R
I'm performing some testing of the 61850 MMS protocol with the GE Multilin 845 and 869 devices using the IEDExplorer tool (rev 0.78) from SourceForge. I'm currently focusing on operator writes.
I know that configuration of the different modes is handled via the XCBR1.Pos.CtlModel which selects either direct or select-before-operate modes with either normal or enhanced security. I've been able to successfully write using direct mode with either normal security (1) or enhanced security (3). For those I send a command structure write to XCBR1.Pos.Oper with the desired Value and Originator Category (REMOTE_CONTROL).
I've also been able to successfully write with normal SBO (2). For that, I first send a read request to XCBR1.Pos.SBO followed by the same write from above to XCBR1.Pos.Oper.
I have not had any success of yet writing SBOw with enhanced security (4). It is my understanding that for SBOw, the fully qualified write structure is first sent to XCBR1.Pos.SBOw as a write command. Upon a successful response, the same structure is once again sent, only this time to XCBR1.Pos.Oper. This is certainly how it works with a device from a different vendor.
For either the 845 or 869, the original SBOw attempt is rejected with an object-access-denied response as per Wireshark.
Do the GE Multilin 845 and 869 devices support SBOw? Is there some special configuration required to enable it? Is there something unique about the write message that would prevent it from being accepted, for example the originator category?
Thank you,
Ron
I know that configuration of the different modes is handled via the XCBR1.Pos.CtlModel which selects either direct or select-before-operate modes with either normal or enhanced security. I've been able to successfully write using direct mode with either normal security (1) or enhanced security (3). For those I send a command structure write to XCBR1.Pos.Oper with the desired Value and Originator Category (REMOTE_CONTROL).
I've also been able to successfully write with normal SBO (2). For that, I first send a read request to XCBR1.Pos.SBO followed by the same write from above to XCBR1.Pos.Oper.
I have not had any success of yet writing SBOw with enhanced security (4). It is my understanding that for SBOw, the fully qualified write structure is first sent to XCBR1.Pos.SBOw as a write command. Upon a successful response, the same structure is once again sent, only this time to XCBR1.Pos.Oper. This is certainly how it works with a device from a different vendor.
For either the 845 or 869, the original SBOw attempt is rejected with an object-access-denied response as per Wireshark.
Do the GE Multilin 845 and 869 devices support SBOw? Is there some special configuration required to enable it? Is there something unique about the write message that would prevent it from being accepted, for example the originator category?
Thank you,
Ron