal for IEC 60870-­5-­101 protocol, job\_todo and tag\_job\_todo fields with string values are required. For IEC 60870-­5-­101 master required parameters for the status signal will be: **signal\_name** **device\_alias, signal\_alias, common\_address, info\_address, data\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – the device or protocol connection is on and working properly, 2 – the device is off or the protocol is disconnected, and 3 – the error or service is down. ### Debugging an IEC 60870-­5­-101 Master application If the configuration for IEC 60870-­5-­101 devices is set up, a handler for the protocol will start automatically. If the configuration is missing parameters or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. If IEC 60870-­5-­101 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the *iec101­-master* process and run the *iec101-­master* command with respective flags as shown in the table below. Procedure for IEC 60870-­5-­101 master service debugging: - **Step 1**: Service must be stopped by entering the following command into the WCC Lite: **/etc/init.d/iec101-­master stop** - **Step 2**: After the service is stopped it must be started with the preferred configuration file (JSON files found in /etc/ folder) and a debug level 7: **iec101-­master -­c /etc/iec101-master/iec101­master.json ­-d7** Additional output forming options are described here: Command line arguments. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/iec101-­master start** ##### IEC 60870-­5­-101 command line debugging options ``` -h [ –help ] Display help information -V [ –version ] Show version -d Set debugging level -c [ –config ] Config path -r [ –raw ] Show raw telegram data -f [ –frame ] Show frame data -R [ –readyfile ] Ready notification file ``` # 14.3 IEC 60870-5-101 Slave ### Configuring datapoints (slave) The IEC 60870­-5­-101 Slave in WCC Lite has to be configured in Excel. This configuration contains two Excel sheets where parameters must be filled in *­Devices* and *Signals.* ##### *IEC 60870-­5-­101 slave parameters for Devices tab*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a device Yes
description stringDescription of a device No
device\_alias stringAlphanumeric string to identify a device Yes
enablebooleanEnabling/disabling of a device No101
protocolstringProtocol to be used Yes IEC 60870­-5-101 slave
devicestring Communication port Yes PORT1 PORT2
baudrateintegerCommunication speed (bauds/s) No 9600 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication No 8 6 9
stopbitsintegerStop bit count for communication No 1 1 2
paritystring Communication parity option No none none, even, odd
flowcontrolstring Number of requests, before the link is considered lost (device status signals are changed) and reconnect attempt will be issued No none none
link\_addressintegerDestination address when in transmit and source address when broadcastingYes 065535
link\_sizeintegerLink address size in bytesNo112
asdu\_sizeintegerCommon address size in bytesNo112
ioa\_sizeintegerInformation object address (IOA) size in bytesNo213
cot\_sizeintegerCause of transmission (COT) size in bytesNo112
time\_syncbooleanAllow time synchronization, 1 to enable and 0 to disableNo001
message\_sizeintegerMaximum length of a messageYes2530255
cache\_sizeintegerMaximum number of events to store in a bufferNo10001000
respond\_delayintegerTime in microseconds to wait before sending responsesYes10001000000
single\_byte\_ackbooleanUse single character acknowledge, 1 to enable and 0 to disableNo 001
keep\_alive\_timeoutintegerTime interval in seconds before serial connection is considered offlineNo 60
**keep\_alive\_timeout** timer is used for the connection tracker to display protocol status. This parameter does not affect protocol functionality and only tracks its status in the connection tracker. ##### IEC 60870­-5-­101 slave parameters for Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_name stringUser-friendly signal name Yes
device\_alias stringAlphanumeric string to identify a device Yes
signal\_alias stringUnique alphanumeric name of the signal to be Yes used Yes
source\_device\_alias stringdevice\_alias of a source device For commands
source\_signal\_alias stringsignal\_alias of a source signal For commands
enablebooleanEnabling/disabling of an individual signal No101
log integerAllow signal to be logged. If the **log is 0, the signal** will not be logged. If the **log is more than 0, the** signal will be logged No0
gibooleanIncluding/excluding (1 or 0) signals from General InterrogationNo001
common\_addressintegerAddress of a destination deviceYes
info\_addressintegerInformation object addressYes
data\_typeintegerASDU type identifierYes
1, 2, 3, 4, 5, 6, 9, 10, 11, 12, 13, 14, 30, 31, 32, 34, 35, 36, 45, 46, 47, 48, 49, 50, 58, 59, 60, 61, 62, 63
periodic\_update\_msintegerSignal value is published periodically according to the value set.No-
-
##### Device status signals
IEC 60870-­5-­101 has an additional signal which can be configured to show communication status. It indicates if the master device has disconnected from the slave (WCC Lite). To configure such signal for IEC 60870-­5-­101 protocol, job\_todo and tag\_job\_todo fields with string values are required. For IEC 60870-­5-­101 slave required parameters for status, signal will be **signal\_name** **device\_alias, signal\_alias, common\_address, info\_address, data\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – the device or protocol connection is on and working properly, 2 – the device is off or protocol is disconnected, and 3 – the error or service is down. ### Debugging an IEC 60870-­5­-101 slave application If the configuration for IEC 60870-­5-­101 devices is set up, the handler for the protocol will start automatically. If the configuration is missing parameters or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. If IEC 60870-­5-­101 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command-line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the *iec101­-slave* process and run the *iec101-­slave* command with respective flags as shown in the table below. Procedure for IEC 60870-­5-­101 slave service debugging: - **Step 1**: Service must be stopped by entering the following command into the WCC Lite: **/etc/init.d/iec101-­slave stop** - **Step 2**: After the service is stopped it must be started with the preferred configuration file (JSON files found in /etc/ folder) and a debug level 7: **iec101-­slave-­c /etc/iec101-slave/iec101slave.json ­-d7** Additional output forming options are described here: Command line arguments. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/iec101-­slave start** ##### IEC 60870-­5­-101 command line debugging options ``` -h [ –help ] Display help information -V [ –version ] Show version -d Set debugging level -c [ –config ] Config path -r [ –raw ] Show raw telegram data -f [ –frame ] Show frame data -R [ –readyfile ] Ready notification file ``` # 14.4 IEC 60870-5-103 Master The IEC 60870-5-103 protocol is a companion standard for the informative interface of protection equipment. Standard IEC 60870-5-103 was prepared by IEC Technical Committee 57 (Power system control and associated communications). It is a companion standard for the basic standards in series IEC 60870-5: Standard IEC 60870-5-103 defines communication between protection equipment and devices of a control system (supervisor or RTU) in a substation. Standard IEC 60870-5-103 defines a multipoint communication protocol via exchanging information between a control system (supervisor or RTU) and one or more protection devices. The control system is the master and the protection devices are the slaves. Each slave is identified by a unique address between 1 and 254. Address 255 is reserved for broadcast frames. ### IEC 60870-5-103 Master ### Configuring datapoints WCC Lite supports IEC 60870-5-103 Master protocol over a serial link (according to EIA RS-485). Its full functionality list can be found in an [IEC 60870-5-103 PID Interoperability List](https://wiki.elseta.com/link/180#bkmrk-pid%27s). The IEC 60870-5-103 Master in WCC Lite has to be configured in Excel. This configuration contains two Excel sheets where parameters must be filled in - Devices and Signals. ##### IEC 60870-­5-­103 parameters for Devices tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a device Yes
description stringDescription of a device No
device\_alias stringAlphanumeric string to identify a device Yes
enablebooleanEnabling/disabling of a device No101
protocolstringProtocol to be used Yes IEC 60870­-5-103 master
devicestring Communication port Yes PORT1 PORT2
baudrateintegerCommunication speed (bauds/s) No 9600 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication No 8 8
stopbitsintegerStop bit count for communication No 1 1 2
paritystring Communication parity option No none none, even, odd
flowcontrolstring Number of requests, before the link is considered lost (device status signals are changed) and reconnect attempt will be issued No none none
link\_addressintegerDestination address when in transmit and source address when broadcastingYes 065535
asdu\_addressintegerApplication Service Data Unit addressYes 065535
time\_sync\_interval\_secintegerThe time frame between Time Synchronization requests in seconds. If 0 requests are disabled. No60
gi\_interval\_secintegerThe time frame between General Interrogation requests in seconds if 0 requests are disabledYes300
scan\_rate\_msintegerPolling interval in milliseconds. The time frame between two telegrams from the master. No100
timeout\_msintegerResponse timeout in milliseconds No 1000
serial\_delayintegerCommunication device’s serial delay in milliseconds. Time frame in which the master station is not TX’ing after the last RX byteNo50
retry\_countintegerNumber of retries of failed requests before announcing that the device is in Error state No3
retry\_delay\_msintegerTime before the next retry in millisecondsNo500
reset\_command\_typestringThe user can choose the reset command type between FCB and CU.NoFCBFCBCU
##### IEC 60870­-5-­103 master parameters for Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_name stringUser-friendly signal name Yes
device\_alias stringAlphanumeric string to identify a device Yes
signal\_alias stringUnique alphanumeric name of the signal to be Yes used Yes
source\_device\_alias stringdevice\_alias of a source device For commands
source\_signal\_alias stringsignal\_alias of a source signal For commands
enablebooleanEnabling/disabling of an individual signal No101
log integerAllow signal to be logged. If the **log is 0, the signal** will not be logged. If the **log is more than 0** signal will be logged No0
gibooleanIncluding/excluding (1 or 0) signals from General InterrogationNo001
common\_addressintegerAddress of a destination deviceYes
functionintegerFunction numberNo0
info\_addressintegerInformation object addressYes
info\_numberintegerInformation numberYes
data\_typeintegerASDU type identifierNo0
0, 1, 2, 3, 4, 9, 20
fleetingbooleanMark the signal as a fleeting type (1 or 0). Fleeting signals have to go to DPI::OFF after a defined timeNo 01
normalise\_time\_msintegerTime in milliseconds between station receiving DPI::ON and automatically switching to DPI::OFFIf fleeting is used 100
periodic\_update\_msintegerSignal value is published periodically according to the value set.No---
##### Device status signals
IEC 60870-­5-­103 has an additional signal which can be configured to show communication status. It indicates if the slave device has disconnected from the master (WCC Lite). To configure such signal for IEC 60870-­5-­103 protocol, job\_todo and tag\_job\_todo fields with string values are required. For IEC 60870-­5-­103 master required parameters for the status signal will be: **signal\_name** **device\_alias, signal\_alias, common\_address, info\_address, info\_number, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ### Debugging an IEC 60870-5-103 Master application If the configuration for IEC 60870-5-103 devices is set up, the handler for the protocol will start automatically. If a configuration is missing parameters or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. If IEC 60870-5-103 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command-line interface and find out why the link is not functioning properly or use WCC Utility to do that. To launch a debugging session, a user should stop the iec103-master process and run the iec103-master command with respective flags. - Step 1: Service must be stopped by entering the following command into the WCC Lite: **/etc/init.d/iec103-­master stop** - Step 2: After the service is stopped it must be started with the preferred configuration file (JSON files found in /etc/ folder) and a debug level 7: **iec103-­master ­-c /etc/iec103-master/iec103-­master.json -­d7** - Step 3: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/iec103-­master start** ##### IEC 60870-­5­-103 command line debugging options ``` -h [ –help ] Display help information -V [ –version ] Show version -d Set debugging level -c [ –config ] Config path -r [ –raw ] Show raw telegram data -f [ –frame ] Show frame data -R [ –readyfile ] Ready notification file ``` # 14.5 IEC 60870-5-104 Master IEC 60870-5-104 protocol (in short IEC 104) is a part of IEC Telecontrol Equipment and Systems Standard IEC 60870-5 that provides a communication profile for sending basic telecontrol messages between two systems in electrical engineering and power system automation. Telecontrol means transmitting supervisory data and data acquisition requests for controlling power transmission grids. IEC 104 provides network access to IEC 60870-5-101 (in short IEC 101) using standard transport profiles. In simple terms, it delivers IEC 101 messages as application data (L7) over TCP, usually port 2404. IEC 104 enables communication between the control station and a substation via a standard TCP/IP network. The communication is based on the client-server model.

To set up TLS connection for both IEC104 Master and Slave, refer to sections Excel configuration and Certificates. All keys and certificates should be provided in the PEM format.

If no configuration is set up, IEC104 Master and Slave services are not started.

#### Configuring IEC 104 Master data points To use IEC 60870-­5-­104 Master in WCC Lite, it has to be configured via an Excel configuration. This configuration contains two Excel sheets where parameters have to be filled in ­ Devices and Signals. ##### IEC 60870­-5-­104 Master parameters for *Devices* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a device Yes
description stringDescription of a device No
device\_alias stringAlphanumeric string to identify a device Yes
enablebooleanEnabling/disabling of a device No101
protocolstringProtocol to be used Yes IEC 60870­-5-104 master
asdu\_addressintegerApplication Service Data Unit addressYes 065535
asdu\_sizeintegerCommon address size in bytesNo212
time\_sync\_interval\_secintegerThe time frame between Time Synchronization requests in secondsYes60
gi\_interval\_secintegerThe time frame between General Interrogation requests in seconds. If 0 requests are disabled Yes300
portintegerTCP portYes 065535
ioa\_sizeintegerInformation object address (IOA) size in bytesNo313
swtintegerSend window (k)Yes
rwtintegerReceive window (w)Yes
cot\_sizeintegerCause of transmission (COT) size in bytesNo213
ipstringHost IP address (ipv4)Yes
t1\* integerAcknowledge timeout t1 (sec)Yes151255
t2\*integerConnection ACKRSN clock t2 (sec)Yes101254
t3\*integerConnection TESTFR clock t3 (sec)Yes201
172800
originatorintegerProvides a means for a controlling station to explicitly identify itselfNo00255
\* - t1, t2 and t3 parameters must meet the inequality: t2<t1<t3. ##### IEC 60870­-5-­104 Master parameters for *Signals*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_name stringUser-friendly signal name Yes
device\_alias stringAlphanumeric string to identify a device Yes
signal\_alias stringUnique alphanumeric name of the signal to be Yes used Yes
source\_device\_alias stringdevice\_alias of a source device For commands
source\_signal\_alias stringsignal\_alias of a source signal For commands
enablebooleanEnabling/disabling of an individual signal No101
log integerAllow signal to be logged. If the **log is 0, the signal** will not be logged. If the **log is more than 0, the** signal will be logged No0
gibooleanIncluding/excluding (1 or 0) signals from General InterrogationNo001
common\_addressintegerAddress of a destination deviceYes
functionintegerFunction numberNo0
info\_addressintegerInformation object addressYes
data\_typeintegerASDU type identifierYes
1, 3, 5, 9, 11, 13, 21, 30, 31, 32, 34, 35, 36, 45, 46, 47, 48, 49, 50, 58, 59, 60, 61, 62, 63
select\_msintegerTime limit in milliseconds for command execution. Command selection has to be performed before execution if this parameter is specified. Direct command execution can be performed only if this field is left empty or set to zero.No0
periodic\_update\_msintegerSignal value is published periodically according to the value set.No---
##### Device status signals
IEC 60870-­5-­104 has an additional signal which can be configured to show communication status. It indicates if the slave device has disconnected from the master (WCC Lite). To configure such signal for IEC 60870-­5-­104 protocol, job\_todo and tag\_job\_todo fields with string values are required. For IEC 60870-­5-­104 master required parameters for the status signal will be: **signal\_name** **device\_alias, signal\_alias, common\_address, info\_address, data\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ### Debugging an IEC 60870-5-104 Master application If the configuration for IEC 60870-5-104 devices is set up, the handler for the protocol will start automatically. If a configuration is missing parameters or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. If IEC 60870-5-104 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command-line interface and find out why the link is not functioning properly or use WCC Utility to do that. To launch a debugging session, a user should stop the *iec104-master* process and run the *iec104-master* command with respective flags. - Step 1: Service must be stopped by entering the following command into the WCC Lite: **/etc/init.d/iec104-­master stop** - Step 2: After the service is stopped it must be started with the preferred configuration file (JSON files found in /etc/ folder) and a debug level 7: **iec104-­master ­-c /etc/iec104-master/iec104-­master.json -­d7** - Step 3: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/iec104-­master start** ##### IEC 60870-­5­-104 command-line debugging options ``` -h [ –help ] Display help information -V [ –version ] Show version -d Set debugging level -c [ –config ] Config path -r [ –raw ] Show raw telegram data -f [ –frame ] Show frame data

­-e [ –redis ] Show redis message -R [ –readyfile ] Ready notification file ``` # 14.6 IEC 60870-5-104 Slave

Since firmware version 1.8.3, multiple signals with different data types can have the same ioa address.

IEC 60870-5-104 Slave is designed not to lose data acquired from Master protocols. The data that arrives from Master protocols is stored in the cache. This data is checked every second to manage further data sending. The data that leaves IEC 60870-5-104 Slave has output caches. They’re built to provide switching between multiple sessions (redundant SCADA). If a new connection arrives, the old one is dropped, but data, that is stored in a cache, not sent and not confirmed by SCADA is transferred to the new connection. #### Configuring IEC 104 Slave data points To use IEC 60870-­5­-104 Slave in WCC Lite, it has to be configured via an Excel configuration. This configuration contains two Excel sheets where parameters have to be filled in ­Devices and Signals. ##### IEC 60870-­5-­104 Slave parameters for *Devices* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a device Yes
description stringDescription of a device No
device\_alias stringAlphanumeric string to identify a device Yes
enablebooleanEnabling/disabling of a device No101
protocolstringProtocol to be used Yes IEC 60870­-5-104 slave
asdu\_sizeintegerCommon address size in bytesNo212
time\_syncbooleanEnable/disable (1 or 0) time synchronizationYes
portintegerTCP portNo2404065535
ioa\_sizeintegerInformation object address (IOA) size in bytesNo313
swtintegerSend window (SWT)No12
rwtintegerReceive window (RWT)No8
cot\_sizeintegerCause of transmission (COT) size in bytesNo213
hoststringSpace-separated remote host IP addresses (ipv4)Yes
bind\_addressstringBind to local IP address (ipv4)No0.0.0.0
t1 integerAcknowledge timeout t1 (sec)Yes151255
t2integerConnection ACKRSN clock t2 (sec), t2 should be less than t1 Yes101254
t3integerConnection TESTFR clock t3 (sec)Yes201172800
message\_sizebooleanThe maximum length of a messageYes2530255
cache\_sizeintegerAmount of data to be cachedYes10001000
tlsbooleanEnable/disable the use of TLSNo001
tls\_local\_certificatestringLocal certificate for TLS connectionYes (for TLS)
tls\_peer\_certificatestringCertificate authority file for TLS connectionNo
tls\_private\_keystringA file consisting of the private key for TLS connectionNo
command\_timeout\_msintegerTime to execute a command before responding negatively.No300000
command\_age\_msintegerThe amount of time shift allowed for the command to still be executed.No00
##### IEC 60870­-5­-104 Slave parameters for *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_name stringUser-friendly signal name Yes
device\_alias stringAlphanumeric string to identify a device Yes
signal\_alias stringUnique alphanumeric name of the signal to be Yes used Yes
source\_device\_alias stringdevice\_alias of a source device For commands
source\_signal\_alias stringsignal\_alias of a source signal For commands
enablebooleanEnabling/disabling of an individual signal No101
log integerAllow signal to be logged. If the **log is 0, the signal** will not be logged. If the **log is more than 0, the** signal will be logged No001
gibooleanIncluding/excluding (1 or 0) signals from General InterrogationNo001
common\_addressintegerAddress of a destination deviceYes
info\_addressintegerInformation object addressYes
data\_typeintegerASDU type id.Yes
1, 3, 5, 9, 11, 13, 21, 30, 31, 32, 34, 35, 36, 45, 46, 47, 48, 49, 50, 58, 59, 60, 61, 62, 63
select\_msintegerTime limit in milliseconds for command execution. Command selection has to be performed before execution if this parameter is specified. Direct command execution can be performed only if this field is left empty or set to zero.No0
periodic\_update\_msintegerSignal value is published periodically according to the value set.No---
##### Device status signals
IEC 60870-­5-­104 has an additional signal which can be configured to show communication status. It indicates if the master device has disconnected from the slave (WCC Lite). To configure such signal for IEC 60870-­5-­104 protocol, job\_todo and tag\_job\_todo fields with string values are required. For IEC 60870-­5-­104 slave required parameters for status, the signal will be **signal\_name** **device\_alias, signal\_alias, common\_address, info\_address, data\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. ### Debugging an IEC 60870-5-104 Slave application If the configuration for IEC 60870-5-104 devices is set up, the handler for the protocol will start automatically. If a configuration is missing parameters or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. If IEC 60870-5-104 does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command-line interface and find out why the link is not functioning properly or use WCC Utility to do that. To launch a debugging session, a user should stop the *iec104-slave* process and run the *iec104-slave* command with respective flags. - Step 1: Service must be stopped by entering the following command into the WCC Lite: **/etc/init.d/iec104-­slave stop** - Step 2: After the service is stopped it must be started with the preferred configuration file (JSON files found in /etc/ folder) and a debug level 7: **iec104-­slave ­-c /etc/iec104-slave/0\_0\_0\_0\_502.json -­d7** (0\_0\_0\_0 - bind\_address, 502 - port) - Step 3: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/iec104-­slave start** ##### IEC 60870-­5­-104 command-line debugging options ``` -h [ –help ] Display help information -V [ –version ] Show version -d Set debugging level -c [ –config ] Config path -r [ –raw ] Show raw telegram data -f [ –frame ] Show frame data

­-e [ –redis ] Show redis message -R [ –readyfile ] Ready notification file ``` # 15 IEC 61850 # 15.1 Introduction IEC 61850 is an international standard defining communication protocols for intelligent electronic devices at electrical substations. It is a part of the International Electrotechnical Commission’s (IEC) Technical Committee 57 reference architecture for electric power systems. The abstract data models defined in IEC 61850 can be mapped to several protocols. Possible mappings in the standard can be MMS (Manufacturing Message Specification), GOOSE (Generic Object Oriented Substation Event), and SMV (Sampled Measured Values). These protocols can run over TCP/IP networks or substation LANs using high-speed switched Ethernet to obtain the necessary response times below four milliseconds for protective relaying.

As of version v1.5.0, WCC Lite supports MMS-type messaging. Logging and group setting services are not supported.

# 15.2 IEC 61850 Server WCC Lite can act as an IEC 61850 server to serve data to remote SCADA systems. For example, WCC Lite can be used to acquire data from various protocols (Modbus, IEC 60870-5-103, etc.), this data can be redirected and propagated further to a single or multiple IEC 61850 clients. IEC 61850 Server supports TCP and TLS connection types. TCP connection can be secured with password authentication. #### Commands WCC Lite **IEC 61850 Server** implementation defines four command types which are described by their control model: - **Case 1**: Direct control with normal security (direct-operate); - **Case 2**: SBO control with normal security (operate-once or operate-many); - **Case 3**: Direct control with enhanced security (direct-operate); - **Case 4**: SBO control with enhanced security (operate-once or operate-many). Normal security commands are considered for execution if the command signal is found in Excel configuration. There aren’t any additional checks in command execution in any master protocol. Enhanced security commands need feedback from the master protocol to either succeed or fail. If feedback is not received within the **command\_ack\_timeout\_ms** timeframe, the command is considered failed. Command value attributes (e.g. stVal) must be updated separately (if they need to be updated).

When using SBO commands, select is not routed to the master protocol and select logic is performed only in IEC 61850 Server protocol.

#### Configuring data points To use the IEC 61850 Server in WCC Lite, it has to be configured via an Excel configuration and the data model must be uploaded. This configuration contains two Excel sheets where parameters have to be filled in - Devices and Signals. If a few devices were to connect to a server using the same virtual port, all of the IP addresses have to be specified on the host field separated by space. That way all of the clients will be able to connect from different IP addresses but using the same port as long as they all have the same subnet address. ##### IEC 61850 Server parameters for Devices tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a deviceYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be usedYes IEC 61850 Server
bind\_addressstring (IP address format)The IP address of an interface to use with the serverNo0.0.0.0
hoststring (IP address format)IP address list of allowed IPs (separated with spaces) Yes
portintegerTCP communication port No102
authstringAuthorization type Yes “NONE”, “PASSWORD”, “TLS”
passwordstringAuthorization password for server device Yes ( for PASSWORD)
tls\_local\_certificatestringLocal certificate for TLS connection Yes (for TLS)
tls\_peer\_certificatestringCertificate authority file for TLS connectionYes (for TLS)
tls\_private\_keystringA file consisting of the private key for TLS connectionYes (for TLS)
ied\_namestringName of an Intelligent Electronic DeviceYes
originatorstringOrigin identification for the deviceNo
model\_filenamestringThe filename of the server model, without the .server extensionYes
command\_ack\_timeout\_ms integerTimeframe (ms) in which enhanced security commands must be acknowledged (Default: 3000) No3000
report\_buffered\_sizeintegerReport control blocks buffer size in bytes (Default: 65536) No65536
report\_unbuffered\_sizeintegerUnbuffered report control blocks buffer size in bytes (Default: 65513) No65513
##### IEC 61850 Server parameters for Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logbooleanAllow signal to be logged. If the **log is 0 signal** will not be logged. If the **log is more than 0** signal will be loggedNo0
number\_typestringNumber format type (BOOLEAN, FLOAT, INT16, etc.)Yes BOOLEAN, INT8, INT16, INT32, INT64, INT128, INT8U, INT24U, INT32U, FLOAT32, FLOAT64, ENUMERATED, OCTET STRING 64, OCTET STRING 6, OCTET STRING 8, VISIBLE STRING 32, VISIBLE STRING 64, VISIBLE STRING 65, VISIBLE STRING 129, VISIBLE STRING 255, UNICODE STRING 255, TIMESTAMP, QUALITY, CHECK, CODEDENUM, GENERIC BITSTRING, CONSTRUCTED, ENTRY TIME, PHYCOMADDR, CURRENCY, OPTFLDS, TRGOPS
ld\_instancestringAn instance of a logical deviceYes
ln\_classstringLogical node class typeYes
ln\_instanceintegerAn instance of a logical node No
ln\_prefixstringPrefix of logical node stringNo
cdcstringCommon Data Class (CDC) nameYes SPS, DPS, INS, ACT, ACD, SEC, MV, CMV, WYE, DEL, SEQ, SPG, ING, ASG, ENS, ENG
data\_objectstringName of a data object in the datasetYes
da\_valuestringName of a data attribute value nodeYes
da\_fcstringFunctional constrain for data objectYes ST, MX, CO, SP
control\_modelstring Model of output control Yes (for commands) read-onlyread-only, direct-with-normal-security, sbo-with-normal-security, direct-with-enhanced-security, sbo-with-enhanced-security
##### Device status signals
IEC 61850 has an additional signal which can be configured to show communication status. It is used to indicate if the client device has disconnected from the server (WCC Lite). To configure such a signal for the IEC 61850 protocol, job\_todo and tag\_job\_todo fields with string values are required. For the IEC 61850 server required parameters for the status signal will be **signal\_name** **device\_alias, signal\_alias, number\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. #### Converting and uploading data model To use the IEC61850 Server protocol in WCC Lite, the user must upload a data model in a specific format (file extension .server). These data models can be converted from SCL files (.icd, .cid or .scd files). To convert a data model, the user must use WCC Excel Utility. There’s a separate tab for this operation as shown in the picture below. [![image-1670582144161.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670582144161.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670582144161.png) The converted file can be uploaded in the WCC Lite web interface, Protocol Hub section. The current model can be also downloaded on the same page as shown in the picture below. [![image-1670583136986.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670583136986.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670583136986.png) #### Debugging an IEC 61850 server application If the configuration for the IEC 61850 Server is set up, a handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage.

If the IEC 61850 Server does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly.

To launch a debugging session, a user should stop `iec61850-server` process and run` iec61850-server` command with respective flags as you can see below:

``` iec61850-server ``` ```iec61850-server -h [--help] Show help message -c [--config] arg Configuration file location -V [--version] Show version -d [--debug] arg Set Debug level -r [--redis] Show Redis messages -C [--commands] Show command messages -R [--readyfile] arg Ready notification file ``` # 15.3 IEC 61850 Client WCC Lite can be used as a master station to collect data from IEC 61850 compatible server devices such as protection relays. As relays require fast, secure and responsive interfaces, WCC Lite can be considered as a valid option. For additional security, a user can use encrypted transmission (TLS) or set up a password.

As TCP (TLS) connection can encounter issues and break, automatic reconnection is implemented. After every failed reconnection attempt the fallback delay is doubled starting from 1 second up until 32 seconds. After that connection reestablishment will be attempted every 32 seconds until a successful connection.

#### Acquiring data via report control blocks As per the IEC 61850 standard, the report control block controls the procedures that are required for reporting values of data objects from one or more logical nodes to one client. Automatic reporting enables data servers (slave devices) to only send data on its (or its quality) change, thus saving network bandwidth. Instances of report control blocks are configured in the server at configuration time. Report control blocks send information that is defined in their respective datasets. The dataset is a set of data elements grouped to represent some data group. For example, it is a common practice to group measurements and events into different groups. A server restricts access to an instance of a report control block to one client at a time. That client exclusively shall own that instance and shall receive reports from that instance of report control blocks. There are two classes of report control blocks defined, each with a slightly different behaviour: - buffered-report-control-block (BRCB) - internal events (caused by trigger options data-change, quality-change, and data-update) issue immediate sending of reports or buffer the events (to some practical limit) for transmission, such that values of the data object are not lost due to transport flow control constraints or loss of connection. BRCB provides the sequence-of-events (SOE) functionality; - unbuffered-report-control-block (URCB) - internal events (caused by trigger options data-change, quality-change, and data-update) issue immediate sending of reports on a best efforts basis. If no association exists, or if the transport data flow is not fast enough to support it, events may be lost. Buffered report control blocks are therefore useful to keep event data, for example, keeping the last known state of a relay switch where a loss of information might lead to confusion and even financial losses. Unbuffered report control blocks are particularly useful for data which is useful only momentarily, e.g. measurements of voltages, current or power. This information can change frequently and old measurements might not reflect the real state of a substation. To allow multiple clients to receive the same values of data objects, multiple instances of the report control classes shall be made available. Buffered report control blocks are usually configured to be used by a specific client implementing a well-defined functionality, for example, a SCADA master. The client may know the ObjectReference of the BRCB by configuration or by the use of a naming convention. Parsing of report control blocks is based on types of Common Data Classes (CDC). Some of these types can have more than one data point of interest. The table below shows what data attributes are supported by various Common Data Classes. To select which data attribute should be used a `da_value` column should be filled with a data attribute name. Common Data Classes consist of data attributes with different Functional Constraints therefore to get the status points of interest correctly the user must fill in the correct value in `da_fc` the column. IEC 61850 Client-supported data attributes:
Common Data ClassFunction ConstraintData attributes
SPS DPS INS ENS STstVal
ACTSTgeneral phsA phsB phsC neut
ACDSTgeneral dirGeneral phsA dirPhsA phsB dirPhsB phsC dirPhsC neut dirNeut
MVMXinstMag mag
CMVMXinstCVal cVal
SAVMXinstMag
SPC DPC INC ENC STstVal
BSC ISC STvalWTr
APC BAC MXmxVal
Some of the data attributes are structures themselves, for example, `mag` attribute is a struct that can hold integer or float values. To select a fitting attribute the user should extend `da_value` parameter with additional attributes, for example, if float magnitude value is to be selected from MV Common Data Class, `da_value` column should be filled with `mag.f` value; if the user intends `cVal` magnitude value in float format from CMV Common Data Class, `da_value` should be filled with `cVal.mag.f` value. See IEC 61850-7-3 for more information about Common Data Classes. To ensure the integrity of configuration, WCC Lite has additional checks implemented at configuration time. If the report control block (or its dataset) with a predefined ObjectReference doesn’t exist, it is considered that IEC 61850 Client has not been configured properly or configuration has been changed in either of IEC 61850 devices and cannot be matched, therefore should be considered invalid. Controlling remote equipment via commands The control model provides a specific way to change the state of internal and external processes by a client. The control model can only be applied to data object instances of a controllable Common Data Class (CDC) whose ctlModel DataAttribute is not set to status - only. Such data objects can be referred to as control objects. If controls are enabled in an IEC 61850 Server device the user can configure controls by filling the control\_model column in Excel configuration with a control model (*direct-with-normal-security, sbo-with-normal-security, direct-with-enhanced-security, sbo-with-enhanced-security*) as well as setting functional constraint in `da_fc` column to CO. Depending on the application, different behaviours of a control object shall be used. Therefore, different state machines are defined. Four cases are defined: - **Case 1**: Direct control with normal security (direct-operate); - **Case 2**: SBO control with normal security (operate-once or operate-many); - **Case 3**: Direct control with enhanced security (direct-operate); - **Case 4**: SBO control with enhanced security (operate-once or operate-many). IEC 61850 standard enables the user to plan command transmission - set the timer when the command should be issued. However, as this possibility is rarely used in practice, it is not implemented as of version v1.8 All issued commands are executed immediately. For more information on the control class model, please consult the IEC 61850-7-2 standard. If ctlModel is read-only, messages from the internal database will be ignored for this point, otherwise, a subscribe callback will be launched to handle commands as soon as they are sent. If the CDC of a signal does not have a means of control, the ctlModel parameter is ignored. Originator identification can be attached to a station so that replies to command requests can be forwarded to only one device. To use this functionality a user should select an origin identifier by filling value in the Excel configuration, originator column. The originator category is always enforced to tell that a remote control command is issued. #### Configuring datapoints To use the IEC 61850 Client in WCC Lite, it has to be configured via an Excel configuration. This configuration contains two Excel sheets where parameters have to be filled in - Devices and Signals tables. ##### Table IEC 61850 Client parameters for *Devices* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-friendly name for a deviceYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be usedYes IEC 61850 Client
hoststring (IP address format)The IP address of server device Yes
portintegerTCP communication port Yes102
authstringAuthorization type Yes none, password, tls
passwordstringAuthorization password for server device Yes (for PASSWORD)
tls\_local\_certificatestringLocal certificate for TLS connection Yes (for TLS)
tls\_peer\_certificatestringCertificate authority file for TLS connectionYes (for TLS)
tls\_private\_keystringA file consisting of the private key for TLS connectionYes (for TLS)
ied\_namestringName of an Intelligent Electronic DeviceYes
originatorstringOrigin identifier for the device No
model\_filenamestringThe filename of the client model uploaded to WCC (must contain .client extension) Yes
##### Table IEC 61850 Client parameters for *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logbooleanAllow signal to be logged. If the **log is 0 signal** will not be logged. If the **log is more than 0** signal will be loggedNo0
number\_typestringNumber format type Yes
BOOLEAN, INT8, INT16, INT32, INT64, INT128, INT8U, INT24U, INT32U, FLOAT32, FLOAT64, ENUMERATED, OCTETSTRING6, OCTETSTRING8, OCTETSTRING64, VISIBLESTRING32, VISIBLESTRING64, VISIBLESTRING65, VISIBLESTRING129, VISIBLESTRING255, UNICODESTRING255, TIMESTAMP, QUALITY, CHECK, CODEDENUM, GENERICBITSTRING, CONSTRUCTED, ENTRYTIME, PHYCOMADDR, CURRENCY, OPTFLDS, TRGOPS
ld\_instancestringAn instance of a logical deviceYes
ln\_classstringLogical node class typeYes
ln\_instanceintegerAn instance of a logical node No
ln\_prefixstring, integerPrefix of logical node stringNo
cdcstringCommon Data Class (CDC) nameYes SPS, DPS, INS, ACT, ACD, SEC, MV, CMV, WYE, DEL, SEQ, SPG, ING, ASG, ENS, ENG
data\_objectstringName of a data object in the datasetYes
da\_valuestringName of a data attribute value nodeYes
da\_fcstringFunctional constrain for data objectYes ST, MX, CO, SP, SE
control\_modelstring Model of output control No read-onlyread-only, direct-with-normal-security, sbo-with-normal-security, direct-with-enhanced-security, sbo-with-enhanced-security
dataset string Full object reference of a dataset Yes
report\_control\_block string Full object reference of a report control block Yes
intgPd integer Integrity period in milliseconds No 0

It should be noted that ACT and ACD messages can only be parsed from the report if either only the ‘general’ attribute or all attributes attached to all three phases and neutral can be found in the report

##### Device status signals
IEC 61850 has an additional signal which can be configured to show communication status. It is used to indicate if the server device has disconnected from the client (WCC Lite). To configure such a signal for the IEC 61850 protocol, job\_todo and tag\_job\_todo fields with string values are required. For IEC 61850 client required parameters for the status signal will be: **signal\_name,** **device\_alias, signal\_alias, number\_type, job\_todo** and **tag\_job\_todo**. Job\_todo value must be *device\_status* and for tag\_job\_todo there are 4 variations: communication\_status, device\_running, device\_error, uknown\_error. Each signal has 4 possible values and is based on the same logic. If the signal returns the value of 0, it means an unknown error has appeared, 1 – device or protocol connection is on and working properly, 2 – device is off or protocol is disconnected, 3 – error or service is down. #### Configuration Configuration of IEC61850 Client for WCCLite is done via WCC Utility. Elseta WCC Utility has two IEC 61850 selections - IEC 61850 Config and IEC 61850 Excel: - **IEC 61850 Config** is used to create a configuration model file, which IEC 61850 Client service will use to parse reports from the server. - **IEC 61850 Excel** is used to generate Excel configuration files which in turn will be used to generate configuration .json via excel-utility. [![image-1670584678497.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670584678497.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670584678497.png) WCC Utility with IEC61850 selections ##### Generate model file To generate the IEC 61850 Client model file select “Client” in the drop-down selection tab. Then select where to output the generated model and upload a file with extensions .icd, .scd or .cid. [![image-1670585363191.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670585363191.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670585363191.png) Generate IEC 61850 Client model file ##### Generate excel file To generate the IEC 61850 Client Excel file select “Client” in the drop-down selection tab. Then select where to output the generated model upload file with extensions .icd, .scd or .cid. [![image-1670585447382.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670585447382.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670585447382.png) Generate IEC 61850 Client Excel file After generating the Excel file additional configuration information must be written in the devices sheet: - A valid host ip address must be provided. - An authorization method must be provided (if it is a complex authorization method, additional parameters might be required). - Model filename must be provided. The model filename must be the same as that was generated one step earlier (The model filename can include an extension, but it is not mandatory). [![image-1676877418592.png](https://wiki.elseta.com/uploads/images/gallery/2023-02/scaled-1680-/image-1676877418592.png)](https://wiki.elseta.com/uploads/images/gallery/2023-02/image-1676877418592.png) Excel configuration (Devices sheet) In the signals sheet, signals which are not used or needed can be removed. Their information might be modified as well. [![image-1670586268060.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670586268060.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670586268060.png)Signals sheet **Important!** Information such as ld\_instance and other data taken directly from SCD configuration files should not be modified, otherwise, access to info of these reports can be broken. ##### Uploading configuration First, upload the model configuration file. [![image-1689317512196.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689317512196.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689317512196.png) Uploading model configuration file After uploading the model configuration file it should appear under *the DOWNLOAD CONFIGURATION* tab. [![image-1689317540477.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689317540477.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689317540477.png) Uploaded IEC 6180 Client configuration file Then upload the Excel configuration (same as with every other protocol). [![image-1670586406773.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670586406773.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670586406773.png) Uploading excel configuration After successful configuration upload, both configurations should appear under the *DOWNLOAD CONFIGURATION* tab. If any errors occur during Excel upload, fix them along Excel utility guidelines. [![image-1670586443301.png](https://wiki.elseta.com/uploads/images/gallery/2022-12/scaled-1680-/image-1670586443301.png)](https://wiki.elseta.com/uploads/images/gallery/2022-12/image-1670586443301.png) Uploaded configurations #### IEC 61850 Client command line debugging options `iec61850-client` ``` -h [ –help ] Show help message -c [–config] arg Configuration file location -V [–version] Show version -d [–debug] arg Set debugging level -r [–redis] Show Redis messages -C [–commands] Show command messages -D [–datasets] Show dataset messages –report Show report messages -R [–readyfile] arg Ready notification file ```

If the IEC 61850 Client does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly.

To launch a debugging session, a user should stop `iec61850-client` process by running `/etc/init.d/iec61850-client stop` and run `iec61850-client` command with respective flags as was shown above.

# 16 Specific protocols – Aurora (ABB PV inverters protocol) – PowerOne (ABB PV inverters protocol) – SMA Net (SMA PV inverters protocol) – Kaco (Kaco PV inverters protocol) – Ginlong (Ginlong PV inverters protocol) – Solplus (Solutronic AG PV inverters protocol) – ComLynx (Danfoss PV inverters protocol) – Delta (Delta PV inverters protocol) – Windlog (Wind sensors from RainWise Inc.) – Vestas ( Wind turbines protocol) – VBus. # 16.1 At command ### Overview At command protocol is used for communications with AT Commands. ### Configuration ##### At command parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes at command
devicestringCommunication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity optionNononenone, even, odd
flowcontrolstringCommunication device flow control option.Nononenone
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsYes 060000
serial\_close\_delayintegerDelay before closing serial portNo400
##### At command parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
# 16.2 Aurora ### Overview The Aurora Protocol is a link layer communications protocol for use on point­-to-­point serial links. It is intended for use in high­speed (gigabits/second and more) connections internally in a computer or an embedded system. It uses either 8b/10b encoding or 64b/66b encoding. #### Aurora parameters for Device tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in configurationYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringSelection of protocolYes Aurora
baudrateintegerCommunication speed, bauds/s (See values 33.1.2)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity option (”none”/”even”/”odd”)NononeNone, Even, Odd
flowcontrolstringCommunication device flow control option.Nonone
scan\_rate\_msintegerIf provided and positive ­ all reads and writes will be executed within the timeframe in milliseconds.No10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout in millisecondsNo2500
idintegerInverter IDNo0
devicestringCommunication portYes PORT1PORT2
#### Aurora parameters for the Signals tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly device nameYes
device\_aliasstringDevice alias from a Devices tabYes
enableboolean Enabling/disabling of an individual signal No101
log integerEnable logging in the event log (Default: 0)No00
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
job\_todobooleanDefine tag­-functionYes
tag\_job\_todostringDefine tag action that depends on tag functionYes
number\_type
string
Type of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
pulse\_short\_time\_msintegerThe time interval for short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.3 COMLYNX ### Overview Comlynx protocol is used to communicate with Comlynx inverters over serial communication. ##### Comlynx parameters for *Device* tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in configurationYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringSelection of protocolYes Comlynx
addressintegerDevice addressNo1
subnetintegerSubnet addressNo0
networkintegerNetwork addressNo0
devicestringCommunication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No19200300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity option (”none”/”even”/”odd”)Nonone
flowcontrolstringCommunication device flow control option. (Default: (case-sensitive): ”none”)Nonone
scan\_rate\_msintegerIf provided and positive ­ all reads and writes will be executed within the timeframe in milliseconds.No10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout in millisecondsYes 060000
##### Comlynx parameters for the *Signals* tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly device nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logintegerAllow signal to be logged.No0
job\_todobooleanDefine tag­-functionYes
tag\_job\_todostringDefine tag action that depends on tag functionYes
number\_type
string
Type of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
pulse\_short\_time\_msintegerThe time interval for short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.4 Delta ### Overview Delta protocol is used to communicate with Delta inverters over serial communication. ### Configuration ##### Delta parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in configurationYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringSelection of protocolYes Delta
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity option (”none”/”even”/”odd”)NononeNone, Even, Odd
flowcontrolstringCommunication device flow control option. (Default: (case-sensitive): ”none”)Nonone
scan\_rate\_msintegerIf provided and positive ­ all reads and writes will be executed within the timeframe in milliseconds.No10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout in millisecondsYes 060000
idintegerInverter IDYes0
devicestringCommunication portYes PORT1PORT2
##### Delta parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.5 GINLONG ### Overview Ginlong protocol is used to communicate with Ginlong inverters over serial communication. ##### GINLONG parameters for *Device* tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in configurationYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringSelection of protocolYes Ginlong
baudrateintegerCommunication speed (bauds/s) (See values 33.1.2)No9600
300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity option (”none”/”even”/”odd”)NononeNone, Even, Odd
flowcontrolstringCommunication device flow control option. (Default: (case-sensitive): ”none”)Nonone
scan\_rate\_msintegerIf provided and positive ­ all reads and writes will be executed within the timeframe in milliseconds.No10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout in millisecondsNo2500
idintegerInverter IDYes0
devicestringCommunication portYes PORT1PORT2
##### GINLONG parameters for the Signals tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly device nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logintegerAllow signal to be logged.No0
job\_todostringDefine tag­-functionYes
tag\_job\_todostringDefine tag action that depends on tag functionYes
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
pulse\_short\_time\_msintegerThe time interval for short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.6 Kaco ### Overview This protocol is meant to be used by inverters that convert the DC power generated by the photovoltaic (PV) modules into AC power and feed this into the power grid.

This protocol handles serial communication parameters (baudrate, databits, stopbits, etc.) automatically.

### Configuration ##### Kaco parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes Kaco
scan\_rate\_msintegerAll reads and writes will be executed within the timeframe in milliseconds.No10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsYes2500060000
subidintegerInverter serial number displayYes0
ext\_deviceboolean0 ­- The inverter is connected directly 1 -­ Inverter is connected via remote terminalYes001
idintegerInverter serial numberYes
devicestringCommunication portYes PORT1PORT2
##### Kaco parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.7 POWERONE ### Overview PowerOne protocol is used to communicate with Aurora inverters over serial communication. Serial communication parameters (baudrate, parity, etc.) are handled automatically by the protocol. ### Configuration ##### PowerOne parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes powerone
serialnumberintegerInverter serial numberYes
type
string
Inverter type : - CU ­ Collecting unit - CB ­ Normal CB - HID ­ HID with integrated CB NoCUCU, CB, HID
device Communication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
scan\_rate\_msintegerDelay before closing serial port in millisecondsNo10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsYes1000060000
##### PowerOne parameters for *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay active No0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.8 SMA NET ### Overview SMA Net can transfer SMA Data, TCP/IP and many more telegrams due to its multi­protocol capability. Thus, it is the preferred telegram frame in case of new developments. ### Configuration ##### SMA NET parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes sma net
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity optionNononenone, even, odd
flowcontrolstringCommunication device flow control option.Nononenone
scan\_rate\_msintegerDelay before closing serial port in millisecondsNo10000
poll\_delay\_msinteger No200
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsNo2500
serial\_number
string
Inverter serial numberYes
device Communication portYes PORT1PORT2
serial\_close\_delayintegerDelay before closing serial portNo400
##### SMA NET parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay active No0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.9 SOLPLUS ### Overview Solplus protocol is used to download inverter data from Solplus inverters using an HTTP client. ### Configuration ##### Solplus parameters for *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes Solplus
scan\_rate\_msintegerAll reads and writes will be executed within the timeframe in millisecondsNo10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsNo2500060000
urlstringHTTP server location URLYes
##### Solplus parameters for *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.10 VBUS ### Overview Vbus is a protocol used for communication with solar station automation via serial link. ### Configuration ##### VBUS parameters for *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in configurationYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringSelection of protocolYes Vbus
slave\_addressintegerSlave device addressYes 0255
master\_addressintegerMaster device addressYes 0255
devicestringCommunication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity optionNononenone, even, odd
flowcontrolstringCommunication device flow control option.Nononenone
scan\_rate\_msintegerIf provided and positive ­ all reads and writes will be executed within the timeframe in milliseconds.No10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout in millisecondsNo2500060000
##### VBUS parameters for the *Signals* tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly device nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logintegerAllow signal to be logged.No00
job\_todo
string
Define tag­-functionYes
tag\_job\_todostringDefine tag action that depends on tag functionYes
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.11 VESTAS ### Overview Vestas is a protocol used for communication with solar station automation via serial link. ### Configuration ##### Vesta's parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in configurationYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringSelection of protocolYes Vestas
slave\_addressintegerSlave device addressYes 0255
master\_addressintegerMaster device addressNo00255
devicestringCommunication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity option (”none”/”even”/”odd”)Nononenone, even, odd
flowcontrolstringCommunication device flow control option. (Default: (case-sensitive): ”none”)Nonone
scan\_rate\_msintegerIf provided and positive ­ all reads and writes will be executed within the timeframe in milliseconds.No10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout in millisecondsNo
500
0
60000
##### Vesta's parameters for the *Signals* tab:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly device nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique alphanumeric name of the signal to be usedYes
enablebooleanEnabling/disabling of an individual signalNo101
logintegerAllow signal to be logged.No0
job\_todo
string
Define tag­-functionYes
tag\_job\_todostringDefine tag action that depends on tag functionYes
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay activeNo0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 16.12 Windlog ### Overview Windlog protocol is used for communications with the *Windlog data logger*. ### Configuration ##### Windlog parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes Windlog
devicestringCommunication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No115200300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity optionNononenone, even, odd
flowcontrolstringCommunication device flow control option.Nononenone
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsYes 060000
serial\_close\_delayintegerDelay before closing serial portNo400
##### Windlog parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
# 16.13 M-Bus ### Overview M-Bus or Meter-Bus is a protocol for the remote reading of water, gas, or electricity meters. M-Bus is also usable for other types of consumption meters, such as heating systems or water meters. The M-Bus interface is made for communication on two wires, making it cost-effective. M-bus over TCP is also supported. When configured, meters will deliver the data they have collected to a WCC Lite RTU that is connected at periodic intervals (scan\_rate\_ms) to read all utility meters. ### Configuration ##### M-Bus parameters for the *Device* tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
namestring User-friendly device nameYesYes
descriptionstringDescription of a deviceNoNo
device\_aliasstringAlphanumeric string to identify a deviceYesYes
enablebooleanEnabling/disabling a deviceNoNo101
protocolstringProtocol to be used.YesYes mbus serial, mbus tcp
scan\_rate\_msintegerAll reads and writes will be executed within the timeframe in milliseconds.NoNo10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.NoNo200
timeout\_msintegerTimeout of waiting for an incoming response in millisecondsYesYes 060000
addressstringDevice addressYesYes
devicestringCommunication port-Yes PORT1PORT2
baudrateintegerCommunication speed (baud/s) - No 9600 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication - No8 6 9
stopbitsintegerStop bit count for communication - No1 1 2
paritystring Communication parity option - Nonone none, even, odd
serial_close_delay
integerDelay before closing the serial connection.-No400
ipstringThe IP address of the TCP slave deviceYes-
portintegerTCP communication port Yes -065535
##### M-Bus parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
signal\_namestring User-­friendly signal name YesYes
device\_aliasstring Device alias from a Devices tab YesYes
signal\_aliasstring Unique alphanumeric name of the signal to be used YesYes
enableboolean Enabling/disabling of an individual signal NoNo10 1
loginteger Enable logging in the event log NoNo0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)YesYes
job\_todostring Tag job as single or multiple comma-separated OBIS codes YesYes
tag\_job\_todostringTag sub jobYesYes
# 16.14 KOSTAL ### Overview Kostal protocol is used to communicate with Kostal devices over serial communication. ### Configuration ##### Kostal parameters for the *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes kostal
idintegerKostal device idYes
device Communication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
databitsintegerData bit count for communicationNo869
stopbitsintegerStop bit count for communicationNo112
paritystringCommunication parity optionNononenone, even, odd
scan\_rate\_msintegerDelay before closing serial port in millisecondsNo10000
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.No200
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsYes 060000
##### Kostal parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of a number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Tag job as single or multiple comma-separated OBIS codes Yes
tag\_job\_todostringTag sub jobYes
pulse\_short\_time\_msintegerThe time interval for a short output pulse to stay active No0
pulse\_long\_time\_msintegerThe time interval for a long output pulse to stay activeNo0
# 17 Metering protocols - DLMS/COSEM - IEC 62056-21 - MBus Serial/TCP - Elgama (Meters based on IEC 62056-21 / 31 protocols) # 17.1 DLMS/COSEM ### Introduction **IEC 62056** is a set of standards for electricity metering data exchange by the [International Electrotechnical Commission](https://en.wikipedia.org/wiki/International_Electrotechnical_Commission "International Electrotechnical Commission"). The IEC 62056 standards are the [international standard](https://en.wikipedia.org/wiki/International_standard "International standard") versions of the DLMS/COSEM specification. **DLMS** or **Device Language Message Specification** (originally Distribution Line Message Specification),[\[1\]](https://en.wikipedia.org/wiki/IEC_62056#cite_note-1) is the suite of standards developed and maintained by the DLMS User Association (DLMS UA) and has been adopted by the IEC TC13 WG14 into the IEC 62056 series of standards. The DLMS User Association maintains a D Type liaison with IEC TC13 WG14 responsible for international standards for meter data exchange and establishing the IEC 62056 series. In this role, the DLMS UA provides maintenance, registration and compliance certification services for IEC 62056 DLMS/COSEM. **COSEM** or **Companion Specification for Energy Metering**, includes a set of specifications that defines the [transport](https://en.wikipedia.org/wiki/Transport_layer "Transport layer") and [application](https://en.wikipedia.org/wiki/Application_layer "Application layer") layers of the DLMS protocol. The DLMS User Association defines the protocols into a set of four specification documents namely Green Book, Yellow Book, Blue Book and White Book. The Blue Book describes the COSEM meter object model and the OBIS object identification system, the Green Book describes the architecture and protocols, the Yellow Book treats all the questions concerning conformance testing, and the White Book contains the glossary of terms. If a product passes the [conformance test](https://en.wikipedia.org/wiki/Conformance_test "Conformance test") specified in the Yellow Book, then a certification of DLMS/COSEM compliance is issued by the DLMS UA. The IEC TC13 WG14 groups the DLMS specifications under the common heading: "Electricity metering data exchange - The DLMS/COSEM suite". DLMS/COSEM protocol is not specific to electricity metering, it is also used for gas, water and heat metering. Source: [https://en.wikipedia.org/wiki/IEC\_62056](https://en.wikipedia.org/wiki/IEC_62056 "Wikipedia") ### DLMS Master #### Overview DLMS (Device Language Message Specification) is a suite of standards developed and maintained by the DLMS User Association. COSEM (Companion Specification for Energy Metering) includes a set of specifications that define the transport and application layers of the DLMS protocol. In DLMS/COSEM all the data in electronic utility meters and devices are represented using mapping them to appropriate classes and related attribute values. Objects are identified with the help of OBIS (Object Identification System) codes (as per IEC 62056-61). The DLMS driver allows only for readout and displaying only numeric values of DLMS object data fields. Connection via TCP (HDLC or WRAPPER) or serial (RS232/RS485) ports are supported. The setup of the DLMS driver consists of communication and tag configuration. Protocol-specific parameters (except for DLMS/IEC handshake mode) apply for both serial and IP connections. #### Configuration ##### Devices section **serial\_number**, **physical\_address** and **logical\_address** define the meter addressing parameters. Either **serial\_number** (meter serial number) or a combination of **physical\_address** and **logical\_address** is used. If a serial number is provided, physical and logical server addresses are ignored.

Before configuring the Device section it is best to first check the connection parameters with a 3rd party DLMS utility.

**client\_address** is defined in hex and usually depends on the authentication used. Most meters support hex 11 for no authentication. **type** defines the object referencing. SN should be used for short name referencing and LN for logical name referencing. **mode** defines the communications mode. If IEC is used along with comms settings for serial readout, the connection is initiated as per IEC 62056-21, at the default initial baud rate (300 7E1). DLMS-HDLC shall be used for HDLC connections via IP. DLMS-WRAPPER is also supported for IP connections. The default setting is DLMS-HDLC. **timeout\_ms** defines the reply timeout for telegrams both via serial and TCP. **auth** and **password** define the authentication mode and password. This can be set to None, or other authentication variant (see table below), depending on the mode configured and supported by the particular meter. **ip** and **port** define the IP address and TCP port for DLMS communication via IP.

Connection parameters are device-specific and can differ between makes, models and utility companies. For initial connection settings please refer to the configuration of the particular meter.

When ip and port are configured, any serial port settings are ignored and the connection is initiated only via IP.

Device configuration parameters for DLMS meters acquisition:
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
name stringUser-­friendly name for a device YesYes
descriptionstringDescription of a device NoNo
device\_aliasstringAlphanumeric string to identify a device YesYes
enablebooleanEnabling/disabling of a device NoNo101
protocolstringProtocol to be used YesYes DLMS
serial\_numberintegerMeter serial number NoNo0
physical\_addressintegerMeter's physical server address NoNo1600
logical\_addressintegerMeter logical server address NoNo0
address\_sizeintegerMeter address size in bytes NoNo114
client\_address integerClient address YesYes
typestringMeter object referencing: SN - short referencing, LN - logical referencing NoNoSNSN, LN
modestringInitial handshake mode. NoNoDLMS-­HDLCIEC, DLMS, DLMS-HDLC or DLMS­-WRAPPER
timeout\_msintegerTimeout in milliseconds NoNo2500
authstringAuthentication. NoNoNoneNone, Low, High, HighMd5, HighSha1, HighSha256, HighGmac, HighEcdsa
passwordstringPassword for authentication No (when auth is None)No (when auth is None)
ipstringIP address Yes-
portintegerTCP port Yes-
device Communication port -Yes PORT1PORT2
baudrateintegerCommunication speed (bauds/s) -No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication -No869
stopbitsintegerStop bit count for communication -No112
paritystringCommunication parity option -Nononenone, even, odd
flowcontrolstringCommunication device flow control option. -Nononenone
retry\_counterintegerNumber of requests, before the link is considered lost (device status signals are changed) and reconnect attempt will be issued NoNo3
scan\_rate\_msintegerIf provided and positive all reads and writes will be executed within the timeframe in milliseconds NoNo10000
reconnect\_timeintegerDefines how often (in milliseconds) the client will try to reestablish communication with the meter after an unsuccessful attempt. NoNo1000
##### Signals section DLMS configuration parameters creating signals:
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
signal\_namestring User-­friendly signal name YesYes
device\_aliasstring Device alias from a Devices tab YesYes
signal\_aliasstring Unique alphanumeric name of the signal to be used YesYes
enableboolean Enabling/disabling of an individual signal NoNo10 1
logboolean Enable logging in the event log NoNo00 1
short\_nameinteger Address of value to read (Short name). NoNo0
obis\_jobstring OBIS codes can be accompanied by an attribute index, eg.: 1.0.1.8.0.255:2. Objects of register and extended register types do not require indexes and the scalers are applied to values automatically (though they can still be used if attributes other than the value need to be read out). YesYes
#### Debugging the DLMS service If the configuration for DLMS devices is set up, the handler for the protocol will start automatically. If the configuration is missing or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. If DLMS does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command-line interface and find out why the link is not functioning properly. To launch a debugging session, a user should stop the dlms process and run the dlms command with respective flags as in the table shown below. Procedure for DLMS protocol service debugging: - **Step 1**: Service must be stopped by entering the following command into the WCC Lite: **/etc/init.d/dlms stop** - **Step 2**: After service is stopped it must be started with the preferred configuration file (JSON files found in /etc/dlms folder) and a debug level 7: **dlms ­-c /etc/dlms/dlms.json ­-d7 --dlms** Additional output forming options described in the table below. - **Step 3**: Once the problem is diagnosed normal operations can be resumed with the following command: **/etc/init.d/dlms start** DLMS command line debugging options
Option Description
­-h \[ –-help \] Display help information
­-V \[ –-version \] Show version
-p \[ -–port \]­Show output for one port only
­-d <debug level>Set debugging level
-­c \[ –-config \] Config path
# 17.2 IEC 62056-21 ### Introduction **IEC 61107, currently** IEC 62056-21, was an international standard for a computer [protocol](https://en.wikipedia.org/wiki/Communications_protocol "Communications protocol") to read utility meters. It is designed to operate over any media, including the [Internet](https://en.wikipedia.org/wiki/Internet "Internet"). A meter sends [ASCII](https://en.wikipedia.org/wiki/ASCII "ASCII") (in modes A..D) or [HDLC](https://en.wikipedia.org/wiki/HDLC "HDLC") (mode E) data to a nearby hand-held unit (HHU) using a [serial port](https://en.wikipedia.org/wiki/Serial_port "Serial port"). The physical media are usually either modulated light, sent with an [LED](https://en.wikipedia.org/wiki/LED "LED") and received with a [photodiode](https://en.wikipedia.org/wiki/Photodiode "Photodiode"), or a pair of wires, usually modulated by a 20mA [current loop](https://en.wikipedia.org/wiki/Current_loop "Current loop"). The protocol is usually [half-duplex](https://en.wikipedia.org/wiki/Duplex_(telecommunications) "Duplex (telecommunications)"). The following exchange usually takes a second or two and occurs when a person from the utility company presses a meter-reading gun against a transparent faceplate on the meter or plugs into the metering bus at the mailbox of an apartment building. The general protocol consists of a "sign on" sequence, in which a handheld unit identifies itself to the metering unit. During sign-on, the handheld unit addresses a particular meter by number. The meter and hand-held unit negotiate various parameters such as the maximum frame length during transmission and reception, whether multiple frames can be sent without acknowledging individual frames ([windowing](https://en.wikipedia.org/wiki/Flow_control_(data) "Flow control (data)")), the fastest communication rate that they can both manage (only in case of mode E switching to HDLC) etc. Next, the meter informs the handheld unit about the various parameters that are available with it in various security settings viz. the 'no-security logical group', ' the low-security logical groups' and ' the high-security logical groups'. If the parameter required is in the no-security group, just a get.request will provide the HHU with the desired response. If the parameter required is in the low-security group, a password authentication of the HHU is required before information can be read. In the case of high-security parameters, the meter challenges the handheld unit with a cryptographic password. The handheld unit must return an encrypted password. If the password exchange is correct, the meter accepts the handheld unit: it is "signed on." After signing on, the handheld unit generally reads a meter description. This describes some registers that describe the current count of metered units (i.e. kilowatt hours, megajoules, litres of gas or water) and the metering unit's reliability (is it still operating correctly?). Occasionally a manufacturer will define a new quantity to measure, and in this case, a new or different data type will appear in the meter definition. Most metering units have special modes for calibration and resetting meter registers. These modes are usually protected by anti-tampering features such as switches that sense if the meter enclosure has been opened. The HHU may also be given limited rights to set or reset certain parameters in the meter. The handheld unit then sends a sign-off message. If no sign-off message is sent, the meter automatically signs off after a previously negotiated time interval after the last message. Source: [https://en.wikipedia.org/wiki/IEC\_62056#IEC\_62056-21](https://en.wikipedia.org/wiki/IEC_62056#IEC_62056-21 "Wikipedia") ### Overview The IEC 62056-21 standard defines protocol specifications for local meter data exchange. Data is read out via serial port in modes A, B or C. The default initial serial port settings are 300 bps 7E1, as per standard, but can be user-configured. The driver implementation additionally allows for communication via TCP/IP, which is not described in the standard. In this case, baud rate acknowledgement is allowed however actual switchover between baud rates is not possible. **Mode A**: data is requested and read out at the configured baud rate. **Mode B**: data is requested at the configured baud rate and mutually switched to the baud rate proposed by the meter. Baud rate confirmation is absent. **Mode C**: data is requested at the configured baud rate, a new baud rate is proposed by the meter and, if acknowledged, data is read out at the proposed baud rate. Currently, data readout is supported in modes A, B and C. For data readout, it is necessary to know the port settings and the format of OBIS code representation as they can slightly differ (see table) depending on the configuration of the meter. ### Configuration #### Device section The serialnumber defines the serial number of the meter. 0 (zero) will result in a ’/?!’ handshake string and may cause issues if more than one meter is wired to the serial port. The baudrate defines the initial connection baud rate. In modes B and C this will be switched to whatever baud rate is proposed by the meter. The meter\_model defines the meter profile. This is reserved for future use and should be set to 1. type defines the connection mode. Modes A, B and C are supported.

If **ip** or **port** parameters are configured, any serial port settings are ignored and connections are initiated via TCP.

Serialnumber, manufacturer-specific, 32 characters maximum. The characters can be digits (0...9), upper-case letters (A...Z), lower-case letters (a...z), or spaces ( ). Upper and lower case letters and the space character are unique\*. Leading zeros shall not be evaluated. This means that all leading zeros in the transmitted address are ignored and all leading zeros in the tariff device address are ignored (i.e. 10203 = 010203 = 000010203).

IEC 62056-21 device configuration parameters:
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
name stringUser-friendly name for a device YesYes
description stringDescription of a device NoNo
device\_alias stringAlphanumeric string to identify a device YesYes
enablebooleanEnabling/disabling of a device NoNo101
protocolstringProtocol to be used YesYes IEC 62056-21
poll\_delay\_msintegerMinimum time delay in milliseconds to wait before sending any data on port.NoNo200
scan\_rate\_msinteger NoNo10000
devicestringCommunication port-Yes PORT1PORT2
baudrateinteger Communication speed (bauds/s) -No
9600
300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
databitsintegerData bit count for communication-No869
stopbitsintegerStop bit count for communication-No112
paritystringCommunication parity option-NoNONENONE, EVEN, ODD
flowcontrolstringCommunication device flow control option-No NONE
serialnumberunsigned longMeter serial numberYesYes 1
serial\_close\_delayintegerDelay before closing serial port-No400
timeout\_msintegerTimeout of waiting for incoming requestNoNo2500
typestringDefines a connection modeNoNoCA, B, C
t2integerTime to wait before acknowledging the suggested baud rate in mode CNoNo3002001500
ipstringThe IP address for TCP connectionYes -
portintegerTCP portYes - 065535
protocol\_control\_charintegerProtocol control characterNoNo009
mode\_control\_charintegermode control characterNoNo009
#### Signals section **tag\_job\_todo** defines the job sub-job. This field should contain the exact representation of the OBIS code as it is configured in the meter. E.g. if the parameter of interest is represented as ”1.8.0\*24(0147238.4\*kWh)”, the value of the configuration field should be ”1.8.0\*24” (excluding quotation marks). IEC 62056-21 tags configuration parameters:
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
TCPRTUMinMax
signal\_namestringUser­-friendly signal nameYesYes
device\_aliasstringDevice alias from a Devices tabYesYes
signal\_aliasstring Unique alphanumeric name of the signal to be usedYesYes
enableboolean NoNo101
logintegerAllow signal to be logged. If the **log is 0 signal** will not be logged. If the **log is more than 0** signal will be loggedNoNo00
number\_typestringNumber format typeYesYes
job\_todo stringTag job in OBIS format YesYes
tag\_job\_todo stringTag job in OBIS format (the same as in job\_todo) YesYes

For **tag\_job\_todo** configuration, it is best to first manually read the meter via PC or HHU (hand-held unit) to determine the exact OBIS representation format of the parameter as they can differ between meter manufacturers and utility companies.

# 17.3 Elgama ### Overview Elgama protocol is used for communications with *Elgama elektronika* electricity meters. ### Configuration Available meter types (use number only): - 0 ­ EPQM/LZQM - 1 ­ EPQS - 2 ­ GAMA300 - 3 ­ GAMA100 - 4 ­ ITS cl ##### Elgama parameters for *Device* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device nameYes
descriptionstringDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used.Yes Elgama
devicestringCommunication portYes PORT1PORT2
baudrateintegerCommunication speed (bauds/s)No9600300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600,115200
serial\_close\_delayintegerDelay before closing serial port in millisecondsNo400
timeout\_msintegerTimeout of waiting for incoming requests in millisecondsYes
idintegerMeter serial numberYes
meter\_modelintegerMeter type Yes 04
use\_timebooleanUse system/meter (0/1) time (Default: 0)No001
##### Elgama parameters for the *Signals* tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestring User-­friendly signal name Yes
device\_aliasstring Device alias from a Devices tab Yes
signal\_aliasstring Unique alphanumeric name of the signal to be used Yes
enableboolean Enabling/disabling of an individual signal No10 1
loginteger Enable logging in the event log No0
number\_typestringType of number (FLOAT, DOUBLE, DIGITAL, etc.)Yes
job\_todostring Elgama protocol-specific data set values (see files below)Yes
tag\_job\_todostringTag sub jobYes
## Files 1. Example configuration file for Elgama protocol data mapping [download](https://wiki.elseta.com/attachments/544) # 18 Excel Configuration Protocol HUB uses the configuration in excel file format. Each sheet represents a specific part of the configuration: Devices contain device lists and protocol-related configurations. Signals contain a list of signals and their options. First-line on each sheet is a header row that contains the parameter name for each column. Header order determines parameter names for each following row. Every line after the header is a new entry. An empty row is interpreted as the end of the sheet. Any rows after empty row are discarded. # 18.1 Devices sheet The device sheet contains all devices to be configured on the gateway. Each row represents one device and its settings. The following options are required for each device: - **name** - Name of the device. Used for representation only. - **description** - A short description of the device. Used for representation only. - **device\_alias** - A unique short name for the device. It is used for linking signals to a device.

An alias can only contain alphanumeric characters and dashes ( - and \_ ). The alias must be unique for each device.

- **protocol** - Protocol type to use on the device. The exact values of protocols are written in every protocol documentation. Please look into the range of supported protocols: **IEC 61850 MMS:** – IEC 61850 Client (since FW 1.5.0) – IEC 61850 Server (since FW 1.5.0) **IEC 60870-5:** – IEC 60870-5-101 master – IEC 60870-5-101 slave – IEC 60870-5-103 master – IEC 60870-5-104 master \- IEC 60870-5-104 slave **DNP 3.0 Serial/LAN/WAN:** \- DNP3 Master – DNP3 Slave **Modbus Serial/TCP:** \- Modbus RTU/ASCII – Modbus TCP **Metering protocols:** \- DLMS/COSEM (since FW 1.3.0) – IEC 62056-21 (since FW 1.2.13) – MBus Serial – MBus TCP – Elgama (Meters based on IEC 62056-21 / 31 protocols) **Industrial IOT protocols:** \- MQTT \- RESTful API **Specific protocols:** – Aurora (ABB PV inverters protocol) – PowerOne (ABB PV inverters protocol) – SMA Net (SMA PV inverters protocol) – Kaco (Kaco PV inverters protocol) – Ginlong (Ginlong PV inverters protocol) – Solplus (Solutronic AG PV inverters protocol) – ComLynx (Danfoss PV inverters protocol) – Delta (Delta PV inverters protocol) – Windlog (Wind sensors from RainWise Inc.) – Vestas ( Wind turbines protocol) – Internal data – VBus.

Although device name rules aren’t strictly enforced, it is highly advised to give a unique name to every new device. Identical device names might introduce confusion while searching for signals in the Imported Signals tab.

#### Optional settings - **enable** - Flag to enable or disable a device on the system. Can contain values 0 or 1. - **event\_history\_size** - Maximum number of signal events to save on the device for later review. Older records will be erased. This feature is only available on cloud firmware. #### Serial port settings Required for any protocol that uses serial line communication. - **device** - Serial port for communication **(PORT1/PORT2)** - **baudrate** - Serial port speed. Valid values: **300**; **600**; **1200**; **2400**; **4800**; **9600**; **19200**; **38400**; **57600**; **115200** - **databits** - Number of data bits (6-9) - **stopbits** - Number of stop bits (1-2) - **parity** - Parity mode (none/even/odd) - **flowcontrol** - Flow control method (none/hardware/software) #### TCP/IP settings Settings for any protocol that uses communication over TCP/IP. Note that all TLS certificates and keys are stored in a single folder therefore only the name and not the path should be filled in respective fields.

TLS fields are only supported for IEC 61850 Client and Server, IEC-60870-5-104 Slave, and DNP3 Master and Slave, MQTT.

- **ip** - IP address for a master protocol to connect to; - **bind\_address** - one of the local IP addresses to bind the server to. Connections through other network devices will be ignored; - **host** - space-separated host IP addresses of master devices; - **port** - TCP port to listen for incoming connections; - **tls\_local\_certificate** - the name of the local TLS certificate; - **tls\_peer\_certificate** - the name of a certificate authority (CA) TLS certificate; - **tls\_private\_key** - the name of a private key for making TLS connections. # 18.2 Optional parameters for signals The signals sheet contains all signals linked to devices. Each signal is defined in a single row. The Signal list can be split into multiple sheets. Each sheet name may start as Signals. ### Required attributes These attributes are mandatory for every configured signal. Every Excel configuration should have specified them in the first row of the Signals sheet:
- **signal\_name** - Name of the signal. Used for representation only. - **device\_alias** - Alias of a device defined in the Devices sheet. A signal is linked to a matching device. - **signal\_alias** - A unique short name for the signal. It is used for linking signals to other signals. The alias can only contain alphanumeric characters and dashes ( - and \_ ). The device and signal alias combination must be unique.
### Optional attributes Optional attributes are required depending on the protocol in use and they can be used to extend protocol functionality:
- **source\_device\_alias** - Alias of a source device defined in the Devices sheet. If a user intends to use several signals and combine them via mathematical or logical function, every alias should be separated by a newline symbol (in the same cell). An operation used must also be defined in an operation column. - **source\_signal\_alias** - Alias of a source signal defined in the Signals sheet. If a user intends to use several signals and combine them via mathematical or logical function, every alias should be separated by a [**separator** ](https://wiki.elseta.com/books/manual163/page/182-optional-parameters-for-signals#bkmrk-separators)symbol (in the same cell). An operation used must also be defined in an operation column. Each `source_signal_alias` should be posted in the same line as its respective `source_device_alias`. Aliases can only contain alphanumeric characters and dashes ( - and \_ ). The device and signal alias combination must be unique. - **enable** - Flag to enable or disable signal on the system. Can contain values 0 or 1. - **tag\_type** - Tag type. Simple signals are polled from the device. Virtual signals are computed internally. - **units** - Signal value measurement units. - **multiply** - Multiply the value by this number. - **add** - Add this number to a value. - **min\_value** - Minimum expected value. If the result is lower than this value, the overflow flag is raised. - **max\_value** - Maximum expected value. If the result is higher than this value, the overflow flag is raised. - **absolute\_threshold** - Absolute threshold level. - **integral\_threshold** - Integral threshold level. - **threshold\_units** - Units used in threshold level fields (percent/real). - **log** - Maximum number of records for this tag to keep in the events log. - **suppression\_values** - Space-separated numeric values to be used in suppression. - **suppression\_time\_ms** - Suppression time in milliseconds. - **operation** - Mathematical or logical operation to be used for signals defined in source\_signal\_alias column which are separated using **[separators](https://wiki.elseta.com/books/manual163/page/182-optional-parameters-for-signals#bkmrk-separators)**. The following mathematical operations for source signal values can be used: average (average of all values), min (lowest value), max (highest value), median (median value), and sum (all values accumulated to a single number). An internal threshold is used to reduce value updates when the value doesn't change. Logical operations are intended for unsigned integers only. - **bit\_select** - selecting an individual bit of an integer number; bit numeration starts from zero. - **math\_expression** - a mathematical expression for master protocol monitor direction or slave command direction signals to be evaluated against. Explained in detail in the **Mathematical expression document.** - **source\_math\_expression** - a mathematical expression for master protocol command direction or slave monitor direction signals to be evaluated against. Explained in detail in the **Mathematical expression document.** - **periodic\_update\_ms –** time set for specific signal, that updates the signal state even if the value hasn’t changed.
Picture. Result of using an absolute threshold: [![image-1601977355078.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601977355078.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601977355078.png) Picture. Result of using an integral threshold: ![image-1601977339925.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601977339925.png) ### Signal recalculation operation priority A value generated by some protocol usually has to be recalculated in one way or another. This might mean changing the value of an argument as well as adding flags needed for other protocols to correctly interpret results. As recalculation is a sequential process, some actions are done before others. The sequence of operations done to a value is as follows:
- *Edition of attributes*. Attributes for further interpretation are added. This might, for example, include a flag to show that a signal resembles an answer to a command; - *Mathematical calculations*. **multiply**, **add**, **bit\_select,** and **math\_expression** columns are evaluated here; - *Usage of last value*. The decision if the last value for a signal should be used if a new value of a signal is not a number (NaN) or contains a non-topical (NT) flag; - *Limiting of values*. If a value exceeds a lower or higher configured limit, the value is approximated not to be lower (or higher) than the limit. An additional overflow (OV) flag is added as frequently used in IEC-60870-5 protocols; - *Suppression of values*. As electrical circuits can be noisy, protocols may generate multiple values in a short amount of time. What is more, some values are considered intermediaries and ideally should not be sent to SCADA unless they stay in the same state for some amount of time. **suppression\_values** and **suppression\_time\_ms** are used to configure this functionality; - *Threshold* checking. If a new signal doesn’t cross a threshold target value, the value is suppressed and not used in further stages. **absolute\_threshold, integral\_threshold and threshold\_units** columns are used to configure this functionality.

Not all of the elements in this sequence have to be configured, missing operations are skipped and values are fed to a further stage of signal recalculation.

### `number_type` field This field is required for some protocols to determine a method to retrieve a signal value from the hexadecimal form. Available values: • **FLOAT** - 32-bit single precision floating point value according to IEEE 754 standard • **DOUBLE** - 64-bit double precision floating point value according to IEEE 754 standard • **DIGITAL** - 1-bit boolean value • **UNSIGNED8** - 8-bit unsigned integer (0 - 255) • **SIGNED8** - 8-bit signed integer (-128 - 127) • **UNSIGNED16** - 16-bit unsigned integer (0 - 65535) • **SIGNED16** - 16-bit signed integer (-32768 - 32767) • **UNSIGNED32** - 32-bit unsigned integer (0 - 4294967295) • **SIGNED32** - 32-bit signed integer (-2147483648 - 2147483647) Number conversion uses **big-endian** byte order by default. Converted data will be invalid if the byte order on the connected device side is different. In such a case, byte swap operations can be used. Adding swap prefixes to number types will set different byte orders while converting values. The following swap operations are available:
- **SW8** - Swap every pair of bytes (8 bits) (e.g., **0xAABBCCDD** is translated to **0xBBAADDCC**); - **SW16** - Swap every pair of words (16 bits) (e.g., **0xAABBCCDD** is translated to **0xCCDDAABB**); - **SW32** - Swap every pair of two words (32 bits) (e.g., **0x1122334455667788** is translated to **0x5566778811223344**);
Table. Example of using different swapping functions:
Address76543210
Original numberByte 7Byte 6Byte 5Byte 4Byte 3Byte 2Byte 1Byte 0
SW8Byte 6Byte 7Byte 4Byte 5Byte 2Byte 3Byte 0Byte 1
SW16Byte 5Byte 4Byte 7Byte 6Byte 1Byte 0Byte 3Byte 2
SW32Byte 3Byte 2Byte 1Byte 0Byte 7Byte 6Byte 5Byte 4
SW8.SW16Byte 4Byte 5Byte 6Byte 7Byte 0Byte 1Byte 2Byte 3
SW8.SW32Byte 2Byte 3Byte 0Byte 1Byte 6Byte 7Byte 4Byte 5
SW8.SW16.SW32Byte 0Byte 1Byte 2Byte 3Byte 4Byte 5Byte 6Byte 7

Where Byte x, means bit x position in the byte.

Add a dot-separated prefix to the number format to use byte swapping. Multiple swap operations can be used simultaneously. For example, use `SW8.SW16.SIGNED32` it to correctly parse a 32-bit signed integer in a little-endian format. The table shows in detail how bytes, words, or double words can be swapped and how swapping functions can be combined to make different swapping patterns. The table shows how byte swap is done for 64-bit (8-byte) numbers. It doesn’t matter if it is an unsigned/signed integer or double, byte swapping is considered a bit-level operation. If a number is shorter than 64 bits, the same logic applies, the only difference is the unavailability of some swapping operations (`SW32` for 32-bit and smaller numbers). Using such an unavailable operation might lead to undefined behaviour. ### Linking signals Signals can be linked together to achieve data transfer between several protocols. If a signal source is defined, all output from that source will be routed to the input of the target signal. This way events polled from a Modbus device (e.g., [Modbus](https://wiki.elseta.com/books/rtu-usage/page/modbus "Modbus protocol"), [IEC 60870-5](https://wiki.elseta.com/books/rtu-usage/chapter/protocols-configuration "Protocols - configuration"), etc.) can be delivered to an external station over a different protocol. A signal source is required if a signal is created on a slave protocol configuration to link events between protocols. #### Example 1: To read a coil state from a Modbus device and transfer it to the [IEC 60870-5-104](https://wiki.elseta.com/books/rtu-usage/page/iec-60870-5-104 "IEC 60870-5-104") station, the following steps may be taken:
1. Create a Modbus master configuration in the Devices sheet. 2. Create an IEC 60870-5-104 slave configuration in the Devices sheet. 3. Create a signal on the master device to read coil status (function 1). 4. Create a signal on the slave device with a single point type (data\_type = 1). 5. Set **source\_device\_alias** and **source\_signal\_alias** fields on the slave device signal to match **device\_alias** and **signal\_alias** on the master device’s coil signal.
#### Example 2 To write a coil state to a Modbus device on a command from [IEC 60870-5-104](https://wiki.elseta.com/books/rtu-usage/page/iec-60870-5-104) station, the following steps may be taken:
1. Follow steps 1-3 from example 1. 2. Create a signal on the slave device with a single command type (data\_type = 45). 3. Set source\_device\_alias and source\_signal\_alias fields on the master configuration coil signal to match device\_alias and signal\_alias on the slave device’s command signal. Coil will be written to a value received by a command. 4. Set source\_device\_alias and source\_signal\_alias fields on the command signal to match device\_alias and signal\_alias on the master device’s coil signal. A command termination signal will be reported to the station on the coil to write the result.

For additional information regarding the configuration of IEC 60870-5-101/103/104 protocols, please refer to ”[IEC 60780-5-101/103/104 PID interoperability for WCC Lite devices](https://wiki.elseta.com/link/180#bkmrk-pid%27s)”, accordingly.

### Separators These operators can be used when defining two or more values in a single cell. For example, source\_signal\_alias and source\_device\_alias from different signals have to be written in the same cell but separated by the separators listed below. This is useful when using the operation parameter when trying to do mathematical operations on more than one signal. - “ “ - (newline) - “;” - “,” # 18.3 Mathematical functions The signal value might require some recalculation or signal update before being sent. Understandably, existing columns in Excel configuration like `multiply`, `add`, `bit_select` might not be flexible enough. To overcome these limitations, symbolic mathematical expressions can be configured to do calculations automatically on every update of a signal. ### Feature list: - Optimized for speed - High parsing performance - if-then-else operator with lazy evaluation - Default implementation with many features - 25 predefined functions - 18 predefined operators - Unit support - Use postfix operators as unit multipliers (3m -> 0.003) ### Mathematical functions Table. Supported mathematical functions:
NameArgument countExplanation
sin1sine function (rad)
cos1cosine function (rad)
tan1tangent function (rad)
asin1arcus sine function (rad)
acos1arcus cosine function (rad)
atan1arcus tangent function (rad)
sinh 1hyperbolic sine function
cosh1hyperbolic cosine
tanh1hyperbolic tangent function
asinh1hyperbolic arcus sine function
acosh1hyperbolic arcus tangent function
atanh1hyperbolic arcus tangent function
log21logarithm to the base 2
log101logarithm to the base 10
log1logarithm to base e (2.71828...)
ln1logarithm to base e (2.71828...)
exp1e raised to the power of x
sqrt1square root of a value
sign1sign function -1 if x<0; 1 if x>0
rint1round to the nearest integer
abs1absolute value
minvariablemin of all arguments
maxvariablemax of all arguments
sumvariablethe sum of all arguments
avgvariablethe mean value of all arguments
floor1round down to the nearest integer
modvariablemodulo operation

It should be noted that trigonometric functions (excluding hyperbolic functions) only support arguments in radians. This means that arguments for this function have to be recalculated if the angle is defined in degrees.

Value recalculation is only triggered on signal change of the preconfigured signal. That means that using other signals (via TagValue() call) does not trigger a value update.

Some mathematical expressions cannot be mathematically evaluated in some conditions, for example, a square root cannot be found for negative numbers. As complex numbers are not supported, the result is then equal to Not a Number (NaN). These results are marked with an invalid (IV) flag.

### Binary operations Table. Supported binary operators:
OperatorDescriptionPriority
= assignment -1
» right shift 0
« left shift 0
& bitwise and 0
| bitwise or 0
&& logical and 1
|| logical or 2
<= less or equal 4
>= greater or equal 4
!= not equal 4
== equal 4
>greater than 4
<less than 4
+addition 5
-subtraction 5
\*multiplication 6
/division 6
^ raise x to the power of y 7
Ternary operators can be used. This expression can be compared to the operator supported by C/C++ language (Table 39). Condition is written before a question (?) sign. If the condition is true, the result after the question sign is selected. If the condition is false, the result after colon (:) is selected. ### Ternary operations Table. Supported ternary operators
OperatorDescriptionRemarks
?: if then else operator C++ style syntax
### Examples Users can construct their equations by using the aforementioned operators and functions. These examples can be seen in the Table below. Table. Example expressions
Expression Description
value \* 0.0001 Multiply the tag by a constant.
value + TagValue(”tag/dev\_alias/sig\_alias/out”) Add value of tag/dev\_alias/sig\_alias/out to the current tag.
sin(value) Return a predefined sine function value of the tag.
(value>5)? 1: 0 If the value is greater than 5, the result should be equal to 1, otherwise - equal to 0
A variable called "value" is generated or updated on every signal change and represents the signals being configured. If another value from the tag list is intended to be used, one should use `TagValue()` function to retrieve its last value. The inner argument of `TagValue()` function has to be described in a Redis topic structure of WCC Lite. That means that it has to be constructed in a certain way. Quotes should be used to feed the topic name value, otherwise expression evaluation will fail. Every Redis topic name is constructed as tag/\[device\_alias\]/\[signal\_alias\]/\[direction\]. Prefix tag/ is always used before the rest of the argument. `device_alias` and `signal_alias` represent columns in Excel configuration. Direction can have one of four possible values - rout, out, in, rin; all of which depend on the direction data is sent or acquired device-wise. For example, the "out" keyword marks data sent out of the WCC Lite device, whereas the "in" direction represents data that WCC Lite is waiting to receive, for example, commands. Additional "r" before either direction means that data is raw, it is presented the way it was read by an individual protocol. ### Signal mathematics In this section, you will be shown how "math\_expression" and other mathematical functions can be used in case of common signals. You can download the configuration to follow along [here](https://wiki.elseta.com/attachments/119). Signals which we are concerned with in this section are highlighted in green colour. Let us analyze what mathematical functions are configured for the signals. For both the second and third signals the same expression will be used: "**value + TagValue(”tag/Master/RHR0/out”)**". The only difference is that for the second signal scale function "add" was used. [![image-1690294670075.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690294670075.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690294670075.png) In this signal configuration, the value of the second signal is calculated by adding the current value of the second signal to the value of the first signal. Then the sum of two signals is going to be increased by 5. The third signal is going to be calculated in the same way except that 5 is not going to be added. To see how it works let us start Modbus TCP Slave simulation in Vinci application. You can download the simulation [here](https://wiki.elseta.com/attachments/118). [![image-1690352395491.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690352395491.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690352395491.png) In the picture above you can see 6 registers. However, our main focus is null, second and fourth registers (Register0, Register2, Register4) since the first three signals of Modbus Master protocol (RHR0, RHR2 and RHR4) are reading the values of those registers (accordingly). Let us go to the WCC Lite web interface to see how these signals are displayed there: [![image-1690352275166.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690352275166.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690352275166.png) As we can see the values of the third and fifth signals have been modified (RHR2 = 2+1+5 = 8; RHR3 = 3+1 = 4). However, the values of the signals that are displayed in the web interface are intermediate so to speak. All the math is done in the protocol services (Modbus TCP Master in this case). Then those values are transmitted to the REDIS service. The values that are displayed in the web interface are REDIS values. We are going to see why it is important in another example. Now it was mentioned that the values of the third and fifth signals depend on the value of the first one. Let us see what will happen if we change the value of the Register 0. To do so we need to return to the VINCI application. Locate Register 0 and double-click on it. A menu with the register parameters will appear. [![image-1690354650550.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690354650550.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690354650550.png) Now let us change the value of the register to 2: [![image-1690354747437.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690354747437.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690354747437.png)Now it would be expected that the value of the second and third signals would become 9 and 5 accordingly (RHR2 = 2+2+5 = 9; RHR3 = 3+2 = 5). However if one checks the WCC Lite web interface right after that, one could notice that the second and third signals remained unchanged: [![image-1690355776501.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690355776501.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690355776501.png) To explain this let us look again at the math expression of these signals. The equation (**value + TagValue(”tag/Master/RHR0/out”)**) consists of two operands "value" and "TagValue(”tag/Master/RHR0/out”)". Currently, the system is designed in such a way that only if the "value" operand has changed, only then there is going to be a change in a signal's value. So if the values of the second and fourth registers are changed (increased by one in this example) then the values of the third and fifth signals are going to change taking into account the previous change in the value of Register 0 (RHR2 = 2+3+5 = 10; RHR3 = 2+4 = 6). [![image-1690357096636.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690357096636.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690357096636.png) [![image-1690356862952.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690356862952.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690356862952.png) ### Command mathematics In this section, you will be shown how "math\_expression", and other mathematical functions can be used in case of command signals. You can download the configuration to follow along [here](https://wiki.elseta.com/attachments/116). Signals which we are concerned with in this section are highlighted in blue colour. Let us analyze what mathematical functions are configured for the signals. [![image-1690443715221.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690443715221.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690443715221.png) The first four signals are going to be used for scale function analysis. To see how it works let us start Modbus TCP Slave simulation in Vinci application. You can download the simulation [here](https://wiki.elseta.com/attachments/117). [![image-1690366211464.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690366211464.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690366211464.png) Let us go to the WCC Lite web interface to see how these signals are displayed there: [![image-1690366270788.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690366270788.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690366270788.png) As one can notice the values displayed in the Vinci application differ from the values displayed in the web interface. To better understand the results let us see step by step how signals are modified. The first signal RHR0 reads the value of Register 0 which is equal to 4. After the read operation, the value is multiplied by two in the master protocol service. Then the signal is transmitted to the REDIS service. REDIS value is presented in the web interface. Then the same value 8 is written to Register 1 by sending a WSR1 command signal. Finally, the value of the WSR1 signal is displayed in the Vinci simulation. The third signal RHR2 behaves quite the same as the first RHR0 signal. It reads the value of Register 2 and without performing any scaling operations transmits value to REDIS. It again can be seen in the web interface. While still in REDIS service the value of Register 2 is passed to WSR3 signal. Then command signal WSR3 is transmitted back to the Modbus Master protocol service where the value of the signal is scaled. One could expect that the value of the signal would be multiplied by two but it is divided by two. Then the value of 2 is displayed in the Vinci Slave simulation. After changing the value of Register 3 WSR3 signal is sent back from the Master Protocol service to REDIS. On its way, the signal again passes the signal scaling place where it is again multiplied by two. This is why we see in the web interface that the value of the fourth signal WSR3 is 4. All the moments when a signal passes a place where its value is scaled can be seen by turning on a debugger session. To do so one should connect to WCC Lite via Ubuntu terminal in Terminal application. Then Modbus Master protocol needs to be stopped by sending "**/etc/init.d/modbus-master stop"**. Then Modbus Master protocol needs to be started again with the -m flag (m for math) "**modbus-master -d7 -m -c /etc/modbus-master/modbus-tcp.json".** [![image-1690374285270.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690374285270.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690374285270.png) If you scroll up after starting the session you will be able to find how both RHR0 and WSR3 signals are scaled after passing the signal scaling place. [![image-1690374494803.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690374494803.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690374494803.png) [![image-1690374525614.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690374525614.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690374525614.png) Why is it the case that the signal is divided instead of being multiplied by two? The answer to this question is that the scaling factor depends on the direction of the signal. When the RHR0 signal was travelling from Master Protocol to REDIS service and was passing the place where signals are scaled the signal was multiplied by a scaling factor. On the other hand, when the WSR3 signal was travelling from REDIS service to Master Protocol and was passing the same signal scaling place the signal was divided by the scaling factor. Now let us analyze how "math\_expression" and "source\_math\_expression" are applied to the WSR5 signal. To get a better insight let us look at how signals are transmitted and transformed inside WCC Lite and when mathematical expressions are applied. [![image-1690454682295.drawio.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690454682295-drawio.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690454682295-drawio.png) Let us analyze the diagram above. As we can see all basic mathematical operations (such as add, multiply, etc.) are performed inside a Master protocol service. When signals are transmitted between protocols they travel through REDIS service. The period of existence of a signal inside the REDIS service can be divided into four stages. They can be denoted by their endings, namely: "rout", "out", "in" and "rin". At the "out" and "rin" stages signal values can be seen through certain interfaces which is why they are displayed in a purple colour with blue eyes on them. At the "out" stage a signal is displayed on the WCC Lite web interface, at the "rin" stage signal value can be seen through the Vinci application. As one can notice "math\_expression" is applied before the "out" stage and "source\_math\_expression" is performed before the "rin" stage. However, in our particular example, we did not configure any Slave device. In this situation signal transportation inside REDIS service can be depicted as follows: [![image-1690446845504.drawio.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690446845504-drawio.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690446845504-drawio.png) Let us return to our example and let us see what are the values of the WSR5 signal in the WCC Lite web interface and Vinci Slave simulation. [![image-1690451897495.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690451897495.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690451897495.png) [![image-1690451946031.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690451946031.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690451946031.png) The diagram below explains how these values were calculated. [![image-1690452517897.drawio.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1690452517897-drawio.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1690452517897-drawio.png) ### Extra functions Several functions are defined to make tag operations possible: - `TagValue(key)` - returns the last known value of the tag identified by the Redis key; - `TagFlag(key)` - returns 1 if the tag flag exists. The name format is: ”key flag”. For example, to check if the tag is non-topical, the name would be ”tag/19xxxxxxx/x/x nt”; - `TagAttribute(key)` - similar to TagFlag, but returns a numeric value of a tag attribute; - `TagTime(key)` - returns the UNIX timestamp in milliseconds of the last known tag value. # 18.4 Uploading configuration As of WCC Lite version v1.4.0, there are three separate ways to import the configuration: import an Excel file via the web interface, generate compressed configuration files and later upload them via the web interface; or generate compressed configuration files and upload them via utility application. For WCC Lite version v1.4.0, the name of the file is shown in Protocol Hub -->Configuration. Older versions only allow configuration files to be stored in a file called phub.xlsx and later downloaded with a custom-built name reflecting the date of a download. The upgrade process from older versions to versions v1.4.0 and above when preserving configuration files automatically makes the necessary changes to enable this new functionality of WCC Lite.

If a user intends to **downgrade** the firmware to versions older than version v1.4.0 from newer versions, they must first download the configuration files and later re-upload the configuration after finishing the upgrade process.

### Importing an Excel file Excel files can be imported without any external tools. This option can be used where there is no internet connection or only minor change has to be applied. This way of importing is not suitable for the validation of Excel configuration files.

**Generating configuration is a resource-intensive task.** It might take up to 10 minutes depending on the configuration complexity

Supported types of an Excel configuration: .xlsx, .xlsm, .xltm, .xltx

To upload an Excel file, open Protocol Hub -->Configuration screen in the Web interface, select Configuration file, and press Import configuration. ### Generating .zip file To accelerate the task of generating configuration a computer can be used. For this users should download the WCC Excel Utility application. Upon opening an application, the user should search for a field called Excel file which lets to choose an Excel file for which a conversion should be made. The output file should be filled out automatically, however, this value can be edited. To make a conversion press Convert. If there are no errors found in the configuration, the output file should contain the generated configuration, otherwise, an error message is shown to a user. This .zip file can be uploaded via the Web interface, using the same tools used for the import of an Excel file. ### Uploading configuration remotely As of the WCC Lite version, v1.4.0 generated configuration files can be uploaded with a click of a button in the Excel Utility. There are four parameters (not counting the configuration file itself) that have to be filled in before starting upload:
- *Hostname*: an IP address for the device to connect to. This field conforms to hostname rules, therefore, if an invalid value is selected, it is reset to default (192.168.1.1); - *Port*: a PORT number to which an SSH connection can be made; valid values fall into a range between 1 and 65535; if an invalid value is selected, it is reset to default (22); - *Username*: a username which is used to make an SSH connection; make sure this user has enough rights, preferably root; - *Password*: a password of a user used for establishing an SSH connection;

Configuration can only be uploaded if a port used for SSH connection is open for the IP address filled in the hostname entry field. Please check WCC Lite firewall settings in case of connection failure.

To upload a configuration remotely, press Upload Configuration. If no errors occur, you should finally be met with text output mentioning configuration has been applied. During the upload process, the aforementioned button is disabled to prevent spanning multiple concurrent processes. # 18.5 Virtual device ### General The virtual device is a device that you can use to calculate additional math or keep a counter. It doesn't bind to any protocol and only works when its math expression is used.

Virtual device functionality is only available since firmware version v1.6.3, of WCC Lite.

### Configuring Virtual device To configure WCC Lite to use the virtual device you must configure the device and signal sheets. *Virtual device parameters for Device tab:*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device nameYes
descriptionstringDescription of the deviceNo
device\_aliasstringDevice alias to be used in the configurationYes
protocolstringSelection of protocolYes **Virtual device**
*Virtual device parameters for the Signals tab:*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal nameYes
device\_aliasstringDevice alias from a Devices tabYes
signal\_aliasstringUnique signal name to be usedYes
math\_expressionstringField to calculate specific math. You must enter the signal you want to use. Yes
The only field that is a must to use the virtual device is the *math\_expression* field. Here you need to enter the signal which you want to associate it with. Some examples of what it can do: - Hold a specific tag value. - Calculate a specific math function with many signals, that you can, later on, pass to another device. - Add tag value to the current value, to create a counter. # 19 WCC Lite internal signals ### Overview The WCC Lite contains several internal data points for readout and control which can be accessed via the Pooler service. ### Configuration #### Devices section In the devices section, only the protocol, scan\_rate\_ms and poll\_delay\_ms are to be configured for this type of device. ##### WCC Lite internal signals
**Parameter** **Type****Description** **Required****Default Value** (when not specified) **Range**
namestring User-friendly device nameYes
device\_aliasstringAlphanumeric string to identify a deviceYes
protocol Protocol identifier Internal dataYes **Internal data**
scan\_rate\_msintegerUpdate rateNo60000
poll\_delay\_msintegerPoll delayNo200

It is advised to set scan\_rate\_ms to a value greater than 5000 milliseconds as frequent scans may significantly overload the internal data process.

#### The signals section `tag_job` defines the tagging job. This can be set to `gpio`, `board`, `netstat`, `gsm`, `led` and `process`. `tag_job_todo` defines the job sub­ job. This field should address the particular point of interest. There is also an optional extra trigger parameter. It allows changing when the signal switches between on and off and is only applicable to LED and GPIO parameters that can be set. The default trigger is value>0. When a **trigger** column is added the trigger can be changed by entering i.e. "value>10". This is useful when mapping a source signal to trigger a relay. An example of how to use a trigger is in the example configuration attached to this page. [Excel Configuration Example](https://wiki.elseta.com/attachments/610)

Digital-input GPIO will only work with Hardware versions 1.4 and above.

Certain GSM parameters will only work if a SIM card is inserted.

**job\_todo****Description****tag\_job\_todo****Description**
gpio ReadOnly parametersdigital-inputIf the value is 1 then the digital input pin is high. If it's 0 then the digital-input value is low.
rs232-enable If the value is 1 then rs232 is enabled. If the value is 0 then rs485 is enabled.
Parameters that can be set.sim-detect Informs whether the sim is inserted.
relay Making this value equal to 1 will activate the relay.
board Board info cpu-usage CPU usage %
ram-usage RAM usage %
mac-address Device MAC address
uptime Device uptime in seconds
fw-version Firmware version
hw-version Hardware version
modem-imei Modem IMEI number
modem-type Modem type: 0 - unknown 1 - single sim 2 - dual sim
netstat|\[interface\]Network statisticsTX Bytes transferred
RXBytes received
led LED status/control blue-heartbeat Heartbeat LED
blue-wlan WLAN LED
green-eth0ETH0 LED
green-eth1ETH1 LED
green-signal1 Signal 1 LED
green-signal2 Signal 2 LED
green-signal3 Signal 3 LED
red-faultFault LED
processCheck if the process is running\[process name\]1 or 0 is returned
gsm GSM informationrat-number GSM RAT number
imsi-number GSM IMSI number
internet-status GSM Internet status
operator-number GSM operator number
roaming-status GSM roaming status
signal-quality GSM signal quality
sim-status SIM card status
sim-select if the value is 0, sim1 will be selected, if the value is 1, sim2 will be selected.
modem-reset Making this value equal to 1 will reset the modem.
date Current set time values.year The current year set on the device
month The current month set on the device
day The current day set on the device
hour The current hour set on the device
minute The current minute set on the device
second The current second set on the device
# 20 Programmable logic controller A programmable logic controller (PLC) is a digital device adapted for control of processes which require high reliability, ease of programming and real­time responses. Such functionality has long since replaced hard­wired relays, timers and sequencers which would be required to complete various tasks. Programmable logic controllers usually had to conform to IEC 61131­3 standard which defines four programming languages: function block diagram (FBD), ladder diagram (LD), structured text (ST) and sequential function chart (SFC). This standard does not support distributed control systems therefore IEC 61499 standard was published in 2005. The standard is considered an extension of IEC 61131­3 standard. WCC Lite supports PLC functionality while conforming to specifications of IEC 61499 standard. # 20.1 IEC 61499 IEC 61499-1 defines the architecture for distributed systems. In IEC 61499 the cyclic execution model of IEC 61131 is replaced by an event-driven execution model. The event-driven execution model allows for an explicit specification of the execution order of function blocks. If necessary, periodically executed applications can be implemented by using the E\_CYCLE function block for the generation of periodic events. IEC 61499 enables an application-centric design, in which one or more applications, defined by networks of interconnected function blocks, are created for the whole system and subsequently distributed to the available devices. All devices within a system are described within a device model. The topology of the system is reflected by the system model. The distribution of an application is described within the mapping model. Therefore, applications of a system are distributable but maintained together. Like IEC 61131-3 function blocks, IEC 61499 function block types specify both an interface and an implementation. In contrast to IEC 61131-3, an IEC 61499 interface contains event inputs and outputs in addition to data inputs and outputs. Events can be associated with data inputs and outputs by WITH constraints. IEC 61499 defines several function block types, all of which can contain a behaviour description in terms of service sequences: Service interface function block – SIFB: The source code is hidden and its functionality is only described by service sequences; • Basic function block - BFB: Its functionality is described in terms of an Execution Control Chart (ECC), which is similar to a state diagram (UML). Every state can have several actions. Each action references one or zero algorithms and one or zero events. Algorithms can be implemented as defined in compliant standards. • Composite function block - CFB: Its functionality is defined by a function block network. • Adapter interfaces: An adapter interface is not a real function block. It combines several events and data connections within one connection and provides an interface concept to separate specification and implementation. • Sub application: Its functionality is also defined as a function block network. In contrast to CFBs, sub-applications can be distributed. To maintain the applications on a device IEC 61499 provides a management model. The device manager maintains the lifecycle of any resource and manages the communication with the software tools (e.g., configuration tool, agent) via management commands. # 20.2 4Diac framework [![image-1601992021990.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992021990.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992021990.png) The PLC functionality in the WCC Lite is implemented using the Eclipse 4diac framework, consisting of the 4diac IDE and the 4diac FORTE runtime. The system corresponds to IEC 61499, an extension of IEC 61131-3. For more in-depth instructions and function block reference please see the 4diac manual - this document is merely a quick start guide that emphasizes the specifics of tailoring the applications to run on the WCC Lite. The 4diac IDE application is used to model logic sequences. An output file, \*.fboot, is then generated and either loaded into the runtime for debugging purposes (functionality available from within the IDE) or uploaded into the controller for normal use via the web interface.

During debugging, the output logic is executed directly in the runtime. Any logic loaded during debugging will be discarded after a reboot of the controller. Logic applications for regular use should be uploaded via the web interface.

It is possible to run multiple tasks at once. These tasks can either be implemented on the same screen or split into separate tasks. Please note, however, that all elements should have unique names, even between different tasks. As of 4Diac IDE 1.11.3, this is not enforced between separate apps, however, 4Diac runtime application rejects such files purely because of naming issues.

The 4diac FORTE runtime can execute the aforementioned fboot files containing the logic. The FORTE runtime can be run on both the WCC Lite and a PC for debugging purposes. The runtime is integrated to interact with the REDIS database. # 20.3 Example project The best way to understand the basics of 4Diac and WCC Lite collaboration is through an example project. This user manual intends to show the pieces needed to run PLC applications on WCC Lite. It is not intended to be a definitive guide on how to use 4Diac IDE or how to interpret the IEC 61499 standard. During (at least) the first start of the IDE user will be asked to select a directory for the workspace as in Figure. Workspace is used to save files needed for projects. [![image-1601992159243.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992159243.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992159243.png) [![image-1601992177394.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992177394.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992177394.png) After that, a user should be met by the welcome window. If such a window is not shown, one can create a project by selecting File -->New --> Project and filling in the required fields. Here is a library of function blocks, which are working with the newest 4Diac version: [Elseta Library.zip](https://wiki.elseta.com/attachments/536). Upload the library to your project folder. To create a simple application, simply drag and drop objects from the palette to the canvas and wire them accordingly. Event trigger and data pathways cannot be connected. Displayed below is an example of a simple blinker application.

Having less wiring by connecting several signals to the same subnet as PCB designer (such as Altium Designer) as of 4Diac IDE 1.11.3 is not supported. However, if some parts are used frequently, it is highly advised to have less wiring by simply compiling several elements into a sub-application. For this, you would have to select elements to be grouped, press the right key and select New Sub application. You can later change the names of such elements and their pins.

[![image-1601992239152.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992239152.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992239152.png) [![image-1601992245178.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992245178.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992245178.png) In the System Configuration section, drag and drop a FORTE\_PC device, and an Ethernet segment and link them. For debugging in the local (PC) runtime, leave the address ”localhost:61499”. For testing on a WCC Lite, enter the IP address of the device, along with the port number (which by default is 61499 as well). [![image-1601992273595.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992273595.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992273595.png) To deploy the application, the circuit needs to be mapped to the controller. For a non-distributed application (distributed application cases will not be discussed in this chapter), all the FBs of the application need to be selected and mapped to the configured controller as shown: [![image-1601992299991.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992299991.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992299991.png) To start the application execution, an initial trigger needs to be present. For a non-distributed application, the initial event trigger needs to be wired from the START function block in the resource section as shown: [![image-1601992323578.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992323578.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992323578.png) [![image-1601992330383.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1601992330383.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1601992330383.png) To deploy the application, go to the System Configuration tab and simply select ”Deploy” from the right-click menu of the controller device. If a running application exists in the runtime, you may be asked whether you want to replace it. This will only overwrite the application in the memory and not the storage. If the controller is restarted, the old application will be loaded from the non-volatile memory of the controller. # 20.4 Configuring data endpoints To use WCC Lite as a programmable logic controller, it needs to be configured in a particular way. The PLC functionality of the WCC Lite only allows for the use of data that has been configured in the Excel configuration spreadsheet. This has been done for security purposes and to preserve transmission medium only for data that is available. Only topics defined in the configuration can post or get data. If a certain data entry exists but has not been linked to a PLC program, all calls from the PLC runtime application to the Redis database will be ignored. Therefore it is highly advised to prepare and upload the Excel configuration before using this signal in the PLC application. Some parameters are mandatory for PLC usage. These parameters are shown in two tables below (one for Devices, and one for Signals tab). Please note that other parameters can be used as well, but are not covered because they aren’t specific to PLC functionality. Table. Mandatory parameters for the Devices tab
ParameterTypeDescription
name string User-friendly device name
device\_alias string Device alias to be used in configuration
enable booleanEnabling/disabling of a device
protocol string Selection of protocol (IEC 61499)
Table. Mandatory parameters for the Signals tab
ParameterTypeDescription
signal\_name string User-friendly signal name
device\_alias string Device alias from a Devices tab
signal\_alias stringUnique signal name to be used
source\_device\_alias string device\_alias of a source device
source\_signal\_alias string signal\_alias of a source signal
If an upload consisting of configuration for IEC 61499 has been successful, one should be able to access a configuration stored in /etc/iec61499.json file where protocol-specific parameters are shown in a JSON format. If the file is missing, make sure you have the correct firmware version installed and haven’t made any typing errors. Parameters mentioned earlier, namely device\_alias and signal\_alias, are the only parameters one needs to fill to bind Excel configuration to the 4Diac framework. Two types of blocks are used for data transmission - PUBLISH blocks to write data to the REDIS database and SUBSCRIBE blocks to acquire data from the database as soon as it changes its value. Both of them have an ID connection. To connect a block to a data point, one should set this pin as raw\[\].redis\[device\_alias,signal\_alias\], e.g. raw\[\].redis\[example\_plc\_device,example\_plc\_signal\_alias\]. As of version 2.0.0, the pin values must be surrounded by double commas. Examples with SUBSCRIBE and PUBLISH function blocks are shown in the images below. Subscribe and publish examples in the older versions[![image-1602661793915.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602661793915.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602661793915.png) Subscribe and publish examples in the newer versions (from 2.0.0) [![image-1691056876637.png](https://wiki.elseta.com/uploads/images/gallery/2023-08/scaled-1680-/image-1691056876637.png)](https://wiki.elseta.com/uploads/images/gallery/2023-08/image-1691056876637.png)

Outputs of variable type ANY cannot be directly wired to inputs of the same type and therefore need to be explicitly typed using transitional function blocks.

No more than 20 tags should be published over 5 seconds, as this may overfill the queue. A ”publish only on change” policy is advised.

Currently, only PUBLISH\_1 and SUBSCRIBE\_1 function blocks are supported.

The functionality of the subscribe function is dependent on the presence of the "F\_STRING\_TO\_" function block, for example (F\_STRING\_TO\_REAL). Likewise, the publish function's proper operation relies on the availability of the "F\_ \_TO\_STRING" FB, for example (F\_REAL\_TO\_STRING).

If every step until now has been successful, the user can now proceed to debug the PLC application. # 20.5 Debugging an IEC 61499 application After a project has been built and bound to an existing Excel configuration, a user would normally want to check if every part is working according to the prior requirements before compiling the finished project and uploading it to production. Both the 4Diac framework and WCC Lite offer tools for flexible debugging. There is a possibility that 4Diac FORTE might not start as a process. It may happen if multiple faults occur and the process has stopped. The process is also programmed to not start if no Excel configuration file is found, therefore a user should make sure that Excel configuration is uploaded and ready for use. Individual function blocks can be set to Watch mode: events can be triggered and values can be forced at inputs or outputs (look into images below). To monitor the function blocks, the application should be deployed and the IDE should be in Online mode (Debug --> Monitor System --> NewSystem). Selecting watch mode: [![image-1602662191072.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602662191072.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602662191072.png) Function blocks in watch mode: [![image-1602662206569.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602662206569.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602662206569.png) Seeing information dynamically updated on 4Diac IDE might be very informative, however, some applications might require accessing WCC Lite via a command-line interface. For example, in case of information not being updated one would want to ensure that 4Diac FORTE in WCC Lite is not filtering data out but sending it to the internal database (Redis). To run 4Diac FORTE debug from the command-line interface, a user should write forte and press Enter. All possible choices are shown by adding the -h flag. A debugging example would be: '/etc/init.d/forte stop' to stop any forte processes, 'forte -d7 -r -f /etc/forte/yourfbootfilename.fboot' to launch the debug. More flags are shown in the Table below. Make sure to stop any running process that could use the address that the 4Diac framework is going to use. Table. 4Diac FORTE command line debugging options: ``` -h - Display help information -c : - Set the listening IP and port for the incoming connections -r - Show redis messages -d - Set debugging level -f - Set the boot-file where to read from to load the applications ``` ### # 20.6 Generating and uploading FORTE logic file After the PLC design is finished and debugged, such a design can be compiled into an FBOOT file and uploaded to one or multiple devices to be used in production. As the application being debugged is not automatically considered as a default application, one should be uploaded explicitly via the web interface. To generate FORTE boot files a user should select Run->Create FORTE boot-file.... After that one should select devices which should have their boot files created as well as additional devices’ properties and directories where these files should be stored as in the picture below. Generating FBOOT file:[![image-1602662453356.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602662453356.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602662453356.png) The upload button for the FORTE files in the web interface can be found in the Protocol Hub tab, Configuration screen (FORTE boot file upload supported for versions v1.4.0 and above). You should see a view in the picture below. WCC Lite Web interface. Upload and download of 4Diac configuration files: [![image-1689332420225.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689332420225.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689332420225.png) After the file has been imported one should be able to download it from the same screen as seen in the picture before.

Please note that only files with the \*.fboot extension are allowed.

Uploading a file saves it's name and shows it in the web interface. It is advised to carefully choose a filename to separate different versions of PLC application files.

# 20.7 Distributed control application IEC 64199 standard introduced requirements for distributed control. This means that multiple devices can change information between them and make their own decisions based on the data they receive from other sources. This enables distributed applications between multiple WCC Lite devices and all other devices that support IEC 61499. Communication between devices can be configured using: - Publish/Subscribe function blocks (via UDP packets); - Client/Server function blocks (via TCP packets). A Publish block can publish data messages using UDP multi-cast addresses meaning that multiple devices would be able to simultaneously get the same data. However, one would have to make sure that all of the devices support the multi-cast option. This user manual will only cover setting up point-to-point communication between devices via Publish/Subscribe blocks. For more information on communication between several IEC 61499 devices please check the documentation for [Eclipse 4diac framework](https://wiki.elseta.com/link/851#bkmrk-page-title). Let’s say we would like to count how many times the light has been turned on. For this, we can add counting functionality to the application shown in the picture below. The application should run on 2 devices. The blinking part of the application will run on a 4diac FORTE and the count on another 4diac FORTE, see the architecture below. The two different programs running on two separate WCC Lite devices emulate two PLCs. Two different devices can be identified by different colours of function blocks. One can identify the device and its properties by accessing the System Configuration screen as seen below. Yellow function blocks belong to the WCC\_212 device which can be accessed through 192.168.4.212 (port number 61499) whereas brown function blocks belong to the WCC\_218 device which can accessed through 192.168.4.218 (port number 61499). Example blinking application as a distributed system:[![image-1602662769321.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602662769321.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602662769321.png) Example system configuration for a distributed system:[![image-1602662862391.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602662862391.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602662862391.png) Example app for blinking part of a distributed system:[![image-1602662875556.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602662875556.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602662875556.png) Example app for counting part of a distributed system:[![image-1602662888137.png](https://wiki.elseta.com/uploads/images/gallery/2020-10/scaled-1680-/image-1602662888137.png)](https://wiki.elseta.com/uploads/images/gallery/2020-10/image-1602662888137.png) To count the blinking, two new Function Blocks (FBs) have been added to the existing application for a different device (WCC\_218): - E\_PERMIT - E\_CTU To communicate between devices, an additional PUBLISH\_X/SUBSCRIBE\_X pair must be used. As one can identify, these blocks are not seen when looking at a whole distributed system and should be seen as an intermediary between devices. The PUBLISH\_X FB is used to send messages over the network which are received by an SUBSCRIBE\_X FB. Every time a REQ is triggered, a message is sent according to the ID input. With the value of the ID input, you can specify what specific network protocol you would like to use (e.g., MQTT). If you don’t specify a dedicated protocol the default as defined in the ”IEC 61499 Compliance Profile for Feasibility Demonstrations” is used. The number X in PUBLISH\_X is the number of data elements that you want to send in the message. Since we are only sending one value we used PUBLISH\_1. The used ID value specifies an IP: PORT pair. # 21 Lua script runner ### Introduction Lua is a powerful, efficient, lightweight scripting language. It has been used in many industrial applications with an emphasis on embedded systems. Lua has a deserved reputation for performance. To claim to be "as fast as Lua" is an aspiration of other scripting languages. Several benchmarks show Lua as the fastest language in the realm of interpreted scripting languages. Lua is fast not only in fine-tuned benchmark programs but in real life too. Substantial fractions of large applications have been written in Lua. In the WCC Lite system, Lua is used for extending the functionality of Excel configuration adding an interface to the existing signal-linking engine. Provided functions enable to recreate of PLC functionality and modify any value with ease. ### Overview ##### Execution types: Lua runner provides 3 execution modes: interval, date, and signal, which can be specified in [**execution\_type**](https://wiki.elseta.com/link/915#bkmrk-parameter-descriptio-0). **Interval**: executes provided script based on provided time interval in [**execution\_parameter**](https://wiki.elseta.com/link/915#bkmrk-parameter-descriptio-0). It uses milliseconds, meaning if a 500 value is provided, then the script is executed every 500 milliseconds. **Date:** schedules a script execution based on the provided cron expression in [**execution\_parameter**](https://wiki.elseta.com/link/915#bkmrk-parameter-descriptio-0). The format consists of 6-7 fields separated by space.
NameRequiredAllowed ValuesAllowed Special Characters
Seconds Y 0-59 , - \* /
Minutes Y 0-59 , - \* /
Hours Y 0-23 , - \* /
Day of month Y 1-31 , - \* /
Month Y 0-11 or JAN-DEC , - \* /
Day of week Y 1-7 or SUN-SAT , - \* /
Year N empty or 1970-2099 , - \* /
For example, 0 0 \* \* \* \* will execute the script at every hour mark. There are a lot of online cron expression parsers or generators to convert this expression to a more understandable sentence. [https://crontab.cronhub.io/](https://crontab.cronhub.io/) **Signal:** uses source signal provided in signal sheet to trigger script execution. Another non-example signal can be provided in the [**execution\_parameter**](https://wiki.elseta.com/link/915#bkmrk-parameter-descriptio-0) attribute. As an example, if a signal in Excel configuration has an attribute **execute** with value 1, and a source signal specified in **source\_device\_alias, source\_signal\_alias**, then if a value event happens to the source signal, the script will be executed. More than one signal can have an **execute** attribute. The signal that executes the script can be accessed through the **execution\_signal** variable that has a table inside of it with variables: {tag = {device\_alias = "script", signal\_alias = "tag1"}, value = {value = 60, time = "123456789", attributes = "iv, nt, sb"}} ##### Additional functions: To interface with existing signals and extend the available Lua functions some extra functions were added: **get, set, publish,** and **subscribe** functions are used to get the values configured in Excel configuration or to communicate with other scripts. A signal value in the WCC Lite system consists of 3 sub-values: **value**, **time**, and **attributes. get** function is used to get all the sub-values or **get\_value**, **get\_time** and **get\_attributes** to get only one of the sub-values. To execute this command, a signal has to be specified: **get(signal.value1).** A signal is specified by a string "tag/<device\_alias>/<signal\_alias>" or a table that is created from an **iterator** parameter in Excel configuration. For example: ```Lua -- the default iterator is signals, that means there is a table 'signals' generated from excel signals

-- signals["tag1"] = "tag/device_alias/tag1" tag1 would be the signal_alias

-- to get the value of this signal:

local variable = get_value(signals.tag1)

local variable = get_value(signals["tag1"]) -- both methods are viable

-- and the 'variable' will have the value of tag1 signal

-- get function will return the value of source signal that was sent to this signal ``` Function **publish** is used to send a value to other signals: ```Lua publish(signals.tag2, 90) -- this function will send 90 with current time to the signal tag2

publish(signals.tag2, {value = 60, time = "123456789", attributes = "iv,nt,sb"})

-- above command is used when other sub values are needed to be specified

-- and the signal-linker will send it to another signal

-- if this signal was specified as source signal in another protocol signal ``` To provide different times and attributes to the publish function, a table of these 3 values has to be specified, time can be omitted. An example of the table is returned by the **get** function. These two functions will be used the most, others are included for communication between different scripts in a more complex system. **set** function sets the value of the signal, without sending an event of change: ```Lua set(signals.tag3, 50) -- this command will set the value of the signal tag3

-- because it is a set function, other protocols will not see a change

-- and the value will not be accessible

-- it is only used with non excel signals

set("signal1", 60) -- now the signal1 tag will have a value

-- and another script will be able to use get to get this value

local value1 = get_value("signal1") -- value1 will be equal to 60 with current time ``` Function **subscribe** is used to wait (blocks code execution while waiting) for a value and get it. It is used the same as the **get** function (does not have separate functions for sub-values). It should only be used if more complex communication between scripts is needed.

These functions are equivalent to REDIS functions.

Function **save** saves the specified value to flash memory for use after reboot. The same value sub-values apply to execution. ```Lua save(signals.tag1, 50) -- this will save a value to tag1

-- after reboot this value will be set to tag1

-- and will be accesible with get(signals.tag1)

-- this function will not set the value tag1 to 50 ``` Function **time\_ms** returns the current time in milliseconds and in UNIX format. ```Lua local t = time_ms()

-- t will be equal to 1665389490555

-- if the date right now is Mon Oct 10 2022 08:11:30:555 GMT+0000 ``` Function **sleep** is the same as Lua socket module function socket.sleep. ```Lua sleep(1) -- will wait for 1 second ``` Additional functions for debug information are **emerg, alert, crit, err, warning, notice, info, and debug**. These functions correspond to levels from 0 to 7. The default level is 4, which means that the function from **emerg** to **warning** will be printed to syslog unless specified differently in file **/etc/lua-runner.conf.** ```Lua emerg("log message 0")

alert("log message 1")

crit("log message 2")

err("log message 3")

warning("log message 4")

notice("log message 5")

info("log message 6")

debug("log message 7") ```

These functions will require significant CPU resources even if the message log level is higher than default and no message is printed.

##### Web interface The web interface is used to see what scripts are running and, if there is a script provided, to stop/start a script. After configuring a device with Lua runner as protocol, the script runner protocol hub tab will be populated with devices that were configured: [![image-1665406373895.png](https://wiki.elseta.com/uploads/images/gallery/2022-10/scaled-1680-/image-1665406373895.png)](https://wiki.elseta.com/uploads/images/gallery/2022-10/image-1665406373895.png) Then by pressing the Upload Script button, a script will be available to be selected (the name of the script will be changed to match device\_alias). When uploaded the script will not be started automatically, pressing start will be necessary. [![image-1665408922682.png](https://wiki.elseta.com/uploads/images/gallery/2022-10/scaled-1680-/image-1665408922682.png)](https://wiki.elseta.com/uploads/images/gallery/2022-10/image-1665408922682.png) After pressing start, the script will be started, if there are errors it will try to start, but after a few attempts, it will stop. [![image-1665409121771.png](https://wiki.elseta.com/uploads/images/gallery/2022-10/scaled-1680-/image-1665409121771.png)](https://wiki.elseta.com/uploads/images/gallery/2022-10/image-1665409121771.png) The clear all saved values button is used to clear the memory of saved values. Having a lot of values saved is not healthy for the SD card and faults can happen. Also, the script runner process initialization is slowed down when a lot of saved values are used. ### Configuration #### Device configuration parameters:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
name stringUser-­friendly name for a device Yes
device\_alias string Alphanumeric string to identify a device Yes
descriptionstringDescription of a device No
enable boolean Enabling/disabling of a device No 1 0 1
protocol string Protocol to be used Yes lua runner
execution\_type string Execution type to be used Yes interval, date, signal
execution\_parameter int, string Parameters for execution Yes
NULL
interval time in ms, date in cron format, additional signal
queue\_max int Maximum execution queue jobs No 3 0 to disable the queue
error\_limit int Error limit before stopping No 3 0 to disable
keep\_alive\_time\_ms int Time to keep the script alive in milliseconds No 600000 0 to disable
#### Signals configuration parameters:
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_name stringUser-­friendly name for a signal Yes
device\_alias string Alphanumeric string to identify a device Yes Must match device\_alias in the device sheet
signal\_alias string Unique alphanumeric name of the signal to be Yes used Yes
iterator string Lua table name to which signal is added No signals
default\_value string Default value for a signal No
execute int Enable signal update trigger to execute script (only available for signal execution mode) No 0 0 1
### Debugging the script runner service If the configuration for the script runner is set up, the process will start automatically. If the configuration/script is missing or contains errors, the process will not start. It is done intentionally to decrease unnecessary memory usage. Script runner runs a service called **lua-runner**. If the script doesn't start or does not work correctly, a user can launch a debug session from the command line interface and find out what problem is causing it to not work. To launch a debugging session, a user should stop the script from the web interface and run the **lua-runner** command with respective flags and configuration as in the table given below. Procedure for lua-runner service debugging: - **Step 1**: The script must be stopped through a web interface. - **Step 2**: After the script is stopped it must be started with the preferred configuration file (JSON files found in /etc/lua-runner, and the name corresponds to device\_alias) and a debug level 7: **lua-runner ­-c /etc/lua-runner/device\_alias.json ­-d7 -e.** - **Step 3**: Once the problem is diagnosed normal operations can be resumed by starting the script through a web interface.# 22 MQTT ### Introduction MQTT (short for MQ Telemetry Transport) is an open OASIS and ISO standard (ISO/IEC PRF 20922) lightweight, publish-subscribe network protocol that transports messages between devices. The protocol usually runs over TCP/IP, although its variant, MQTT-SN, is used over other transports such as UDP or Bluetooth. It is designed for connections with remote locations where a small code footprint is required or the network bandwidth is limited. The broker acts as a post office, MQTT doesn’t use the address of the intended recipient but uses the subject line called “Topic”, and anyone who wants a copy of that message will subscribe to that topic. Multiple clients can receive the message from a single broker (one-to-many capability). Similarly, multiple publishers can publish topics to a single subscriber (many to one). Each client can both produce and receive data by both publishing and subscribing, i.e. the devices can publish sensor data and still be able to receive the configuration information or control commands. This helps in both sharing data and managing and controlling devices. With MQTT broker architecture the devices and applications become decoupled and more secure. MQTT might use Transport Layer Security (TLS) encryption with a user name, password-protected connections, and optional certifications that require clients to provide a certificate file that matches the server’s. The clients are unaware of each other's IP address. The broker can store the data in the form of retained messages so that new subscribers to the topic can get the last value straight away. The main advantages of an MQTT broker are: - Eliminates vulnerable and insecure client connections - Can easily scale from a single device to thousands - Manages and tracks all client connection states, including security credentials and certificates - Reduced network strain without compromising the security (cellular or satellite network) Each connection to the broker can specify a quality of service measure. These are classified in increasing order of overhead:
- At most once - the message is sent only once and the client and broker take no additional steps to acknowledge delivery (fire and forget). - At least once - the message is re-tried by the sender multiple times until acknowledgement is received (acknowledged delivery). - Exactly once - the sender and receiver engage in a two-level handshake to ensure only one copy of the message is received (assured delivery).
### Using WCC Lite as an MQTT Client MQTT serves as an alternative for protocols conforming to IEC standards, for example, to send data to a cloud infrastructure that supports MQTT instead of IEC-60870-5-104.

WCC Lite supports MQTT messaging compatible with MQTT v3.1 standard (starting from version **v1.4.0**). Such messaging is possible via mapping of Redis and MQTT data therefore data can be transmitted from any protocol that is supported by WCC Lite.

All standard functions, except for data encryption, are supported. Encrypted messages are not supported yet, therefore to ensure security a user would have to use a VPN service. A user can choose from three different Quality of Service levels, select if messages are to be retained, authenticate users and optionally send Last Will messages. To configure WCC Lite a user can fill in the needed parameters in Excel configuration. These parameters are shown in the two tables below. Table. MQTT parameters for the Devices tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestring User-friendly device name Yes
device\_aliasstring Device alias to be used in the configuration Yes
enablebooleanEnabling/disabling of a device No001
protocolstring Selection of protocol Yes MQTT
ipstring MQTT broker IP address/Domain name selection Yes
portintegerMQTT broker port selection No1883
enable\_thresholdbooleanA parameter to determine if identical values should not be sent multiple times in a row. No101
mqtt\_qosintegerMQTT Quality of Service for the message as in standard No002
mqtt\_retainbooleanSelecting if the MQTT broker should retain the last received messages No001
usernamestring MQTT user name Yes
passwordstring MQTT user passwordYes
auth string Selecting if TLS should be usedYes none, password, tls
ca\_certificate string Certificate authority file for TLS connection Yes (If auth=tls)
client\_certificatestring Client certificate file for TLS connectionYes (If auth=tls)
client\_keystring The private key that corresponds to the client certificate for TLS connection Yes (If auth=tls)
use\_last\_willbooleanSelecting if MQTT should use the Last Will and Testament functionality (Default: False) No001
last\_will\_topicstring Topic to which an MQTT message would be sent if the device abruptly disconnected the message broker Yes (If use\_last\_will=True)
last\_will\_messagestring Message to be sent over MQTT if the device abruptly disconnected message broker No
last\_will\_qos integerMQTT Quality of Service selection as in standard No002
last\_will\_retain booleanSelecting if the MQTT broker should retain the last will message No001
client\_id stringUser-friendly name for client ID No
To map the signal to send through the MQTT client, it should have its device\_alias and signal\_alias mapped to source\_device\_alias and source\_signal\_alias respectively. Table. MQTT parameters for the Signals tab
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
signal\_namestringUser-friendly signal name Yes
device\_aliasstringDevice alias from a Devices tab Yes
signal\_aliasstringUnique signal name to be used Yes
source\_device\_aliasstringdevice\_alias of a source device Yes
source\_signal\_aliasstringsignal\_alias of a source signal Yes
enablebooleanEnabling/disabling of an individual signal No101
log integerAllow signal to be logged. Log signal with 1 and no logging with 0. No0
topicstringTopic name to override the value built by default No
periodic\_update\_msintegerSignal value is published periodically according to the value set. No---
### MQTT data format The format of a MQTT message is a bit different than Redis messages. Redis messages are supported as CSV strings: value, timestamp, flags (where value can be float, integer or nan; timestamp - Unix timestamp in milliseconds; flags contain additional information about a measurement). MQTT messages are supported as value, timestamp, and quality (where value can be float, integer or nan; timestamp - Unix timestamp in milliseconds; quality shows if a value is to be considered valid). Quality parts of a string are always equal to 1 except for Redis messages containing invalid (IV), non-topic (NT) and/or overflow (OV) flags. As mentioned, the MQTT client acts as an adapter between Redis and MQTT, therefore data from the topic in Redis is written to a topic in MQTT. Therefore mqtt-client has to know the mapping table before starting. This table is saved at /etc/elseta-mqtt.json. Every Redis topic name is constructed as tag/\[device\_alias\]/\[signal\_alias\]/\[direction\]. Prefix tag/ is always used before the rest of the argument. `device_alias` and `signal_alias` represent columns in Excel configuration. Direction can have one of four possible values - rout, out, in, rin; all of which depend on the direction data is sent or acquired protocol-wise. The same Redis topic structure is preserved in MQTT by default making it easier to find matching signals, however, as no recalculation is done by MQTT and only PUBLISH messages are now supported, only Redis signals within direction have their MQTT mappings. A user can create and select his topic name in Excel configuration, in the topic column. As no recalculation is done by MQTT and only PUBLISH messages are now supported, only Redis signals within in direction have their MQTT mappings. ### Debugging a MQTT protocol If the configuration for MQTT is set up, a handler for the protocol will start automatically. If the configuration is missing parameters or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. MQTT Client command line debugging options `mqtt-client`
``` -h [ –help ] Display help information -c [ –config ] Configuration file location (default - /etc/elseta-mqtt.conf) -V [ –version ] Show version -d [ –debug ] Set debugging level -r [ –redis ] Show REDIS output -m [ –mqtt ] Show MQTT output ```

If the MQTT Client does not work properly (e.g. no communication between devices, data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why the link is not functioning properly.

To launch a debugging session, a user should stop `mqtt-client` process and run `mqtt-client` command with respective flags as was shown above.

# 23 Data Export ## General Various protocols are made to transmit data points as they are generated. This is enough for a lot of systems (e.g. SCADA) that have their databases and devices only have to buffer fairly recent messages in case of connection or transmission errors. However, there is frequently a need to save and keep the data in files, grouped in batches, and later transmit these batches to a remote server via HTTP(S) or FTP(S). For this purpose, a dedicated protocol has been created and called **Data export.**

Data export functionality is available since firmware version v1.5.0, of WCC Lite.

## Overview Data export service gathers information from other protocols and puts it into files (optionally compressing them) after a timeout or when data buffers fill up; eventually periodically sending them to a server. HTTP(S) and FTP(S) servers with optional authentication are supported. A user can optionally choose between ISO8601 and UNIX timestamp time formats (the latter being the default value). More than one instance can be set up, for instance, some of the information can be sent to an FTP server, while others could be transmitted to the HTTP server which can handle POST requests. ## Using WCC Lite for data export To configure WCC Lite to use a data export server a user can fill in the needed parameters in Excel configuration. These parameters are shown in the two tables below. Default values are shown in bold font. *Data export (data-export) parameters for Devices tab table:*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
namestringUser-friendly device name Yes
device\_aliasstringDevice alias to be used in configuration Yes
enablebooleanEnabling/disabling of a device No101
protocolstringSelection of protocol Yes Data Export
timeoutintegerThe time frame during which transmission to the remote server has to be completed (**in seconds**) No5
typestringSelection of file format Nocsv-simplecvs-periodic csv-simple, json-simple, json-samples
hoststringA URL of the remote server where files should be sent Yes
upload\_rate\_sec integerFrequency of generated file uploads (**in seconds)** No60
records\_buffer\_size integerA maximum amount of data change entries to hold before initiating the logging mechanism No100
logging\_period\_sec integerDescribe how frequently the data buffer of records\_buffer\_size is saved to the file No
10
1
3600
log\_folder stringA folder in the WCC Lite file system to save generated files (**”/var/cache/data-export”**) No
timestamp stringSelection of time format Nounixtimestampunixtimestamp, iso8601
compress stringSelection of file compression mechanism Nononenone, gz, tar.gz
compress\_password stringEnable the feature of file password protection No yes, true
csv\_field\_separator stringColumns separator in .csv file format No"," - (comma)"," - (comma) ";" - (semicolon) "." - (dot) " " - whitespace) "|" - (pipe)
csv\_decimal\_separator stringDecimal separator in values No"." - (dot)"." - (dot) "," - (comma)

The same symbols cannot be selected for both csv\_field\_separator and csv\_decimal\_separator. In such case both of them will be set to default values ­ ”.” and ”,” respectively.

The data generation rate may be going to be bigger than what the data buffer can hold (controlled by *records\_buffer\_size* and *logging\_period\_sec*). To make sure that no data loss occurs there’s an additional data logging call made in case the data buffer reaches a *records\_buffer\_size* value. Signals to be sent are configured differently than signals for most other protocols. As data export service only transmits signals and does no data processing, usual signal logic is not used for them. That means that: • Signals for data export service are not seen in the *Imported Signals* tab; • Signals for data export service are configured in a different Excel sheet called DataExport The parameters to be filled in the DataExport sheet are shown in the table below. *Data export (data-export) parameters for the DataExport tab*
**Parameter** **Type** **Description** **Required **Default value** (when not specified) **Range**
Min Max
device\_alias stringDevice alias to be used in configuration Yes Yes
device\_name stringUser-friendly device name as in the Device sheet Yes
tag\_namestringUser-friendly signal name Yes
source\_device\_aliasstringdevice\_alias of a source device Yes
source\_signal\_aliasstringsource\_alias of a source signal Yes
enablebooleanEnabling/disabling of a measurement to be transmitted and logged No101
attributestringAn additional attribute to be attached to a signal No
## Debugging data export service If the configuration for the Data export service is set up, a handler for the protocol will start automatically. If the configuration is missing parameters or contains errors, the protocol will not start. It is done intentionally to decrease unnecessary memory usage. Data export (data-export) command-line debugging options

The below-described parameters for debugging are accessible over the console (SSH).

`-h [--help] Display help information` `-c [--config] Configuration file location` `-V [ –version ] Show version` `-d [ –debug ] Set debugging level` `-R [ –readyfile] Ready notification file` `-p [ –http ] Show HTTP messages` `-r [ –redis ] Show Redis output` If the Data export service does not work properly (e.g. data is corrupted, etc.), a user can launch a debug session from the command line interface and find out why it is not functioning properly. To launch a debugging session, a user should stop data-export processes and run the data-export command with respective flags as in the table above. ## Host URL format rules The parameter host is highly configurable and might contain a considerable amount of information: • *Protocol* - FTP or HTTP (encrypted and encrypted); • *URL address* - both resolved and non-resolved; • *Authentication* - pair of users and/or passwords; • *Port* - useful when non-standard value is used; • *Endpoint* - a place in the server to which a call is made The format for the host parameter can be summarized as: `[ h t t p ( s ) / f t p ( s ) ] : / / [ [ u s e r ] : [ p a s s w o r d ]@] [ URL ] [ : p o r t ] / [ e n d p o i n t ]` Options are printed in square brackets. A protocol has to be selected, otherwise HTTP will be used as a default. The user and password pair is optional, but if the user: password pair is used, it should proceed with the @ sign. HTTP and FTP use default or user-assigned ports. By default HTTP uses port 80, while HTTPS uses port 443, FTP sends data over port 21, FTPS - over port 990. Make sure that these ports are open in the firewall on both the server and client side, otherwise, data will not be sent successfully. Finally, a POST request (for HTTP) or upload (for FTP) can be made to a specific place (endpoint). This endpoint should be described after a URL and port (if used). ## Format of exported data For a server to interpret data, a set of rules for a file format has to be established. ***Csv-simple*** format applies to all files by default and is used as in this example: ``` ###DUID:3182121xx #device name; tag name; value; quality; timestamp; atribute inv1;Ia;236.9,1;1599137189963;Pa ``` Example of additional format *csv-periodic:* ``` ###DUID:318212xxx ##DEVICE:inv1 #Time;Upv1;Upv2;Upv3;Upv4;Upv5;Upv6;Ipv1;Ipv2;Ipv3;Ipv4;Ipv5;Ipv6;Status;Error;Temp;cos;fac;Pac;Qac;Eac;E-Day;E-Total;Cycle Time 2020-09-02T15:45:00Z;462.3;462.3;370.2;370.2;371.2;371.2;1.40;1.43;1.35;1.47;1.21;1.26;512;0;26.3;1.000;50.00;3.217;-0.029;0.28;17.41;54284.53;5; 2020-09-02T15:40:00Z;462.3;462.3;370.2;370.2;371.2;371.2;1.40;1.43;1.35;1.47;1.21;1.26;;512;0;26.3;1.000;50.00;3.217;-0.029;0.28;17.41;54284.53;5; ##DEVICE:meter #Time;Uab;Ubc;Uca;P;Q;S;F;eTOT;Cycle Time 2020-09-02T15:45:00Z;421.3;421.3;421.3;15000;100;15600;50;246894;5; 2020-09-02T15:40:00Z;421.3;421.3;421.3;15000;100;15600;50;246895;5; ``` Example of additional format json-simple*:* ``` { "metadata": { "duid": "318xxxxx", "name": "hostname", "loggingPeriod": "15min", "format": "json" }, "data": [ { "tag_name": "Ia", "device_name": "inv1", "attribute": "Pa", "last": { "value": 12.2, "timestamp": 1213123 }, "min": { "value": 12, "timestamp": 1213123 }, "max": { "value": 12, "timestamp": 1213123 }, "avg": { "value": 12, "timestamp": 1213123 } }, { "tagName": "Ib", "deviceName": "inv1", "attribute": "Pb", "last": { "value": -12.3, "timestamp": 1213123 }, "min": { "value": 12, "timestamp": 1213123 }, "max": { "value": 12, "timestamp": 1213123 }, "avg": { "value": 12, "timestamp": 1213123 } }, ] } ``` Example of additional format json-sample*:* ``` { "metadata": { "duid": "318xxxxx", "name": "hostname", "loggingPeriod": "15min", "format": "json-samples" }, "data": [ { "tag_name": "Ia", "device_name": "inv1", "attribute": "Pa", "timestamp":{ "first": 123123, "last": 123236 }, "first": { "value": 12.2, "timestamp": 1213123 }, "last": { "value": 12.2, "timestamp": 1213123 }, "min": { "value": -12, "timestamp": 1213123 }, "max": { "value": 12, "timestamp": 1213123 }, "avg": { "value": 12, "timestamp": 1213123 }, "samplesCount": 2, "samples": [ {"value": 12, "timestamp": 1213123, "quality": true}, {"value": -12.3, "timestamp": 1213123, "quality": true} ] } ] } ```# 24 Certificates Devices that send unencrypted data are susceptible to attacks which might cause deliberate damage to the user system. Therefore it is highly advised to use cryptography to secure sensitive data. WCC Lite offers means to easily store certificates for their later usage. Some protocols, namely IEC­60870-­5-­104 Slave, DNP v3.0 Slave and Master might be configured to send data over TCP/IP. For these protocols, a secured connection over TCP/IP using TLS certificates can be made. For this purpose, certificate storage has been created and is available since firmware version 1.3.0. To make storage secure, multiple steps have been taken: - By default certificate storage is only accessible for root users and users with group level 15 permissions; - By default, certificates are not added to the backup to avoid private key leakages; Private keys should never be revealed to the public - By default, certificates are deleted after system upgrade; - Only basic information is shown on a web interface; Certificates can be uploaded, deleted but not downloaded Certificates can be split into three parts ­ local (private) certificates, certificates from peers (usually called Certificate Authority (CA)) and private keys. It has to be noted that all of these certificates sometimes can be found in one file, therefore ideally a user should have at least a minimal understanding of the formats in which certificates are stored. Certificates should conform to the X509 standard. The difference between local certificates and certificate authority certificates is that only certificate authority generates certificates for others. Therefore Issuer and Subject fields are always the same for certificate authority certificates whereas they differ for local certificates. Both of these certificates are usually stored in a device to validate if incoming connections have valid certificates and are to be trusted. Both of the certificates have the public key which together with the public key enables encrypted connections. The private key is a text file used initially to generate a Certificate Signing Request (CSR), and later to secure and verify connections using the certificate created per that request. It usually contains a unique hash made in a way that chances of guessing it by using brute force are technically infeasible. The private key should be closely guarded since anyone with access to it uses it in nefarious ways. If you lose your private key or believe it was compromised in any way, it is recommended to re­key your certificate – reissue it with a new private key. To make certificate upload more intuitive, certain restrictions are imposed. Only files with certain extensions (\*.crt, \*.pem, \*.der, \*.key) can be uploaded. Trying to upload other files will result in an error message. Certificate storage should be considered a folder with certain access restrictions, therefore file names should be unique for every file. It should be noted that this chapter only reviews main certificates and suggests means to use them for Protocol Hub services. Certificates can also be used for other causes, e.g. to secure VPN connections. For the sake of simplicity, uploading certificates and their usage are explained in their respective chapters where applicable. Interface for certificate storage [![image-1704979328262.png](https://wiki.elseta.com/uploads/images/gallery/2024-01/scaled-1680-/image-1704979328262.png)](https://wiki.elseta.com/uploads/images/gallery/2024-01/image-1704979328262.png) To get more details about how one could use TLS for Protocol Hub protocols please check the section Excel configuration format. To find out more about why certificates help keep devices secure please check the section [Cyber security](https://wiki.elseta.com/link/914#bkmrk-page-title) or check X.509 and RFC 5755 standard.# 25 Cyber security WCC Lite is based on the OpenWRT operating system. OpenWrt is described as a Linux distribution for embedded devices. WCC Lite has the same functionality as Linux OS including user management. Basic configuration on WCC Lite can be done using a web-based frontend. More advanced configuration is available over the terminal interface. For secure web access, WCC Lite can be accessed via HTTPS (TLS) instead of the unencrypted HTTP protocol. You can use the openssl utility to generate your certificate authority and certificates to be used on the web interface. Certificates can also be named or placed in whatever directory you wish by editing /etc/lighttpd/lighttpd.conf. The terminal is accessible over Telnet or SSH. For security reasons, we strongly recommend to use SSH. SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of utilities that implement the protocol. Secure shell provides strong authentication and secure encrypted data communications between two computers connecting over an insecure network such as the Internet. SSH is widely used by network administrators for managing systems and applications remotely, allowing them to log in to another computer over a network, execute commands and move files from one computer to another. ### User rights Depending on the user name, different rights are defined: the admin is generally entitled to make changes while the user does not have any editing permissions, and the relevant buttons are disabled. Users can be assigned to one of fifteen user groups that can access different amounts of device parameters. The highest (fifteenth) permission level grants the same permission as the root user has. User group rights can be edited to give more rights or restrictions, except for the highest (15th) level. #### User management and rights authentication WCC Lite provides different authentication mechanisms: - Authentication via locally stored credentials. In this scenario, all users, passwords and permissions are encrypted and stored in internal WCC Lite storage. - Authentication via external RADIUS Server. In this scenario, all users, passwords and permissions (profiles) are defined in the remote RADIUS Server. Login into WCC Lite is available only if the RADIUS Server will grant authentication and will provide a user profile with user rights on that device (more detailed description below). This also means that a password for such a user cannot be changed remotely. - Authentication via external RADIUS Server with fallback option. In this scenario, users will be authenticated via the RADIUS server. If the server fails to respond (configured timeout is passed) WCC will use locally stored credentials. Fallback options are selected with PAM configuration. By default, only authentication via locally stored credentials is allowed. For authentication via an external RADIUS server, a user should first enable the RADIUS process and configure at least one server. #### Locally stored credentials management The device has predefined default users like *root* and *user.[![image-1689334357068.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689334357068.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689334357068.png)* *Screen containing all users* [![image-1689334395442.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689334395442.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689334395442.png) Screen for new user configuration **the root** user has full permission set to connect to WCC Lite over the web interface and SSH or Telnet. This user is the default user on WCC Lite and cannot be deleted. However, it is highly advised to change the default password to a different one less susceptible to attacks. **user** is a limited user on the system and can’t get root rights. A default password for access via the command­ line interface and the web interface is ***wcclite***. It is advised to change this password to increase the level of security. The system allows customers to set up even more users with well-known commands like *adduser, passwd* and *userdel.* More users can also be added or edited via web interface as shown in the figures above. The user should enter a user name, user groups to which the user should belong (the group must be preconfigured first), SSH access permission as well as password. When editing user settings, only *User Group* and *SSH Access* permission can be changed. To change the user password, the *Change Password* button should be pressed as seen in the figure above to lead the user to a screen seen in the figure below. [![image-1689334539352.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689334539352.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689334539352.png) Changing user password A user needs to be assigned to the **root** group for admin rights and have root access

It should be noted that assigning a user to a root group only gives complete authority over the web interface. Permissions for a command­ line interface should be given by a root user via command­ line interface.

The following commands may be used in the command line interface for user control: **adduser** -­ create a new user or update default new user information When invoked without the **­-D** option, the *adduser* command creates a new user account using the values specified on the command line plus the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user’s home directory and copy initial files. **passwd** -­ change user password The *passwd* command changes passwords for user accounts. A normal user may only change the password for his/her account, while the superuser may change the password for any account. *passwd* also changes the account or associated password validity period. **deluser** -­ delete a user account and related files The *deluser* command modifies the system account files, deleting all entries that refer to the user name LOGIN. The named user must exist.

If a user intends to use a newly created user account via both the command­line interface and web interface he should create and delete users via the web interface and not use adduser and deluser commands as they don’t create uci entries.

For more information about controlling users via the command line interface, one should refer to Linux documentation. #### Authentication via external service WCC Lite supports external authentication via the RADIUS service. Remote Authentication Dial­In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server. RADIUS is often the back­end of choice for 802.1X authentication as well. The RADIUS server is usually a background process running on a UNIX or Microsoft Windows server. In WCC Lite RADIUS Client is implemented since WCC Lite software version v1.2.4. The user sends a request to a WCC Lite to gain access to access using access credentials posted in an HTTP/HTTPS WCCLite web login form This request includes access credentials, typically in the form of a username and password. Additionally, the request may contain other information that the Device knows about the user, such as its network address or information regarding the user’s physical point of attachment to the device. The RADIUS server checks that the information is correct using authentication schemes such as PAP, CHAP or EAP. The user’s proof of identification is verified, along with, optionally, other information related to the request, such as the user’s network address, account status, and specific network service access privileges. Historically, RADIUS servers checked the user’s information against a locally stored flat file database. Modern RADIUS servers can do this or can refer to external sources—commonly SQL, Kerberos, LDAP, or Active Directory servers—to verify the user’s credentials. The RADIUS server then returns one of two responses to the WCC Lite: 1. **Access-Reject** -­ The user is unconditionally denied access to all requested resources. Reasons may include failure to provide proof of identification or an unknown or inactive user account. 2. **Access-Accept** ­- The user is granted access. Once the user is authenticated, the RADIUS server will periodically check if the user is authorized to use the service requested. A given user may be allowed to get admin rights or user rights depending on permissions set on the RADIUS Server. Again, this information may be stored locally on the RADIUS server or may be looked up in an external source such as LDAP or Active Directory. To use this mechanism a RADIUS server must be configured. The parameter Radius Authentication must be Enabled on WCC Lite. As of firmware version 1.2.13, the RADIUS service is disabled by default. The service can be enabled at System­ -->Startup. If the RADIUS authentication is enabled, WCC Lite uses the RADIUS server IP address and the RADIUS shared secret key for communication with the External RADIUS Server. After entering the login credentials and login attempt, WCC Lite sends these credentials to the RADIUS server for authentication. If the RADIUS server is available, it compares the login credentials: - If the comparison is successful, the RADIUS server returns the specific user role and Access-Accept; - If the login credentials are invalid, the Radius Server returns Access­-Reject and the logon fails. - If the RADIUS server is not available and the fallback option is disabled login into WCC Lite will be impossible. If the RADIUS server is not available and timeout occurs, login will be attempted via local login credentials. *Enabled:* Enables or disables this server. *Hostname/IP:* Hostname or IP address of RADIUS server. *Timeout:* Timeout in seconds to wait for server response. *Shared* secret: Key shared between RADIUS server and RADIUS client. *Add:* Adds auxiliary (backup) server. #### Audit Log WCC Lite OS with version >1.2.0 has integrated Audit logging for important events such as: - Login/logout. - Wrong password attempts to log into the system. - Device boot event, when the system was started. - Device reboot/halt event. - Configuration changes. - Firmware changes. - Date and time changes in the system (excluding automatic system time updates over NTP or IEC 60870­5­10x protocol)

Enabling external system log server setup in System properties ­--> Logging is recommended. The system stores logs in RAM by default due to limited flash storage. Rebooting or powering off the device will result in a loss of log history.

#### Secure your device’s access There are some possibilities to grant access to the device (or to any PC/Server): 1. ask for nothing: anybody who can establish a connection gets access 2. ask for a username and password on an unsecured connection (e.g. telnet) 3. ask for a username and password on an encrypted connection (e.g. SSH) (e.g. by following firstlogin) 4. ask for a username and merely a signature instead of a password (e.g. SSH with signature.authentication) If you ask for a username/password, an attacker has to guess the combination. If you use an unencrypted connection, he could eavesdrop on you and obtain them. If you use an encrypted connection, any eavesdropper would have to decrypt the packets first. This is always possible. How long it takes to decrypt the content, depends on the algorithm and key length you used. Also, as long as an attacker has network access to the console, he can always run a brute­force attack to find out the username and password. He does not have to do that himself: he can let his computer(s) do the guessing. To render this option improbable or even impossible you can: - not offer access from the Internet at all, or restrict it to certain IP addresses or IP address ranges - by letting the SSH server dropbear and the web­Server lighttpd not listen on theexternal/WAN port - by blocking incoming connections to those ports (TCP 22, 80 and 443 by default) in yourfirewall - make it more difficult to guess: - don’t use the username root - don’t use a weak password with 8 or less characters - don’t let the SSH server dropbear listen on the default port (22) - use the combination of: - username different than the root - Tell Dropbear to listen on a random port (should be >1024): **System --> Administration -->Dropbear Instance --> Port** - public key authentication. Your public keys can be specified in **Administration --> System > SSH­keys**. An older guide to DropBear SSH public key authentication has detailed information on generating SSH keypairs which include the public key(s) you should upload to your configuration. ### Groups rights If the user is logged on via an external server, its authentication level is acquired. As no direct mapping to existing users is used, authentication levels are a way to grant proper permissions for external users. WCC Lite uses a CISCO­ authentication system, meaning that there are fifteen different permission set level settings, of which the first 14 can be configured to enable or disable View and Edit permissions. #### SSH Access SSH Access of WCC Lite is made by the Dropbear software package. To extend the basic functionality, the Pluggable Authentification Module (PAM) for RADIUS is used. This enables users to add their authentification modules as long as they are properly configured. Fifteen levels of authorization are mapped for SSH access, meaning that the user should be able to access SSH with credentials used to log into the web interface. However, one should note that permissions in the command line interface are not configurable via the web interface. This means that the first fourteen levels are restricted to basic permissions made by creating a group by default. Highest level user has all the permissions the root user has. If a user intends to change permissions for user groups, it should be done via command line interfaces. It is only advised for advanced users. #### Web interface permissions Fifteen levels of authorization permission are mapped for web interface access, meaning that the user should be able to access the web interface with credentials used to log into the command line interface. Users assigned to the highest authorization level group can access every possible screen therefore this groups cannot be edited. The figure below shows a screen containing already existing groups in a device. Pressing *Add New Group...* guides the user to an *Edit group* screen, with *Edit* and *Delete* buttons respectively user can Edit and Delete the configuration of a given user group. [![image-1689335982520.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689335982520.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689335982520.png) Screen showing existing user groups[![image-1689336022397.png](https://wiki.elseta.com/uploads/images/gallery/2023-07/scaled-1680-/image-1689336022397.png)](https://wiki.elseta.com/uploads/images/gallery/2023-07/image-1689336022397.png) Screen for user group editing Edit group screen for an individual group can be seen in Figure above. Group name doesn’t have any specific purpose for RADIUS, but it enables naming groups with words most meaningful for a given context. Access level values can only be integers between 1 and 14, other values will result in an error message only unconfigured levels are shown in a dropdown list when configuring. Other fields are dedicated to an individual menu configuration. To add more first-level menus user should select from a dropdown list at the bottom named *–Additional Field–* and press Add. Permissions for the web interface are split into two parts: *View* and *Edit.* *View* permissions can be assigned to second-level menus meaning that only allowed subtabs are shown for a user. Selecting the *View* checkbox shows more parameters containing all the subtabs (submenus). If a user can access a given screen, it means all of the actions in that screen are available to be executed. Therefore, if a user with a lot of restrictions shouldn’t, for example, import Excel configuration to WCC Lite, a tab containing this action (*Protocol Hub­>Configuration*) should be disabled in his groups' configuration. *Edit* permissions can be assigned to first-level menus meaning that if this permission is given, every configuration in the first-level menu can be saved and applied successfully ### Conformance to IEC 62351 standard IEC 62351 is a standard developed by WG15 of IEC TC57. This is developed for handling the security of TC 57 series of protocols including IEC 60870­5 series, IEC 60870­6 series, IEC 61850 series, IEC 61970 series and IEC 61968 series. The different security objectives include authentication of data transfer through digital signatures, ensuring only authenticated access, prevention of eavesdropping, prevention of playback and spoofing, and intrusion detection. Conformance to the IEC 62351 standard of WCC Lite devices is described in the table below. Conformance to IEC 62351 standard
**Standard****Description** **Topic** **Implemented** **Version**
IEC 62351­-3 Security for any profiles including TCP/IPTLS EncryptionYes>=1.3
Node Authentication using X.509 certificatesYes>=1.3
Message AuthenticationYes>=1.3
IEC 62351­-4Security for any profiles including MMSAuthentication for MMSYes>=1.5
TLS (RFC 2246)is inserted between RFC 1006 & RFC 793 to provide a transport layer securityYes>=1.5
IEC 62351­-5Security for any profiles including IEC 60870­5TLS for TCP/IP profiles and encryption for serial profilesNo
IEC 62351­-6Security for IEC 61850 profilesVLAN use is made mandatory for GOOSENo
RFC 2030 to be used for SNTPNo
IEC 62351­-7Security through network and system managementDefines Management Information Bases (MIBs) that are specific for the power industry, to handle network and system management through SNMP-based methodsNo
IEC 62351­-8Role­-based access controlCovers the access control of users and automated agents to data objects in power systems using role­based access control (RBAC)Yes>=1.2.6
IEC 62351­-9Key ManagementDescribes the correct and safe usage of safety-­critical parameters, e.g. passwords, encryption keys.No
Covers the whole life cycle of cryptographic information (enrolment, creation, distribution, installation, usage, storage and removal)No
Methods for algorithms using asymmetric cryptographyNo
A secure distribution mechanism based on GDOI and the IKEv2 protocol is presented for the usage of symmetric keys, e.g. session keysNo
IEC 62351­-10Security ArchitectureExplanation of security architectures for the entire IT infrastructureNo
Identifying critical points of the communication architecture, e.g. substation control centre, substation automationNo
Appropriate mechanisms security requirements, e.g. data encryption, user authenticationNo
Applicability of well­proven standards from the IT domain, e.g. VPN tunnel, secure FTP, HTTPSNo
IEC 62351­-11Security for XML FilesEmbedding of the original XML content into an XML containerNo
Date of issue and access control for XML dataNo
X.509 signature for authenticity of XML dataNo
Optional data encryptionNo
# 26 SMS Receiver # 26.1 Introduction SMS receiver is a service responsible for command execution that was received via text message. The service is available on WCC Lite with the modem. To use this service a working SIM card is also required. This chapter will describe command types and configuration for WCC Lite as well as an example of the said configuration. # 26.2 SMS Receiver There are two types of command signals used in SMS Receivers: 1. System: - reboot wcc/reboot modem – when sending a message with text *reboot, the* device starts rebooting and after successful reload sends back a message to the sender with text REBOOT OK. - switch sim – after sending a message with text *switch-sim, the* device should switch sim and send an SMS from the new sim card with the interface name and IP address. - Show IP – the sender can request the IP address of the receiving device. 2. Signal: - publish – executes *publish* to a certain tag after sending a text message, which will be indicated in the configuration field tag\_job\_todo. For example, if tag\_job\_todo is led=%f, after sending a text message *led=1*, a publish will happen to a tag that's linked with this signal. ##### Configuration Devices sheet:
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
MinMax
namestringUser-friendly name for a deviceYes
descriptionstingDescription of a deviceNo
device\_aliasstringAlphanumeric string to identify a deviceYes
enablebooleanEnabling/disabling of a deviceNo101
protocolstringProtocol to be used Yes sms receiver
hoststringTelephone number from which to receive SMS Yes \[all, +37061111111\] (case-sensitive, separated by command or space)
When the host is set to all, only the job\_todo=signal type is allowed. Signals sheet:
**Parameter** **Type** **Description** **Required** **Default Value** (when not specified) **Range**
MinMax
signal\_namestringUser-friendly signal nameYes
device\_aliasstring Alphanumeric string to identify a deviceYes
signal\_aliasstringUnique alphanumeric name of the signal to be Yes usedYes
enablebooleanEnabling/disabling of an individual signalNo101
job\_todostring Choose command typeYes \[SIGNAL, SYSTEM\] (case-insensitive)
tag\_job\_todostringwhich command to execute (if signal, then configure the SMS) \[REBOOT WCC, REBOOT MODEM, SWITCH SIM, SHOW IP, <CUSTOM>%F\] (case-insensitive)
When configuring the publish signal, the command which will be received needs to be specified. Instead of %f a number will be sent to the receiver as a text message. For example, if the configuration specifies that tag\_job\_todo is led=%f, then after sending a message to a device led=50, the signal will publish a number 50 to an indicated tag. ##### Configuration example The following example will show how to create a configuration for WCC Lite which would allow rebooting a device or modem, changing the active SIM card, showing the IP address and turning on the red status LED, using SMS receiver and internal data. For this 2 working SIM cards and WCC Lite with modem will be needed. The devices sheet should look like this: [![image-1686311153046.png](https://wiki.elseta.com/uploads/images/gallery/2023-06/scaled-1680-/image-1686311153046.png)](https://wiki.elseta.com/uploads/images/gallery/2023-06/image-1686311153046.png) For the device *SMS receiver admin* host should be changed to a phone number from which commands will be received, because for this device signals will be system type. For the device SMS receiver host can be either all or the same phone number. Signals sheet: [![image-1686050114765.png](https://wiki.elseta.com/uploads/images/gallery/2023-06/scaled-1680-/image-1686050114765.png)](https://wiki.elseta.com/uploads/images/gallery/2023-06/image-1686050114765.png) Signal LED red fault is linked with signal sms-led as a source. This means that after sending an SMS message to a device with text led=1, red status led will turn on. The rest of the signals are system type so after sending an SMS message a certain event will happen. For example, after sending a message with the text reboot-wcc, the device should start rebooting and after the process is done it will send back a message "REBOOT WCCLITE OK". The same thing would happen after rebooting the modem. With system signals it is also possible to switch between SIM cards or request IP address via text message. Configuration --> [Download](https://wiki.elseta.com/attachments/106)