Bell 202 T 4-Wire Modem Over IP MPLS Ethernet
Rack Mount and Power Supply Options
Rear Panel: 12/30 VDC ADAPTER (option)
Rear Panel 12/30 VDC with Screw Term Adapter (option)
Rear Panel 12/30 VDC with Negative 48 VDC Screw Term Adapter (option)
IP•Tube CEP 202T
Bell 202T 4-Wire Modem Over IP MPLS Ethernet
IP•Tube CEP 202T
Bell 202 T 4-Wire Modem Over IP MPLS Ethernet
SIZE
9" (L) x 7.3” (W) x 1.50” (H)
Overview
Flexible Bell 202 Serial Data Extensions over Packet Networks
The IP•Tube CEP 202T has integrated Bell 202T modem interfaces that connect to the Bell 202T 4 Wire modem interface of Data Communication Equipment and transports their serial communication over IP & MPLS Packet networks. This conversion facilitates a cost effective path for Utility and Pipeline industries to migrate their SCADA communication from end of life analog circuits to Ethernet based LAN/WAN/MAN wired and wireless networks.
Utility and Pipeline industries use 4 wire leased line communication circuits to connect remote SCADA equipment to control centers. A significant number of SCADA Remote Telemetry Units only have integrated 4 wire modem interfaces. The IP•Tube CEP 202T extends the life of proven SCADA systems by converting 4 Wire modem interfaces to Ethernet for IP or MPLS Packet network connectivity.
Asynchronous Serial Over IP
SCADA Protocol Transparency
IP•Tube CEP 202T Standard Features
IP•Tube CEP Management
IP•Tube CEPs isolate management and data plane functionality with the use of two separate processor modules. Management processor access is limited to SSH or SNMPv3 encrypted sessions that employ AES256 bit keys and sophisticated NIST passwords. These sessions may be established after authentication via TACACS+ or Radius.
The independent Linux based management plane of the IP•Tube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor.
Administration and User Logs are available with Syslog.
CEP management security features include:
• Administrative policies for adding, removing, disabling and renaming authorized users; limiting user access to assigned commands; and enabling only desired port numbers.
• User authentication directly or in conjunction with TACACS+ or RADIUS servers including RSA SecureID support for two factor trusted compliance.
• An SSH command interface encrypting management traffic with powerful 256 bit symmetric keys and NIST based passwords.
• Support of the SNMPv3 protocol for secure connectivity to SNMP element managers.
• In addition, administrative accounting data can be reported to syslog servers with accurate timestamps provided by an NTP source.
Dual LAN Interfaces
All IP•Tube CEP 202T models ship with dual 10/100 BaseT Ethernet LAN ports. The dual Ethernet interfaces provide for:
- Management interface on LAN port 2 when LAN port 1 is connected to a VPN tunnel
- Protector Option for Redundant Packet Path connections with Constant or Switch Over Criteria
Assured Delivery Protocol
In order to assure high quality communications over links with intermittent or noisy performance, such as Wireless, the IP•Tube CEP 202T employs Engage’s robust Assured Delivery Protocol with the following benefits:
• Packet out of sequence detection and re-sequencing
• Duplicate skipping
• Lost packet retransmissions with configured delay
IP•Tube CEP 202T Optional Features
Protector Option -PRO
IP•Tube CEPs isolate management and data plane functionality with the use of two separate processor modules. Management processor access is limited to SSH or SNMPv3 encrypted sessions that employ AES256 bit keys and sophisticated NIST passwords. These sessions may be established after authentication via TACACS+ or Radius.
The independent Linux based management plane of the IP•Tube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor.
Administration and User Logs are available with Syslog.
CEP management security features include:
• Administrative policies for adding, removing, disabling and renaming authorized users; limiting user access to assigned commands; and enabling only desired port numbers.
• User authentication directly or in conjunction with TACACS+ or RADIUS servers including RSA SecureID support for two factor trusted compliance.
• An SSH command interface encrypting management traffic with powerful 256 bit symmetric keys and NIST based passwords.
• Support of the SNMPv3 protocol for secure connectivity to SNMP element managers.
• In addition, administrative accounting data can be reported to syslog servers with accurate timestamps provided by an NTP source.
Applications
SCADA
The volume application for the IP•Tube CEP 202T is the conversion of legacy serial communication interfaces of Utility SCADA systems from leased telco circuits to IP and MPLS packet services.
Legacy Utility SCADA installations utilize technology that was designed decades ago. Many substations have proprietary or bit orientated SCADA communication protocols that require the constant delay of circuits.
Engage adapted our Serial Circuit Emulation technology to facilitate the transparent transport of Serial SCADA over packet networks and to comply with the unique Utility industry specifications required by NERC. NERC is the Electric Reliability Corporation for North America, subject to oversight by the Federal Energy Regulatory Commission and governmental authorities in Canada. NERC’s jurisdiction includes users, owners, and operators of the bulk power system.
A NERC reliability standard mandates that SCADA systems have Data Center Front End redundancy. The IP•Tube CEP RS232 at the Substations support from 1 to 4 Data Center redundant and diversely routed connections.
NERC -CIP mandates control center redundancy. RTUs must be accessible from, and be able to connect to, multiple control centers. IP•Tube CEP continuously monitors connectivity to the active control center and automatically switches to the active backup control center (1 to 4 supported).
- Meets NERC mandates for control center redundancy
- Preserves investment in RTU and Central site SCADA
- Facilitates control center redundancy with IP flexibility
- Supports up to four redundant control centers
- Redundant and diverse connectivity
NERC is committed to protecting the bulk power system against cybersecurity compromises that could lead to misoperation or instability. Engage incorporated a sophisticated locked-down embedded Linux based management module into the IP•Tube CEP that exceeds the NERC -CIP cybersecurity standards and is upgradeable to support future standards.
Management module isolates management and data plane functionality with the use of two separate processors modules. Management processor access is limited to encrypted sessions via SSH, or SNMPv3, that employ AES 256 bit keys and sophisticated NIST passwords. These sessions may be established after authentication via TACACS+.
The independent Linux based management plane of the IP•Tube CEP ensures Critical Infrastructure Data is isolated from management network access. The Management Module uses internal serial ports to connect to the Data Plane processor. Administration and User Logs are available with Syslog.
The IP•Tube CEP installations achieve NERC CIP compliance with a combination of internal and external functions.
Internally the Management Module software has the sophistication to implement comprehensive policies and privileges for administrator and user accounts. Administrator policy includes removal, disabling or renaming.
Interoperability with external functions such as Syslog, Network Timing Protocol TACACS+ and RADIUS with its support for RSA SecureID delivers trusted compliance.
Multi-Drop
In order to minimize the number of analog telephone circuits required to connect Data Center Front End SCADA controllers to Substation Remote Terminal Units Multi-Drop communication protocol was implemented. The CEP Multi-Drop feature allows a single RS-232 SCADA host connection to communicate with up to 8 remote terminals over a packet based network. The IP•Tube CEP transparently supports Multi-Drop by simultaneously transmitting IP packetized Front End SCADA messages to up to eight remote IP•Tube CEPs. The IP•Tube CEP connected to the addressed RTU detects a control signal and sends the SCADA response back to the Serial interface connected to the Front End polling port.
Electronic Security Perimeter
The IP•Tube CEP in combination with industry standard services meets the Electronic Security Perimeter's NERC CIP-005 specifications. In addition Control Plane isolation from the Data plane provides a higher level of security for the Cyber Assets.
CIP-005 Requirement & IP•Tube CEP Solutions
R2.1 - Deny Access by Default
Solution: Accounts must be created to allow access
R2.2 - Enable only needed ports
Solution: Each Port may be enabled or disabled
R2.4 - Strong Technical Controls
Solution: RSA's SecureID two-factor Authentication
R3.2 - Unauthorized Access
Solution: Alert messages via Syslog or TACACS+
R5.3 - Access Logging
Solution: Syslog of Access and Command interactions
CIP-005 Requirement
IP•Tube CEP Solution
R2.1 - Deny Access by Default
Accounts must be created to allow access
R2.2 - Enable only needed ports
Each Port may be enabled or disabled
R2.4 - Strong Technical Controls
RSA's SecureID two-factor Authentication
R3.2 - Unauthorized Access
Alert messages via Syslog or TACACS+
R5.3 - Access Logging
Syslog of Access and Command interactions
System Security Management
Access control is Authenticated, Authorized and Accounted for with TACACS+.
Security Patches managed proactively.
CIP-007 Requirement
IP•Tube CEP Solution
R2.1-3 - Ports and Services
Unused Serial Ports and Services are disabled
R3 - Security Patch Management
Kernel and application upgrade alerts
R5.3 - Secure Passwords
Require minimum length, strength, frequencyRequire minimum length, strength, frequency
R6.4 - Security Status Logs
Syslog and AAA via TACACS+
CIP-007 Requirement & IP•Tube CEP Solutions
R2.1-3 - Ports and Services
Solution: Unused Serial Ports and Services are disabled
R3 - Security Patch Management
Solution: Kernel and application upgrade alerts
R5.3 - Secure Passwords
Solution: Require minimum length, strength, frequencyRequire minimum length, strength, frequency
R6.4 - Security Status Logs
Solution: Syslog and AAA via TACACS+
Specifications
LAN Network Interface
- LAN1/LAN2: Two Data Plane 10/100 Base T
- MLAN: Control Plane 10/100 Base T
LAN Network Protocols Supported
- IP, TCP, UDP, ICMP, Telnet, DHCP, DDNS, SSH
- Network Time Protocol - NTP
Modem
- Bell 202T 4-Wire; RJ45 Crossed Wire for Straight Cable
Serial Data
1200 Bits per Second: iSchronous, Asynchronous
Serial Over IP Protocol
- Async Over IP
- TDM Over IP
- Circuit Extension Services Over IP
WAN Network Protocols Supported
- HDLC, SDLC, PPP, Frame Relay
SCADA Protocols Supported
- Conitel, Modbus, DNP, Proprietary, Bit or Byte, AutoBaud
Regulatory
- CE
- Safety -IEC60950
- EMC - CFR 47 Part 15 Sub Part B:2002, EN55022: 1994 + A1 & A2, EN55024, ICES-003 1997, CISPR 22 Level A
Management
Secure Socket Shell - SSH V2 - Session Encryption
Centralized Authentication, Authorization and Accounting
TACACS+, RADIUS, Two Factor Authentication
Syslog with NTP Time Stamping
Console Port for Out of Band Management
SNMP V3 Public and Private MIB support with configured traps
Quality of Service Support
- IP Type of Service (TOS) CLI configured
- IANA Registered UDP Port 3175
- 802.1p/q mac level prioritization
Dimensions
- Dimensions: 9" (L) x 7.3” (W) x 1.50” (H)
Environmental
- 0° to 132° F (-10° to 50°C ) operating temperature
- Up to 90% operating humidity (non-condensing)
- Optional Extended Temperature Range available
Power
- 12-30 VDC
- Screw Locking Connector
- Universal Adapter 100/240 VAC 50/60 Hz
- Optional -48V 0.25 Amp
- Hot Standby
Ordering Information
Chassis Slot Card: IP-Tube CEP 202T
Rack Mount & Power Supply Options:
Part No.
Description
CEP-040-202T-0x*
IP•Tube CEP 202T, *Note: x = Specified Number of MODEMS Ports enabled (1 to 4)
CH-CEP-040-202T-0x*
Chassis Slot Card: IP•Tube CEP 202T, *Note: x = Specified Number of MODEMS Ports enabled (2 or 4)
Optional Features
Optional Features
PRO
Protector Option, Fault Tolerant Network Interconnect. The protector option utilizes the second LAN interface as a redundant path for the interconnection of the IP encapsulated data. The extension of the IP-Tube has a fault tolerant link that is configured to always on, or with switch over criteria. Learn more.
Power Supply Options
Power Supply Options
094-2418
90-220 VAC Universal International/Domestic Adapter
094-2418-R
DUAL REDUNDANT, 90-220 VAC Adapter
094-N48V
Internal Power Module, -48 VDC Screw Terminals
094-N48V-02
DUAL REDUNDANT, -48 VDC Screw Terminals
094-1500
WIREDC Option, +24 VDC Screw Terminals
094-WIREDC-R
DUAL REDUNDANT, +24VDC
Rack Mount Options
Rack Mount Option
095-1000
Rack Mount Kit - for single 7" products (Fits both 19" and 23" racks)
095-2000
2 unit 19" x 1RU Rack Mount Kit for 7" products
095-3000-RTANG
Right Angle Wall Mount Bracket Kit
