ABB i-bus KNX IPR/S 3.5.1 Product Manual Download Page 6 | Manualshive

Page: 6 / 44

background image

ABB i-bus

®

KNX

General

6 2CDC502099D0211 Rev. A | IPR/S 3.5.1

1.2

Cyber security (network security)

The industry is increasingly faced with cyber security risks. To increase the stability, security and

robustness of its solutions, ABB has introduced official robustness tests for Internet security as part of the

product development process.
In addition, the information below includes guidelines and mechanisms that you can use to improve the

security of KNX systems.

1.3

Preventing access to the different media

The basis for any protection concept is the careful shielding of the system against unauthorized access.

Only authorized persons (installers, janitors and users) should have physical access to a KNX system. The

critical points of every KNX medium must be protected as well as possible during planning and installation.
In general, applications and devices should be permanently installed to prevent their easy removal and in

this way prevent access to the KNX system for unauthorized persons. Subdistributions with KNX devices

should be closed, or in rooms to which only authorized persons have access.

1.4

Twisted pair cabling

► The ends of KNX twisted pair cables should not be visible or protrude from the wall either inside or

outside the building.

► If available, use the anti-theft devices on the application modules.
► Bus cables outdoors represent an elevated risk. Ensure that physical access to KNX twisted pair

cables is especially difficult here.

► For extra security, devices installed in areas with limited protection (outdoor areas, underground

parking lots, restrooms, etc.) can be designed as a separate line. Enabling the filter tables in the line

coupler (KNX only) prevents attackers from gaining access to the whole system.

1.5

IP cabling inside the building

For building automation, use a separate LAN or WiFi network with its own hardware (routers, switches,

etc.).
Regardless of the KNX system, apply the usual security mechanisms for IP networks. These are

examples:

•

MAC filter

•

Encryption of wireless networks

•

Usage of strong passwords and protection of these against access by unauthorized persons

Note

The device cannot be reached during IP, TCP or UDP flooding (access from the Internet). To prevent

this reaction, set a data rate limit at network level.
Please discuss the topic with your network administrator.

«
...
4
5
6
7
8
...
»

Summary of Contents for i-bus KNX IPR/S 3.5.1

Page 1: ...PRODUCT MANUAL ABB i bus KNX IPR S 3 5 1 IP Router Secure...

Page 2: ......

Page 3: ...4 5 Unloading the device and resetting to factory settings 16 2 4 6 Cleaning 17 2 4 7 Maintenance 17 2 5 Description of inputs and outputs 17 2 6 Operating controls 18 2 7 Display elements 18 3 Commis...

Page 4: ...ABB i bus KNX Contents vi 2CDC502099D0211 Rev A IPR S 3 5 1...

Page 5: ...apters Chapter 1 General Chapter 2 Device technology Chapter 3 Commissioning Chapter 4 Planning and application Chapter A Appendix 1 1 1 Notes Notes and safety instructions are represented as follows...

Page 6: ...oms to which only authorized persons have access 1 4 Twisted pair cabling The ends of KNX twisted pair cables should not be visible or protrude from the wall either inside or outside the building If a...

Page 7: ...ity Use of manufacturer specific solutions or visualizations e g access via https 1 7 KNXnet IP Security The device should always be operated in KNX Secure mode This ensures security for runtime commu...

Page 8: ...activated for the devices a firmware update can also be performed with the i bus Tool During the update process the KNX bus TP must be connected in addition to the IP network LAN so that the KNX para...

Page 9: ...ber of tunneling servers 5 5 Number of unicast connections 10 10 Monitoring for bus voltage failure see chapter 1 8 1 Monitoring for bus voltage failure Filter Group telegrams main group 0 31 IP disco...

Page 10: ......

Page 11: ...0 V DC or PoE Power over Ethernet to IEEE 802 3af class 1 2 1 Technical data Supply Supply voltage Us 12 30 V DC 10 15 or PoE IEEE 802 3af class 1 Power loss Maximum 1 8 W Current consumption supply v...

Page 12: ...Maximum number of assignments IPR S 3 5 1 IP Router Secure 0 0 0 Current version number of the application Please refer to the software information on our homepage Note ETS 5 and the current version o...

Page 13: ...rrier 6 Power supply connection Us 2 Programming LED 7 Telegram LED 3 Programming button 8 LAN LINK LED 4 KNX connection 9 ON LED 5 Cover cap 10 LAN or LAN PoE connection Note It is also possible to p...

Page 14: ...ABB i bus KNX Device technology 14 2CDC502099D0211 Rev A IPR S 3 5 1 2 3 Dimension drawing IPR S 3 5 1 2CDC072011F0015...

Page 15: ...ons and specifications applicable in the related country must be observed during the planning and setting up of electrical installations and security systems for intrusion and fire detection Protect t...

Page 16: ...tunneling clients Tunneling clients establish the connection to the server via the IP address The data programmed with the ETS is adopted approx 30 60 seconds after the download 2 4 5 Unloading the d...

Page 17: ...using a dry cloth or a cloth dampened with a soapy solution Corrosive agents or solutions must never be used 2 4 7 Maintenance The device is maintenance free In the event of damage e g during transpor...

Page 18: ...seconds the LED starts flashing until the startup process is complete and the LED lights up continuously again Depending on the size of the filter table this can take 5 to 60 seconds LAN LINK The LED...

Page 19: ...equired 3 1 Overview The IPR S is parameterized using the Engineering Tool Software latest ETS 5 version Some functions Unicast are parameterized via a separate tool i bus Tool 3 2 Parameters This cha...

Page 20: ...whether the telegrams with group addresses of the main groups 0 to 13 are filtered routed or blocked Filter The telegrams with the group addresses of the main groups 0 to 13 from the KNX to the LAN a...

Page 21: ...out considering the filter table settings Physically addressed telegrams Options Filter Block This parameter defines whether physically addressed telegrams are filtered or blocked Filter Only the tele...

Page 22: ...egrams that are also entered in the IPR S filter table are acknowledged Always All group telegrams on the KNX are acknowledged by the IPR S If free group address structure is used Main group 0 13 1 28...

Page 23: ...ked Filter The telegrams with the group addresses of the main groups 0 to 13 from the KNX to the LAN are filtered in accordance with the filter table which is automatically calculated by the ETS Route...

Page 24: ...Block All group telegrams of main groups 14 31 are blocked without considering the filter table settings Physically addressed telegrams Options Filter Block This parameter defines whether physically a...

Page 25: ...eat physically addressed telegrams Options Yes No Yes If an error is detected when a physically addressed telegram is transmitted the telegram is repeated up to three times No The telegram is not repe...

Page 26: ...k demands that telegrams are sent as unicast For setting the routing multicast address see Multicast Address Unicast The routing for the device is switched off This special communication type does not...

Page 27: ...twork You can download the i bus Tool free of charge from our homepage www abb com knx No ETS or installation of Falcon is required for the i bus Tool System requirements system with Windows 7 operati...

Page 28: ...vice name is used for identification of the device on the LAN After a search query e g by the ETS every KNXnet IP device reports its name and can be allocated accordingly For example the installation...

Page 29: ...rocedure It assigns itself an address from the reserved range for auto IP addresses 169 254 1 0 to 196 254 254 255 Refer to chapter 4 1 1 Assignment of IP address for information about DHCP Use a stat...

Page 30: ...ned and changed only if the existing network demands that another address from the range 224 0 0 0 to 239 255 255 255 reserved range for multicast addresses be used The routing multicast address is se...

Page 31: ...epeated in the event of an error Tunneling V2 is supported from ETS 5 TCP is used instead of UDP here and the TCP s data link layer is used for transmission Note The physical address for the tunneling...

Page 32: ...er the first download If this is not desired the setting can be changed manually in the Properties window To change the address mark the current device address or additional address and then select th...

Page 33: ...download of the device a window opens in the ETS to prompt the user to enter the key The certificate can also be read using a QR scanner recommended o Alternatively the certificates of all Secure dev...

Page 34: ......

Page 35: ...ming a DHCP server is available the DHCP lease expires No DHCP server is available during startup If no DHCP server is available during startup of the IP Router Secure the device will assign itself an...

Page 36: ...tches or firewalls the multicast IP address 224 0 23 12 may need to be enabled explicitly beforehand Please discuss the topic with your network administrator For further information see chapter 3 2 3...

Page 37: ...o be able to use the Unicast type of communication 4 1 3 Monitoring an IPR S 3 5 1 An active tunneling connection should be monitored via a CONNECTIONSTATE_REQUEST but this is also possible via T Conn...

Page 38: ...this IGMP mechanism will not work To enable a multicast address the device logs in at this multicast address with a membership report 4 1 6 IPR S as an area coupler The IP Router Secure can assume th...

Page 39: ...7 IPR S as a line coupler The IP Router Secure can assume the function of a line coupler in a KNX system For this purpose it must receive the physical address of a line coupler 1 1 0 15 15 0 The foll...

Page 40: ...X system to use the IP Router Secure as an area coupler at one point e g office complex and as a line coupler at another point e g a remote underground garage this is possible It is only necessary to...

Page 41: ...Connect and then click IP devices in the window that then appears Ribbon Switching between Discovery Firmware Update and Unicast Click the corresponding button to select Discovery or Unicast mode 4 2...

Page 42: ...vailable An Internet connection is then no longer necessary in order to update the system devices Important During the update process the KNX bus TP must be connected in addition to the IP network LAN...

Page 43: ...40 16779 EAN Weight 1 pc kg Packaging pcs IPR S 3 5 1 IP Router Secure MDRC 2CDG110176R0011 90650 0 0 1 1 A 2 Open source software components A list of the open source components used is available on...

Page 44: ...l changes or modify the contents of this document without prior notice The agreed properties are definitive for any orders placed ABB AG does not accept any responsibility whatsoever for potential err...

Reviews:

No comments

Related manuals for i-bus KNX IPR/S 3.5.1

Brand: D-Link Pages: 12

SmartMedia Adapter PC Card REX-SMA01F

Brand: Ratoc Systems Pages: 75

Brand: Ubee Pages: 9

Brand: Garland Pages: 6

Brand: NETGEAR Pages: 2

CLICK PLUS C2-02CPU

Brand: Automationdirect.com Pages: 10

Brand: Garland Pages: 43

Net2Air Ins-40085-US

Brand: Paxton Pages: 4

Brand: ZyXEL Communications Pages: 215

Brand: Lanner Pages: 59

Brand: Gemtek Systems Pages: 51

Brand: Kontron Pages: 19

Brand: RubyTech Pages: 25

FlexNetwork 5130 Series

Brand: HPE Pages: 33

IPLink 2603 Series

Brand: Patton Pages: 120

Brand: Supermicro Pages: 15

Brand: Ubiquiti Pages: 13

VIGI NVR1004H-4P

Brand: TP-Link Pages: 2

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands