The Engineering menu will provide you with detailed information about the connection between the MS and the network. This is all information that the MS can meassure by itself or decode from the BCCH which is transmitted from the BTS. The menu only gives readout of parameters, you are not able to change a thing with it, and consequently you can't do any harm to your phone - it's perfectly safe to use the menu. On the latest software revisions, the menu is available in several languages. In german it will show as "Eng Felder Optionen", "Aktive Zelle", "Nachbar-zellen" and "System-Parameter"

It is easier to understand these terms if you have an idea about what the BCCH actually is: When powering on your GSM phone, it doesn't know what frequency to tune into in order to communicate with the cell, therefore it will start scanning all 125 GSM frequencies (GSM-900), looking for a Frequency Correction Burst. Once this is found and the frequency has been adjusted, it will "stay tuned" and listen for a Synchronization burst and decode it in order to synchronize (timewise) to the network. After sucessfully synchronizing frequency and time, the BCCH channel can be received and decoded, providing network identification and information about how the mobile should "behave" on the net. The BCCH is on timeslot 0 - the remaining 7 timeslots are used for traffic. The BCCH never frequency-hops - it stays put all the time, like a beacon, transmitting information to the mobiles. The mobile will continue to search for BCCH's and keep a list of the 6 strongest BCCH in the area.

During idle you can view the parameters: RxLev, RxLevAM, NCC, BCC, MSTxPwr, C1. Dualbanders will also provide: CRO, TO, C2, 2ter, 2bis & ECSC

During dedicated mode you can view the parameters: RxLev, RxLevFull, RxLevSub, RxQualFul, RxQualSub, Timeslot, TimeAdv and PwrLev. Dualbanders will also provide: Vocoder, 5bis, BSIC, MBReport, MeasValid.

The ActCh (Active Channel) may read "Hopping" during a call. The GSM system can use slow frequency hopping where the mobile station and the base station transmit each TDMA (Time Division Multiple Access) frame on a different carrier frequency (The hopping rate is 217 hops/second which corresponds to one hop per. TDMA frame). The frequency hopping algorithm is decoded from the Broadcast Control Channel which the mobile station continuously decodes. Since multipath fading is dependent on carrier frequency, slow frequency hopping help mitigate the problem. Frequency hopping is operator optional down to the individual cell.

• ActCh: Displays the Active Channel on which the BCCH is received. GSM-900 has 124 (001-124) channels and GSM-1800 has 374 (512-885). The channels are split between the operators.
• Combined: Describes the channel organization in the 51-frame multiframe : off uses SDCCH/8 and on uses SDCCH/4. The logical channels can be mapped differently:
  • Off: BCCH+CCCH and SDCCH are on different channels.
  • On: BCCH, CCCH and SDCCH are combined on the same channel

  Confused about all the channels ? Take a look at the GSM channel structure section below

• AcsClas: Access Control Class . The Access Control class is a parameter to control the RACH (Random Access CHannel) utilization. 15 classes are split into 10 classes randomly allocated to normal subscribers and 5 classes allocated to specific high priority users. This way, the operator can cut out users when the net is getting clogged-up. Denied classes can by cycled so that in extreme loading you may be denied for 10 minutes or so, but then you'll have service. Other classes are reserved for the emergency services/operators so they can be excluded and have priority calling. What networks does use this RACH regulation ???
• RxLev:(7bits) The strength of the received BCCH signal (000 to 127 dBm), normally between -55 to -90 - the MS will look for another BCCH carrier when the signal drops to RxLevAm^* (RxLev and RxQual are sent regularly to the BSC during a call).
• RxLevAm: Rx Level Access minimum - Minimum Rx signal strength threshold (usually around -100 dBm to -110 dBm). This is related to the minimum signal that the operator wants the network to receive when being initially accessed by an MS.
• CRO:(6 bits) Cell Reselect Offset. Applies an offset to the C2 reselection criterion. 0 - 126 dB in 2 dB steps, i.e.
  • 0=0dB,
  • 1=2dB, etc.
• TO:(3 bits) Temporary Offset. Applies a negative offset to C2 for the duration of PENALTY_TIME. 0 - 60 dB, 10 dB steps i.e.
  • 0=0dB,
  • 1=10 dB, etc. and
  • 7 = infinity
• BCC:(3 bits) Base-station Color Code (0-7)- This is used to distinguish neighboring cells of the same operator broadcasting BCCH on the same FDMA (Frequency Division Multiple Access) channel from each other (Different channel "sets" are used by GSM operators in the same country, so their BCCH will always be on different FDMA channels). A set of cells that covers all the channels available for a specific operator is called a "cluster". BCC has the same value in all the cells of a cluster, because of each cell, in the cluster, transmits on different channels. NCC+BCC is called BSID (Base Station Identity)
• NCC:(3 bits) Network Color Code (0-7) - this is used to distinguish neighboring cells between operators of different countries broadcasting BCCH on the same FDMA channel from each other. The NCC is equal within a PLMN (Public Land Mobile Network). It's a 3 bit value.
• MSTxPwr: The maximum power level that the MS (Mobile Station) is allowed to access the RACH - this means that even though you have a 8W unit, you are not always allowed to blast away at full power. Generally MSTxPwr is low in urban areas (small cells) and high in rural areas (large cells) - See notes on power control below
• C1: The path loss criterion parameter C1 (defined as C1=(RxLev-RxLevAm-MAX((MSTxPwr-MSMaxTxPwr),0)) ) used for cell selection and reselection. This is calculated by the MS and used for deciding which cell to camp to (selection and reselection). C1 is more useful than just RxLev, since it takes the MSTxPwr & MSMaxTxPwr into account. MSMaxTxPwr is the phones maximum output in dBm (for GSM normally 33 but 39 with carkit). The reason Tx power is factored into C1 is so that an MS only camps to a cell where it has a reasonable chance to be heard by the base station if it transmitted.
• C2: Cell reselection criterion. Identical to C1 when camped in 900 band. You will notice that the dual band units do have a preference for the 1800 band. The C1 can be much higher than C2 but it doesn't result in the phone switching back to the 900 band. The reason C2 is included is to handle small cells, where an MS may select and camp to a cell but not have long enough to do anything before loosing it completely. C2 is time varying so it can get bigger after a certain period. If the MS can still see it then it will camp to it.
• CBA:(1 bit)Control parameter Cell Bar Access. If enabled and CBQ=0 then cell selection and reselection will be barred.
• CBQ:(1 bit)Control parameter Cell Bar Qualify. If enabled, then cell selection priority will be low, but cell reselection status (barred/normal)will be normal.
• 2ter: This message is sent optionally on the BCCH by the network to all mobile stations within the cell giving information on the extension of the BCCH allocation in the neighbour cells.. Based on this information the mobile station is able to decide whether and how it may gain access to the system via the current cell. The 2ter message shall be sent if and only if this is indicated in TYPE 3 message. Can be ignored by units only capable of GSM900.
• 2bis: This message is sent optionally on the BCCH by the network to all mobile stations within the cell giving information on control of the RACH and of the extension of the BCCH allocation in the neighbour cells. Based on this information the mobile station is able to decide whether and how it may gain access to the system via the current cell. The 2bis message shall be sent if and only if the EXT-IND bit in the Neighbour Cells Description IE in both the TYPE 2 and TYPE 2bis messages indicates that each IE only carries part of the BA. Can be ignored by units only capable of GSM900.
• ECSC:(1 bit) Early Classmark Sending Control. This bit controls the early sending of the classmark by the Mobile Stations implementing the Controlled Early Classmark Sending option:
  • 1 = Early Sending is explicitly accepted
  • 0 = Early Sending is explicitly forbidden.
• RxLevFull:(6 bits) C1 value with continuous transmission from tower (calculated from all the timeslots of one 51-multiframe).
• RxLevSub:(6 bits) C1 value with discontinuous transmission from tower (subset of the timeslots in the 51-multiframe - usually from the SACCH timeslot).
• RxQualFull:(3 bits) Received signal quality is derived from the BER (Bit Error Rate) with continuous transmission from tower (calculated from all the timeslots of one 51-multiframe) - see notes on BER
• RxQualSub:(3 bits) Received signal quality is derived from the BER (Bit Error Rate) with discontinuous transmission from tower (subset of the timeslots in the 51-multiframe - usually from the SACCH timeslot) - see notes on BER
• Timeslot:(4 bits) The current Ts (Timeslot) (0 through 7 - TDMA allows eight channels to be accommodated on a single RF (Radio Frequency) carrier)
• TimeAdv:(7 bits) TA (Timing Advance) (0 through 63) - see notes on timing advance below
• PwrLev: Reports which power step/level the phone is transmitting at - (See section below on power control)
• Vocoder: EFR (Enhanced FullRate) / FR (FullRate) / HR (HalfRate) / NA (NotApplicable) - (How many of these are actually implemented ?)
• 5bis: This system information message is sent optionally on the SACCH just after handover by the network to mobile stations within the cell giving information on the extension of the BCCH allocation in the neighbour cells. When received (and not ignored) this information must be used as the list of neighbouring cells to be reported on. Any change in the neighbour cells description must overwrite any old data held by the mobile station. The mobile station must, with the exception stated above, analyse all correctly received system information type 5 messages. Can be ignored by units only capable of GSM900.
• BSIC:(6 bits) Control parameter Base Station Identity Code = |NCC (3 bits) BCC (3 bits)|
• MBReport:(2 bits) MultiBand report. The number of neighbour cells (with known and allowed NCC part of the BSID) for each frequency band supported is included in this parameter. Possible values are: 6-0, 5-1, 4-2 & 3-3
• MeasValid:(1bit) This bit indicates if the measurement results for the dedicated channel are valid or not:
  • 0=The measurement results are valid,
  • 1=the measurement results are not valid.
• DTX:(1 bit) Discontinuous transmission, a feature used to save battery and reduce network traffic by powering down the mobile station transmitter when there isn't any speech to transmit.
• MCC: Mobile Country Code - This is the X.121 code for the country
  • 238 = Denmark
  • 250 = Russia etc.
• MNC: Mobile Network Code
  • For MCC 238
    • 1 = Tele Denmark
    • 2 = Sonofon
    • 10 = TDM GSM-1800
  • For MCC 250
    • 1 - MTS
    • 99 - Beeline
• LAC: Local Area Code, Several cells are contained in a LA (Local Area). The size is operator definable and may vary. A LU (Location Update) must take place if the MS leaves the LA. The LAC is 2 bytes long and hence the value between 0 and 65535. Together with MCC & MNC this gives the LAI (Local Area Information)
• CellID: A number that identifies the active cell. The CID (CellID) is unique to the LA. For a truly unique description of a cell, the CGI (Cell Global Identity) should be used. The CGI consists of the CID, MCC, MNC & LAC
• T3212: Time between periodic LU's (0-255). The value of the T3212 timer has to be multiplied with 6 minutes to get the LU-period:
  • 010=1 Hour,
  • 050=5 hours

  the theoretical maximum is 25.5 hours - It can be configured independently for each cell. The Location Update Timer is much more a HLR (Home Locaton Register) time-out. If a phone leaves the coverage area and has no chance to send a "IMSI Detach" (to log off - please note that not all cells allow IMSI detach/attach), then the phone would be paged in the last known LA, which may force a lot of traffic a) on the radio channels and b) between the BTS, the BSC (Base Station Controller) and the HLR. The LU timer is reset if a call or SMS is sent / received.

• BS-PA-MFRM: Number (2...9) of MFRMs (MultiFRaMe) between two transmissions of the same PAging message to MSs of the same paging group. I assume, that when we are talking about paging, the channel at issue here is the paging channel, which is a CCH (Control CHannel)- here the length of a multiframe is 234 ms - see note on TDMA frame structure & duration. The value for my operator 238-01 is 9 which corresponds to 234 ms x 9 = 2.1 seconds between paging messages. The BS-PA-MFRM shows the Discontinuous Receive (DRX) parameter of the network. DRX allows the mobile to synchronize its listening period to a known paging cycle of the network. This can typically reduce the standby power requirements by 90%. The paging procedure has been designed to facilitate significant battery-saving potential in the hand portable - the larger the period between listening periods the lower battery consumption. Unless a hand portable is used excessively the biggest drain on its battery comes not from the time spent using it, but from the standby cycle as it monitors the paging channel, in case it is being called. In the GSM system the DRX allows the mobile, once it has located the paging signal, to synchronize a clock knowing that it will not get another signal until a specified time has elapsed. It can thus power down its circuits for most of the time during standby. On a 8700 with a 600 mAh battery motorola specifies 60 hours of standby with DRX=2 and 75 hours with DRX=9
• XZQTY: From disassembling the firmware, it appears as if XZQTY is not variable at all, but simply fixed at 14.3 all the time.

* When comparing RxLev's, remember the logarithmic nature of the dB scale and that the signal intensity decays by a factor 4 when the distance from the BST is doubled ; Assuming line of sight to the BST, the signal will drop 6 dB when the distance is doubled.