manualshive.com logo in svg

LOYTEC L-Gate, User Manual, Page: 102 / 113

Share
Download
LOYTEC L-Gate User Manual Download Page 102

L-INX/L-GATE User Manual 

102 

LOYTEC  

Version 7.2 

 

LOYTEC electronics GmbH 

12 Security Hardening Guide 

This guide contains security-relevant information for operating the product on IT networks. 
The  information  refers  to  the  firmware  version  and  the  instructions  found  in  the  previous 
chapters of this User Manual. 

12.1  Installation Instructions 

Install the device over the Web interface: 

 

Set up the basic device functions and protocol settings as described in Section 5.2. When 
connecting over the Web UI use https:// in the URL. 

 

Set a secure password for the admin and operator accounts. 

 

Disable the HTTP, FTP, and Telnet servers in the IP port configuration as described in 
the LOYTEC Device User Manual [1]. Note, that FTP and Telnet are disabled in factory 
defaults as of firmware 7.0.0. 

 

Create a new HTTPS server certificate as described in the LOYTEC Device User Manual 
[1]. 

12.2  Firmware 

The device is equipped with one piece of software. This is the firmware image and its related 
firmware  version.  The  firmware  is  distributed  as  a  downloadable  file.  The  device  can  be 
upgraded by placing the firmware image onto the device using the procedure described in 
Chapter 9. 

12.3  Ports 

This Section lists all ports, which may be used by the device. The ports are default settings 
for their respective services. If not stated otherwise, the ports can be changed. 

Required Ports: 

 

80 tcp: This port is opened by the Web server and the OPC XML-DA server. It can be 
disabled if OPC XML-DA is not required. The port can be changed. 

 

1628 udp/tcp: This is the data exchange port for CEA-852 (LON over IP). It is required 
for the primary function of the device to exchange control network data between routers 
over the IP network. Each device needs this port open. The port can be changed. 

 

1629 udp/tcp: This is the configuration server port of CEA-852. Exactly one device in 
the system needs this port open. Other devices register with the configuration server to 
form the IP-852 channel list. The port can be changed. 

 

47808 udp: This is the data exchange port for BACnet/IP. It is required for the primary 
function  of  the  device  to  exchange  control  network  data  between  routers  over  the  IP 
network. Each device needs this port open. The port can be changed. 

Summary of Contents for L-Gate

Page 1: ...L INX L GATE L INX Automation Server L GATE Universal Gateway User Manual LOYTEC electronics GmbH...

Page 2: ...HER APPLICATION IN WHICH IN THE FAILURE OF SUCH PRODUCT COULD CREATE A SITUATION IN WHICH PERSONAL INJURY OR DEATH MAY OCCUR LOYTEC MAKES NO REPRESENTATION AND OFFERS NO WARRANTY OF ANY KIND REGARDING...

Page 3: ...New in L INX L GATE 7 0 0 28 4 3 New in L INX L GATE 6 4 0 30 4 4 New in L INX L GATE 6 3 0 32 4 5 New in L INX L GATE 6 2 0 32 4 6 New in L INX L GATE 6 1 0 33 4 7 New in L INX L GATE 6 0 0 36 4 8 Ne...

Page 4: ...6 4 7 Ethernet Link LED 65 6 4 8 Ethernet Activity LED 65 6 4 9 BBMD LED 66 6 4 10 Wink Action 66 6 4 11 Network Diagnostics 66 6 5 Wiring 66 7 Concepts 67 7 1 Universal Gateway 67 7 2 Data Point Con...

Page 5: ...Custom Serial Protocols 95 9 Firmware Update 97 9 1 Firmware Update via the Configurator 97 9 2 Firmware Update via the Web Interface 99 9 3 Firmware Update via the USB Port 99 10 Troubleshooting 100...

Page 6: ...TE User Manual 6 LOYTEC Version 7 2 LOYTEC electronics GmbH 13 3 Removable Media 110 13 3 1 LINX 12X 15X 22X LGATE 950 951 110 13 4 FCC Warning 111 13 5 CE Warning 111 14 References 112 15 Revision Hi...

Page 7: ...E Data Information Field Data Information Field Extension DL Data Logger Web service DNS Domain Name Server RFC 1034 DST Daylight Saving Time EEP EnOcean Equipment Profile GMT Greenwich Mean Time IP I...

Page 8: ...Simple Network Time Protocol SSL Secure Socket Layer STP Spanning Tree Protocol Standard IEEE 802 1D TLS Transport Layer Security UCPT User defined Configuration Property Type UI User Interface UNVT U...

Page 9: ...ed network technologies are available as data points in the automation server Those data points are freely configurable via configuration software which provides a fast and easy way to configure the L...

Page 10: ...al building network while keeping it isolated from WAN access that exposes some aspects using secure services By using the external L WLAN adapter the device also provides a WLAN interface which can l...

Page 11: ...memory access method For CPs the standard SCPTs and user defined UCPTs are supported All those CEA 709 data points can be exposed to the automation server or the gateway The CEA 709 L INX with the rou...

Page 12: ...lendar objects which can directly schedule BACnet server objects remote BACnet objects or non BACnet registers For alarm conditions the device supports the intrinsic reporting method of BACnet objects...

Page 13: ...M Bus data points refer to the M Bus Chapter in the LINX Configurator User Manual 2 1 5 Modbus In addition to the basic network technologies the all models support the Modbus RTU and the Modbus TCP i...

Page 14: ...etwork the LSMI 800 interface has to be attached to the EXT port of the device for one SMI channel or the LSMI 804 interface to the USB port for four SMI channels The SMI interface is represented in t...

Page 15: ...mable L INX and L GATE models provide a JavaScript based scripting engine see Table 1 and Table 2 On some of them a license L IOT1 needs to be purchased to enable the feature The script engine allows...

Page 16: ...to have either FT or IP active for CEA 709 2 This model can be configured to have either MS TP or IP active for BACnet 3 Modbus RTU can only be used if BACnet MS TP is not active on this model 4 M Bu...

Page 17: ...5 5 5 5 MP Bus 8 channels 5 5 5 5 5 5 5 5 5 5 5 OPC XML DA OPC UA OPC Client SNMP PLC L LOGICAD 6 PLC L STUDIO 6 6 LIOB Connect LIOB FT IP LCD Display SD Card USB Ethernet Switch Hub WLAN LTE 5 5 5 5...

Page 18: ...and three EXT ports 1 13 Scope This document covers L INX and L GATE devices with firmware version 7 2 and describes specific functions of those device models Basic device operations are covered in th...

Page 19: ...g unauthorized access to the devices systems and networks These should only be connected to a network or the Internet if adequate security measures are in place e g firewalls separate networks and a c...

Page 20: ...stem integrator Any third party regulations e g general contractor or client ATTENTION Country specific Safety Regulations Failure to observe country specific safety regulations can lead to property d...

Page 21: ...n addition the specific regulations for electrical wiring according to this manual must be observed CAUTION Earth Ground of System Zero AC DC 24V The following items must be observed when earth ground...

Page 22: ...ast 50 of the nominal load The nominal power of the transformer must be at least 25 VA Using a transformer of smaller size the ratio of open circuit voltage to voltage at full load becomes unfavorable...

Page 23: ...inet fuse CAUTION Power over Ethernet PoE LPAD 7 Touch Panels require a PoE Class 1 power supply max 12W which must be compliant to IEEE 802 3at 2009 For the power supply of the PoE switches observe t...

Page 24: ...enable Mobile Network enter your APN data and select which protocols shall be run on LTE New system registers offer mobile communication statistics such as Bytes transferred or SMS sent The VPN client...

Page 25: ...which building automation protocols are directly available on the VPN A separate VPN tab has been added to the port configuration that allows configuring IP based control protocols to be running dire...

Page 26: ...mobile interface or over the network using another LOYTEC device acting as an SMS proxy for its LTE 800 mobile interface SMS proxy mode can be configured in the new SMS configuration menu on the Web...

Page 27: ...fected by a parameter upload This way it is possible to track current parameter values while still keeping their original default values When desired parameter values can be reset to their default val...

Page 28: ...creases the maximum number for supported MP Bus channels from 4 to 8 Note that no external USB hubs are supported The LMPBUS 804 interfaces need to be directly attached to the two built in USB ports A...

Page 29: ...EC device is now tracking information on the source of a written value for each data point This information is shown on the data point details Web UI next to the modification timestamp and can be used...

Page 30: ...ort Web interface offers a choice to select such a custom serial implementation based on meta data provided by the JavaScript module An example for such custom protocol support is DMX which is distrib...

Page 31: ...ptional and can be turned off by deselecting the check box Figure 13 Backup before Upgrade on the Web interface Multiple M Bus Ports LOYTEC devices with multiple EXT ports now support operating an LMB...

Page 32: ...ile New Models The L INX automation server family has been extended by two new programmable all rounder models The new LINX 215 combines the functionality of all LINX 11x 21x It provides both router a...

Page 33: ...BACnet properties When linking a BACnet favorite to a BACnet server object the respective BACnet property data points are added and linked to the link target L IOB Firmware Upgrade and V2 Models The L...

Page 34: ...akes it easier to replicate devices without scarifying the IP configuration and password settings An example is shown in Figure 16 Figure 16 Backup and restore options on the Web UI L STAT Configurati...

Page 35: ...sible Incremental Data Point Scan The data point scanning engine of the Configurator has been extended to mark data points already used on the device and data points found in new scans The last two co...

Page 36: ...e device firmware and in the LINX Configurator The different device firmware images for LROC 10x LIOB AIR and LROC 400 have been integrated in one image for all L ROC L INX LIOB AIR and L GATE models...

Page 37: ...llows configuration of a Mesh network with up to 32 nodes The whitelist contains all mesh point IDs that may contact each other In order to make configuration of the mesh network easier the Quick Wire...

Page 38: ...d new features For a full list of changes refer to the Readme file New L INX and L GATE Models The new L INX and L GATE models in the small enclosure are now supported Equipped with dual Ethernet a bu...

Page 39: ...The auto connect feature has been extended Support folder_descr as a placeholder in auto generate templates This evaluates the description property of the parent folder Generate into existing connecti...

Page 40: ...frame and end frame delimiting characters A logical bus number is assigned to the service block which can be selected as a custom serial protocol on the port configuration Web UI as shown in Figure 22...

Page 41: ...nfiguration the device provides separate Ethernet tabs in the port configuration which allow selecting the offered services on each interface The example in Figure 23 shows a WAN interface with HTTPS...

Page 42: ...n the Web interface by scanning for devices online or be entered manually Device replacement is also possible in the commissioning Web interface without the need to edit devices in the data point conf...

Page 43: ...ow specifying an existing value preset as the schedule default LONMARK and BACnet schedulers try identifying a matching preset name from the schedule default value 5000 BACnet Client Maps and Dynamic...

Page 44: ...ew features For a full list of changes refer to the Readme file Generic Scheduler Generic schedulers like generic trends and alarms can now be created that are neither CEA 709 nor BACnet objects Gener...

Page 45: ...at a total of 256 trended data points This is beneficial for native BACnet trend logs which allow only one data point per trend log object The increase comes at the cost of available log rate which is...

Page 46: ...o value data points the Configurator now offers a conversion tool Multi select old read write data points and choose the item Convert to value from the data point context menu This converts the select...

Page 47: ...ce templates offer some new features that boost productivity Allow setting the device name when storing the template in a file Naming rules for created data points when used on device Configure naming...

Page 48: ...le to the ports which are labeled respectively as shown in Figure 26 More detailed instructions are shown in Chapter 6 Important Do not connect terminal PWR Supply with Earth ground Figure 26 Basic Ha...

Page 49: ...d on the LCD display Note that your PC must be attached to the same subnet as the device For devices with a default IP address choose the setup on the LCD display To Configure a Static IP 1 Open your...

Page 50: ...ection mode When in selection mode turn the jog dial to alter the value and press again to quit the selection Some input fields provide acceleration This means turning faster changes the value in larg...

Page 51: ...avigate to Device Settings 2 Then navigate to the menu BACnet 3 In that menu navigate to the ID input for entering the device ID The field is split into two controls one for the thousands and one for...

Page 52: ...ion the data points of the L INX automation server or the L GATE need to be set up These can be data points of L IOB I Os network variables BACnet objects and other available technologies Before execu...

Page 53: ...istered the L INX Configurator as an LNS plug in This quick start assumes LonMaker TE as the LNS tool To Configure a Gateway 1 Open a new LNS database or open an existing LNS database In the latter ca...

Page 54: ...folder 10 Select the NVs under the port folder which shall be mapped to BACnet Click on the speed button Generate and connect selected in the tool bar 11 The generated BACnet objects appear in the Da...

Page 55: ...ce configuration can be done off line and is shown in the following steps To Configure L IOB I Os 1 Add L IOB devices on the LIOB tab from the supplied L IOB templates using the Add Device s button as...

Page 56: ...d for terminal outputs the data point L1_x_DOy_Output_Write will be used to set an output terminal 5 After downloading the L INX configuration into the L INX device the L IOB input and output terminal...

Page 57: ...hardlock version with a USB dongle On virtual machines it is mandatory to use the hardlock license A detailed guide on how to install the software components described above and upgrade of an older li...

Page 58: ...lectronics GmbH Figure 39 Available project templates 4 Select the project template for the L INX device e g LINX 11x or LINX 12x Figure 40 Project name and path 5 Specify the name of the project and...

Page 59: ...As shown in Figure 42 below expand the tree element Functionplans and double click Plan_1 in order to start editing the plan Figure 42 Edit Plan_1 8 In the new LogiCAD project there are no external va...

Page 60: ...for all L IOB I Os that are exposed as a PLC variable An example is shown in Figure 43 Figure 43 Exposed PLC data points appear in LogiCAD 11 Now the logic can be developed on the function plan 12 For...

Page 61: ...m the context menu A connection dialog will appear and ask for the type of connection and additional information Figure 46 IEC61131 program download 16 Select the TCP IP communication driver and enter...

Page 62: ...password of the device or the PIN code of the LCD UI has been forgotten you may need to reset the device back to factory defaults to gain access again On the L INX models 10X 11X 20X 21X press the ser...

Page 63: ...950 serial number with bar code Ser Figure 47 Example product label Unless stated otherwise all bar codes are encoded using Code 128 An additional label is also supplied with the device for documenta...

Page 64: ...n I O driver disabled The I O driver is disabled that is that no updates from or the IEC61131 program were handled GREEN flashing fast CPU overload CPU load exceeded 80 Modify the PLC program to reduc...

Page 65: ...r other network error Table 6 Modbus Activity LED Patterns 6 4 6 EXT LED The EXT port has a three color LED see product installation sheet which displays link and traffic information on the protocol e...

Page 66: ...ight up at all this port is not connected to any network segment or the connected network segment currently shows no traffic If the LED is flashing green the network segment connected to this port is...

Page 67: ...d to which data points Refer to the Connections Section in the LINX Configurator User Manual 2 for more information 7 2 Data Point Configuration Data points are part of the fundamental device concept...

Page 68: ...be used Double A register of base type double is represented by an analog data point It can hold any scalar value No specific scaling factors apply Signed Integer A register of base type signed intege...

Page 69: ...IEC61131 program CEA 709 variables Input NVs DP DP Output NVs IEC61131 variables IEC61131 variables Figure 49 Usage of data points Alternatively data points can also be directly exposed as IEC61131 v...

Page 70: ...ill request an update signature key for the new L logiCAD installation This signature key can be found in the file logicad_Readme txt that is located in the installation directory of the L logiCAD sof...

Page 71: ...license file logicad lf and click Open Finally click Close in the product activation dialog and start logiCAD again The softlock license is now activated 8 2 2 Hardlock License The hardlock license i...

Page 72: ...y started all major features are automatically disabled But there is no additional message for the user 8 3 IEC61131 Project Files In the L INX Configurator select the LogiCAD Files tab to attach an I...

Page 73: ...this file to attach it to the project of the Configurator Note that the time and date of the file indicates the time of the last code generation If logiCAD is not able to build a new program the old f...

Page 74: ...able to transfer IEC61131 variables from the L INX device to the IEC61131 program a global variables object within the LINX 110 folder is required see Section 8 4 1 for details 3 LogiCAD operates on...

Page 75: ...he device on which the program will be executed This means that a global variable needs to be declared on the device resource which will be available to all programs running on the device If the physi...

Page 76: ...gram IEC61131 programs designed using logiCAD must be cross compiled in order to run on the L INX device The prerequisite to compile an IEC61131 program are as follows A program instance with associat...

Page 77: ...at hold only one scalar value e g SNVT_amp Those kinds on NVs are represented as IEC61131 REAL values within logiCAD There is no additional conversion necessary Figure 71 shows an example program for...

Page 78: ...ce description 8 4 4 IEC61131 Program Cycle Time IEC61131 programs are performed in a periodical manner IEC61131 tasks are used do control the execution of an IEC61131 program As shown in Figure 57 se...

Page 79: ...ariables to reduce the load caused by exchanging data between the PLC program and the data points of the automation server Reduce the number of independent tasks and try to place as much functionality...

Page 80: ...ted value after each cycle This is the default setting It can be disabled if the output data point shall be written only if the calculated value changes In this mode the output data point can be modif...

Page 81: ...her information from the network Start the Configurator Scan network variables Section 5 3 2 START DONE Download configuration to device Section 4 4 4 Select NVs and use on device Section 5 3 5 Expose...

Page 82: ...as global variables to logiCAD they can be used in the Functionplan Plan_1 To open the respective global variables folder double click on it To use the imported variables simply drag and drop the requ...

Page 83: ...he Functionplan Plan_1 an empty input area is shown similar to Figure 67 Figure 67 Start new function plan The dark grey areas on the left and right side are intended to place the input and output var...

Page 84: ...68 New external variable In the upcoming dialog the name and the type declaration of the variable must be specified The type declaration can be done directly by prompting the type into the declaration...

Page 85: ...rag and drop At this time the direction of the external variable is not defined it can be used as input as well as output variable Figure 70 Drag and drop external variable to drawing area Please take...

Page 86: ...ing the requirements of the defined external variables must be generated A tool automatically performs the process of generating the global variables object and the required global variables Figure 72...

Page 87: ...h sides can either be used for the force update feature see section 8 6 1 or as marker see section 8 6 4 As the tool can not distinguish between these two possibilities per default a global output var...

Page 88: ...y download the configuration to the L INX device After rebooting the L INX device the IEC61131 program is up and running Check the PLC LED for potential overload 8 5 3 Pre compiled IEC61131 Program In...

Page 89: ...EC61131 program That functionality is offered by the function block Update Notify located in the StandardLibs Loytec_Support folder Second an output must be forced to send an update even if the value...

Page 90: ...ariables on the device and the L INX Configurator will be able to create a suitable register data point for the IEC61131 data type Supported data types include custom enumeration types a multi state r...

Page 91: ...tructured Types 4 In the dialog choose the type Category logiCAD 5 Click the speed button Load types from disk 6 In the dialog Import Types from Disk click on 7 In the file selector dialog choose the...

Page 92: ...and download the data point configuration to the device Global variables declared as marker can be used as input and output variable in IEC61131 programs LogiCAD is not able to distinguish markers fr...

Page 93: ...tain data Make sure to set the input back to FALSE after this cycle to avoid multiple consecutive writes 8 6 6 L INX System Registers System Time L INX system registers such as the system time or the...

Page 94: ...Repository Path and select the extension ST for structured text 7 Copy all listed types to the disk repository by clicking Alternatively select specific types and click Then click Save and exit the d...

Page 95: ...priority 4 to AO1 over BAC AO1_pri4 To revoke values in commandable server objects the SetValueState function block must be used It is located in the Loytec_Support Service folder The I O variable of...

Page 96: ...t have address information which selects a specific slave Especially for RS 485 bus communication address information is required Since frames sent out are also received they need to be filtered out b...

Page 97: ...boots up with the fallback image the all port LEDs are flashing red The firmware image is distributed in a firmware ZIP archive that applies to all L INX and L GATE models 9 1 Firmware Update via the...

Page 98: ...Alternatively one can also connect via LNS A firmware upgrade over an FT 10 channel however needs a lot more time to complete than over IP 6 Optionally check for updates by selecting the menu Help Che...

Page 99: ...ace This option can be found in the Config menu under the Firmware item For more details refer to the LOYTEC Device User Manual 1 9 3 Firmware Update via the USB Port The device s firmware can be upgr...

Page 100: ...LOYTEC electronics GmbH Blumengasse 35 A 1170 Vienna Austria Europe e mail support loytec com Web http www loytec com tel 43 1 4020805 100 fax 43 1 4020805 99 or LOYTEC Americas Inc N27 W23957 Paul R...

Page 101: ...for further information about the LOYTEC system diagnostics tool for the LINX 10X 11 2 Use of Static Dynamic and External NVs on a Device Please refer to application note AN009E Changing Device Interf...

Page 102: ...distributed as a downloadable file The device can be upgraded by placing the firmware image onto the device using the procedure described in Chapter 9 12 3 Ports This Section lists all ports which may...

Page 103: ...ts are opened for LIOB IP on the device These ports cannot be changed They can be disabled 2002 tcp This port is opened by the Wireshark protocol analyzer front end This port is disabled by default Th...

Page 104: ...ocol analyzer may connect to this service and retrieve online protocol analyzer logs The service is disabled by default 12 5 Upgrade Key Strength The secure services HTTPS SSH rely on certificates to...

Page 105: ...al 105 LOYTEC Version 7 2 LOYTEC electronics GmbH Static errors in the device and data point configuration System overload situations as one time log messages since last power on Crucial communication...

Page 106: ...Enclosure Installation enclosure 107 mm wide DIN 43 880 Environmental Protection IP 40 enclosure IP 20 screw terminals Installation DIN rail mounting EN 50 022 or wall mounting 13 1 2 LINX 12X 15X 22X...

Page 107: ...L INX L GATE User Manual 107 LOYTEC Version 7 2 LOYTEC electronics GmbH 13 2 Resource Limits 13 2 1 L INX Models Table 8 and Table 9 specify the resource limits of the different L INX models...

Page 108: ...a 5 000 5 000 5 000 BACnet scheduler objects n a n a n a 100 100 100 BACnet calendar objects n a n a n a 25 25 25 BACnet notification classes n a n a n a 32 32 32 BDT max recommended n a n a n a 100 1...

Page 109: ...t calendar objects 25 25 25 25 BACnet notification classes 32 32 32 32 BDT max recommended 100 100 100 100 Foreign devices max 256 256 256 256 KNX Communication Objects per interface 250 250 250 1000...

Page 110: ...s 750 1 000 1 000 BACnet scheduler objects 100 100 100 BACnet calendar objects 25 25 25 BACnet notification classes 32 32 32 BDT max recommended 100 100 100 Foreign devices max 256 256 256 KNX Communi...

Page 111: ...These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates and radiates radio frequency...

Page 112: ...t 88067217 April 2013 4 LWEB 802 803 User Manual 3 2 LOYTEC electronics GmbH Document 88074220 March 2019 5 LWEB 900 User Manual 3 0 LOYTEC electronics GmbH Document 88081508 April 2019 6 L VIS User M...

Page 113: ...ator User Manual 2016 10 19 6 1 STS Added new device models Added license activation 2017 04 24 6 2 STS Added new device models 2017 12 20 6 3 STS Updated for firmware 6 3 0 2018 05 15 6 4 STS Updated...

Reviews:

No comments