manualshive.com logo in svg

MDT Technologies SCN-IP000.03, Technical Manual

The MDT Technologies SCN-IP000.03 comes with a comprehensive Technical Manual, providing detailed instructions for optimal usage. This manual is available for free download on our website, ensuring easy access to valuable product information. Enhance your experience with this innovative product by obtaining the manual today at manualshive.com.

Share
Download
background image

 

 

Technical Manual – IP Router  SCN-IP100.03

 

 

 

MDT technologies GmbH  •  

51766 Engelskirchen  •  Papiermühle 1

 

 

Tel.: +49-2263-

880  •  Fax: +49-2263-4588  •  [email protected]  •  www.mdt.de 

14

 

 

14

 

 

3 Safety – IP Secure/Data Secure 

 

3.1 Safety mechanisms – IP Secure/Data Secure 

 

KNX Data Security distinguishes between two mechanisms: IP Secure and Data Secure. 

 

KNX IP Secure

 allows to encrypt and to authenticate messages sent by KNX devices to transmit them 

securely over the IP layer. This ensures that KNX tunneling or routing messages on IP cannot be read 
or manipulated. KNX IP Secure forms an additional "security shell" that protects the complete 
KNXnet IP data traffic. 

 

KNX Data Secure

 enables the secure commissioning of devices that support data security and the 

encrypted transmission of group addresses between two devices that support Data Secure. 
For 2 devices to communicate securely with Data Secure, both devices must support Data Secure. 
However, it is also possible for a Data Secure device to communicate with a device that does not 
support Data Secure. In this case, however, only via an unsecured connection. 

 
 

3.2 Basic terms 

 

3.2.1 FDSK 

 

Every Secure device is delivered with the "Factory Device Setup Key" (FDSK). The system 
integrator/installer enters this key into the ETS, which generates a device-specific tool key from it. 
The ETS sends the tool key via the KNX bus to the device to be configured. This transmission is 
encrypted and authenticated with the FDSK key. After this initial commissioning, the device only 
accepts the received tool key. The FDSK is no longer required for further transmission - unless the 
device is reset via the master reset. 
After initial commissioning, the FDSK of all devices in a project should be detached from the device 
sticker and stored in a project-specific manner. The IP interface has two FDSKs for each application 
one, therefore you will find two different keys on the right and left side of the interface. 

 

3.2.2 Secured Mode - Secure Mode 

 

If a device is parameterised in such a way that it only transmits encrypted data, this is known as 
secure mode. 

 

3.2.3 Non-secured mode - Plain Mode 

 

If a device is parameterised in such a way that it only transmits in unencrypted form, this is known as 
non-secured mode (plain mode). 

 

3.2.4 Backbone Key 

 

If a KNX bus is connected to Data Secure via 2 IP Routers, they communicate encrypted with the 
backbone key. This key must be identical in all devices. The key is assigned independently by the ETS 
and cannot be changed. 

 

Summary of Contents for SCN-IP000.03

Page 1: ...8 knx mdt de www mdt de State 12 2020 Version 1 1 Technical Manual MDT IP Router SCN IP100 03 Further Documents Datasheets https www mdt de EN_Downloads_Datasheets html Assembly and Operation Instructions https www mdt de EN_Downloads_Instructions html Solution Proposals for MDT products ...

Page 2: ...Mixed use 12 2 8 4 Bus access function KNXnet IP Tunneling 13 2 8 5 Installation Example 13 3 Safety IP Secure Data Secure 14 3 1 Safety mechanisms IP Secure Data Secure 14 3 2 Basic terms 14 3 2 1 FDSK 14 3 2 2 Secured Mode Secure Mode 14 3 2 3 Non secured mode Plain Mode 14 3 2 4 Backbone Key 14 3 2 5 Commissioning Password 15 3 2 6 Authentication Code 15 3 2 7 Commissioning Secure Commissioning...

Page 3: ...ure for IP Router without Secure 35 4 7 3 2 Procedure for IP Router with Secure 36 5 Parameter E Mail Client 37 5 1 General Settings 37 5 1 1 General 37 5 1 2 Web Interface 38 5 1 3 Time Date 39 5 2 E Mail Functions 40 5 2 1 Status elements 40 5 2 2 Bit Alarms 42 5 2 2 1 Macros 43 5 2 3 Text Alarms 44 5 2 4 Status Reports 45 5 2 5 Specific behavior and error handling 46 5 3 Overview Communication ...

Page 4: ...H 51766 Engelskirchen Papiermühle 1 Tel 49 2263 880 Fax 49 2263 4588 knx mdt de www mdt de 4 7 Index 55 7 1 Register of illustrations 55 7 2 List of tables 56 8 Attachment 57 8 1 Statutory requirements 57 8 2 Disposal routine 57 8 3 Assemblage 57 8 4 History 57 ...

Page 5: ...cation the device uses the KNXnet IP protocol of the KNX Association It thus operates as a programming interface and replaces a RS232 or USB interface The IP Router includes apart from the tunneling function for point to point connection additionally the function of a line coupler routing This allows the IP Router to send receive telegrams throughout the network to from other lines and areas The p...

Page 6: ... router is set to manual with functionality according to the settings in the menu General By repeated pressing of the function button for 3 seconds the router is switched back Reset device If for example the applications are loaded in the wrong order or you want to switch from Secure to without Secure the IP interface must be reset Otherwise programming errors may occur The procedure is as follows...

Page 7: ...figuration of the IP Router 3 Transfer of the physical address and the application of the IP Router For this the programming button must be pressed shortly The programming LED lights steadily red 4 After successful transfer of the physical address and the application the red LED turns off again 5 Insert the application SCN IP000 03 KNX IP Router with email function 6 Configuration of the E Mail Cl...

Page 8: ...address and the application of the E Mail Client For this the programming button has to be pressed long The programming LED flashes red 10 After successful transfer of the physical address and the application the red LED turns off again 11 Accessing the Web client to configure the e mail addresses by opening an Internet browser and call the address http IP address port for example http 192 168 1 1...

Page 9: ...at in the download area Link to the firmware files Current devices https www mdt de EN_Downloads_Productdata html The firmware update itself is performed via the web browser A detailed description with procedure is available as a solution proposal at Important After an update the unit is reset to factory settings The physical address and application have to be reloaded Also all settings in the web...

Page 10: ...ter as line coupler Figure 2 IP Router as line coupler The IP Router in KNX installations can assume the function of a line coupler For this it needs to get the physical address of a line coupler 1 1 0 15 15 0 Currently in an ETS project up to 225 lines can be applied This topology is described as a flat topology as there are KNX main or backbone lines The telegrams of the KNX line are transmitted...

Page 11: ...ter as an area coupler Figure 3 IP Router as area coupler In larger KNX installations the IP router can assume the function of an area coupler For this it needs to get the physical address of an area coupler 1 0 0 15 0 0 Currently in an ETS project up to 15 areas can be applied with area couplers In the above example each area got 2 subordinated lines which e g can be linked with the line coupler ...

Page 12: ... 1 0 Figure 4 IP Router as area and line coupler Is it within a KNX system needed to use the IP Router at one location e g an Office as an area coupler and elsewhere e g a distant building as a line coupler so two different IP Routers can assume this function It needs to be noted that the IP Router as a line coupler gets the physical address from an open area such as shown in picture above 2 1 0 T...

Page 13: ... The KNX IP Router can be used as an interface to KNX It can be accessed from anywhere on the LAN to the KNX Therefore a second physical address has to be allocated This is described in more detail in the following chapters 2 8 5 Installation Example The following figure shows the exemplary structure of a network with two IP Routers used in each case as an area coupler Figure 5 Installation exampl...

Page 14: ... delivered with the Factory Device Setup Key FDSK The system integrator installer enters this key into the ETS which generates a device specific tool key from it The ETS sends the tool key via the KNX bus to the device to be configured This transmission is encrypted and authenticated with the FDSK key After this initial commissioning the device only accepts the received tool key The FDSK is no lon...

Page 15: ...ning Password Authentication Code It is recommended to give each device an individual commissioning password and not a universal one in the entire project or even across projects The ETS automatically assigns an individual password 3 2 6 Authentication Code The authentication code is required for authenticating KNX IP Secure devices As the FDSK is known outside of ETS for example as QR Code or imp...

Page 16: ...mmissioning is not secured the device can be used as a normal device without Data Secure By default the ETS sets all devices to Secure commissioning when inserted This item can be changed by the user under Device Properties Settings Figure 7 Secure Commissioning Secure Tunneling 3 2 8 Tunneling Secure Tunneling Tunneling refers to a KNX point to point connection on the TCP IP network For each IP S...

Page 17: ... not support Data Secure A mixed operation in one project is therefore possible However if all data of a group address are to be transmitted in encrypted form all devices whose objects are connected to this group address must support Data Secure 3 4 Commissioning ETS requires the following procedure to put Secure devices into operation 1 Load product data When loading the product database you will...

Page 18: ...e device certificate has to be kept in a safe place It is therefore important to remove it before installing the device and keep it for the project 3 Adapt Commissioning Password Authentication Code optional The Commissioning Password per device and Authentication Code per device can now be customized by the user However the ETS assigns initial passwords so this does not necessarily have to be don...

Page 19: ...into account during planning Do not allow any ports of routers to access the Internet Secure LAN WLAN system via a firewall If no external access to the KNX installation is required the default gateway can be set to the value 0 This prevents communication to the Internet Access to the KNX installation from the Internet should be realised via a VPN connection 3 6 Requirements for KNX IP Secure Data...

Page 20: ...shows the settings for this submenu ETS Text Dynamic Range Default value Comment Enable slow connections yes no Adjust the timeout for tunneling connections By default slow connections are not supported and a short timeout is used for the UDP connection This can be increased by supporting slow connections which may be necessary especially for tunnel connections over the internet Manual Function di...

Page 21: ...nterface for firmware update assignment of tunneling connection etc Settings active All settings of the Web Interface are available to the user Only status Security critical functions are only displayed as status in the Web Interface and no changes can be made Settings locked No Web Interface can be accessed HTTP port 80 8080 Setting the HTTP port for the Web interface DNS Server any 0 0 0 0 Enter...

Page 22: ...ther things how the connection is displayed in the ETS Any name with a maximum length of 50 characters can be entered Secure commissioning Activation deactivation of Secure Commissioning If a device is not commissioned safely the secure functions are deactivated see also 3 Safety IP Secure Data Secure Secure Tunneling Activation deactivation of Secure Tunneling If Secure Tunneling is activated the...

Page 23: ... Subnet Mask Standard Gateway This can only be set with the setting Use a static IP address The netmask is used by the unit to determine whether a communication partner is in the local network If a partner is not in the local network the unit does not send the telegrams directly to the partner but to the gateway which takes over the forwarding The setting of the gateway makes it possible for netwo...

Page 24: ...gs without Secure The following table shows the setting options for this submenu ETS Text Dynamic Range Default value Comment Host name 30 signs any MDT KNX IP Router Any name can be chosen here but it should be as meaningful as possible Enable slow connections enable disable Adjust the timeout for tunneling connections By default slow connections are not supported and a short timeout is used for ...

Page 25: ...not in use Setting whether the IP address should be assigned automatically via DHCP or manually be set in further submenus The following settings are displayed for Do not use DHCP IP address 0 255 0 255 0 255 0 255 0 0 0 0 IP address of the router only with manual IP address assignment Net mask 0 255 0 255 0 255 0 255 0 0 0 0 Subnet mask of the network only with manual IP address assignment Gatewa...

Page 26: ...whether a communication partner is located in the local network Should not be a partner in the local network the device does not send the telegrams directly to the partner but to the gateway which handles the routing The setting of the gateway makes it possible for networks which are based on different protocols to communicate with each other Note If the KNX IP Interface is only be used in the loc...

Page 27: ...Table 5 Settings KNX Multicast Address IP Routing Multicast Address The KNX multicast address determines the destination address of the IP telegrams of the KNX IP Router The default is 224 0 23 12 This is the address for KNX IP devices specified by the KNX Association together with the IANA They should only be changed if there is caused by the existing network the need to do so It must be noted th...

Page 28: ...l route configure Setting the filtering of telegrams on the main line Group telegrams transmit all block filter Defining the treatment of group telegrams Main group telegrams 14 15 transmit all block filter Defining the treatment of group telegrams of the main lines 14 and 15 Physical telegrams transmit all block filter Defining how physically addressed telegrams are to be treated Table 6 Settings...

Page 29: ... IP filter Here is checked against the filter table whether the received group telegram is forwarded to IP The filter table is automatically generated by the ETS Physically addressed telegrams block Physically addressed telegrams are blocked by the KNX IP router With this setting it is not possible to send out physically addressed telegrams from the line below the KNX IP Router into another line f...

Page 30: ...ysical route configure Setting the filtering of telegrams on the sub line Group telegrams transmit all block filter Defining the treatment of group telegrams of groups 0 31 except the groups 14 15 Sub group telegrams 14 15 transmit all block filter Defining the treatment of group telegrams of main groups 14 and 15 Physical telegrams transmit all block filter Defining how physically addressed teleg...

Page 31: ...parameters are freely adjustable For all other Configuration the parameters are set to fixed values according to the setting The effects of the individual settings for the relevant parameters are described in detail below Group telegrams block No group telegrams of the respective main groups are routed to KNX EIB transmit all All group telegrams of the respective main group are routed independentl...

Page 32: ...e can be used as an interface to KNX EIB Therefore connect the IP Router to the KNX bus and the network 4 7 1 Procedure ETS 4 Attention In ETS4 only the application without Secure can be used Data Secure is only supported from ETS 5 7 2 on Select the menu Communication in the folder Settings Figure 18 Settings ETS4 Communication Here the IP Router should be listed in the Discovered connections Fig...

Page 33: ...1 Tel 49 2263 880 Fax 49 2263 4588 knx mdt de www mdt de 33 The connection can be chosen as active by clicking on Select Now the settings for this interface can be configured by selecting the button Settings Figure 20 ETS4 Local Interface Settings Here the first tunneling address can be assigned ...

Page 34: ...u Bus Figure 21 ETS5 Bus Interfaces Here the IP Router should be listed in the Discovered connections Figure 22 ETS5 Discovered connections After selecting the IP Router IP Interface press button Test If OK you can press button Select Now device is shown as Current Interface For the selected IP router IP interface the first tunneling connection can then be set Figure 23 ETS5 IP Tunneling connectio...

Page 35: ... the ETS connections In the Web Interface the further physical addresses can be assigned automatically by pressing the Set button in the menu Prog Mode Figure 24 Set Tunneling Addresses without Secure Now the 3 following physical addresses are assigned If for example the IP Router has got the first tunneling address assigned to the physical address 15 15 241 so the device provides further tunnelin...

Page 36: ...ax 49 2263 4588 knx mdt de www mdt de 36 4 7 3 2 Procedure for IP Router with Secure The addresses in the ETS 5 are set here Figure 25 Set Tunneling Addresses in ETS5 with Secure By selecting the tunneling channel the name and address can be changed in the Properties Figure 26 Set Tunneling Address ETS5 Properties ...

Page 37: ... delay time The Startup delay time determines the time between a bus voltage recovery and a functional device start Telegram Operation With the cyclic In operation telegram a failure detection for this device can be realized Language for email content Here is selected in which language the email contents are sent Device name The device name is displayed in the e mail and can be integrated via macr...

Page 38: ...et via ETS After the set time the Web interface is no more accessible and can only be reached after a restart or after an activation of the web interface via object Temporary activation of the web interface for Email event The parameter allows the temporal activation of the web interface after sending an email Activation deactivation of the web interface over object To activate via bus regardless ...

Page 39: ...d cyclic system time each Setting whether the system time is to be sent cyclically Summer Winter time change Setting whether the time is switched automatically between summer and winter time Time difference to universal time UTC Setting of time zone The following communication objects are displayed Number Name Length Usage 2 Time 3 Byte Sending Time 3 Date 3 Byte Sending Date 4 Date Time 8 Byte Se...

Page 40: ...on of the e mail functionality such as sending e mail address e mail recipients etc is made in the web interface see 5 Web interface 5 2 1 Status elements The following settings are available for the status elements here the example of status element 1 Figure 30 Settings Status elements Each state element a display name and a data point type can be assigned The display name can then be reported in...

Page 41: ...point type Dynamic range 2 Byte unsigned value 0 65535 2 Byte signed value 32768 32767 2 Byte floating value 670760 670760 Table 12 Status elements 2 Byte Length 4 Byte Data point type Dynamic range 4 Byte unsigned value 0 4 294 967 295 4 Byte signed value 2 147 483 648 2 147 483 647 4 Byte floating value Floating point according to IEEE 754 Table 13 Status elements 4 Byte Length 14 Byte String Da...

Page 42: ... see 5 2 2 1 Macros Setting of the text to be displayed in the email Send behaviour send at ON send at OFF send at change to ON or OFF send at change to ON send at change to OFF Setting when the e mail should be sent Send email to destination address 1 yes no Setting whether to send to recipients 1 Send email to destination address 2 yes no Setting whether to send to recipients 2 Send email to des...

Page 43: ... the value of the Status element 11 be displayed so must be entered V11 For the Status element 1 it is enough to enter V1 A semicolon creates a line break or writes the first part before the semicolon in the subject line of the email Examples For the following examples the device name MDT is given The status element 1 has the name light kitchen and the data point type 1 bit switching 1 Texts for E...

Page 44: ...ipients 1 Send email to destination address 2 yes no Setting whether to send to recipients 2 Send email to destination address 3 yes no Setting whether to send to recipients 3 Table 18 Settings Text Alarm A text alarm is triggered as soon as a value is written to the corresponding communication object To send longer texts than 14 characters After sending a value to the corresponding communication ...

Page 45: ...2 yes no Setting whether to send to recipients 2 Send email to destination address 3 yes no Setting whether to send to recipients 3 Status element 1 30 not contained in E Mail contained in E Mail Setting whether the status element should be displayed in the email Table 20 Settings Status report The status report can be sent cyclically once a week once a month as well as being transmitted via objec...

Page 46: ...t Between the attempts the subsequent delays will be respected o Delay before first repeat 10 seconds o Delay before second repeat 1 minute o Delay before third repeat 10 minutes The email was tried 1 time to be sent and it failed and the previous e mail delivery was also flawed The following table shows the corresponding communication object Number Name Length Usage 52 E Mail Error code 1 Byte Se...

Page 47: ...X 3 Date Send current date 3 Byte X X X 4 Date Time Send current date and time 8 Byte X X X 51 E Mail buffer Overflow 1 Bit X X X 52 E Mail Error code 1 Byte X X X 53 NTP Time Server Error 1 Bit X X X 54 Web interface Lock status 1 Bit X X X 55 Web interface Lock 1 Bit X X Email Function 5 Status report 1 Send E Mail 1 Bit X X 1 next Status report 8 Text alarm 1 Send E Mail 14 Byte X X 1 next Text...

Page 48: ...hat both support Data Secure are connected to a group address the ETS automatically sets this group address to Security active This is indicated by a blue protection shield in the Security tab Figure 34 Secured group address Using the Security tab in the group address settings you can explicitly disable or enable security for this group address The automatic setting is the default setting In this ...

Page 49: ...ess in the address bar http ip address Port Example The following settings are made for the IP interface Figure 36 Web Interface Example IP Configuration Here insert http 192 168 1 178 8080 to the address bar The IP address of the IP Router can also be viewed in the ETS settings under Bus Interfaces 2 Via the Windows Explorer Go to the Windows Explorer and open the folder Network Here your IP Rout...

Page 50: ... settings of the IP Router such as MAC address IP address network settings software version etc Prog Mode In the menu Prog Mode the programming LEDs for the TP and the IP side can be switched ON and OFF Furthermore the allocated physical addresses the tunneling addresses and serial number can be seen Email In the menu Email the e mail functionality can be set see also 6 3 Time In the menu Time inf...

Page 51: ... 1 Tel 49 2263 880 Fax 49 2263 4588 knx mdt de www mdt de 51 6 3 Settings of E Mail functionality To set up E mail functionality open the menu E mail and click Settings Figure 38 Web Interface Destination E Mail test Subsequently the following menu opens Figure 39 Web Interface E Mail settings ...

Page 52: ...ail address This can vary depending on the provider and can be e g a complete e mail address a user name or an ID Password Enter the password you use to log in to your e mail address Note The following example is made with the German provider WEB DE For details regarding the specifications of other providers outside Germany please check with your local provider If searching for server data e g at ...

Page 53: ...il live com SMTP server port 587 Strato SMTP server address smtp strato de SMTP server port 587 All data of the email providers are on the state of the manual see front page and are not guaranteed Into the Destination E mail address insert all email addresses max 3 to which you want to send an email Then you close the menu by the OK button In the following menu the e mail configuration can be test...

Page 54: ... Email address o Destination E Mail address is invalid Check destination E Mail address Error 9 Socket unexpectedly closed Restart the device and if necessary reprogram Error 12 Unknown unsupported server authentication request 535 Authentication credentials invalid o Invalid username or password Check username and or password 6 5 Receive E Mail as push message E mails can be received as a push me...

Page 55: ...tings ETS4 Communication 32 Figure 19 Settings ETS4 Discovered connections 32 Figure 20 ETS4 Local Interface Settings 33 Figure 21 ETS5 Bus Interfaces 34 Figure 22 ETS5 Discovered connections 34 Figure 23 ETS5 IP Tunneling connection 34 Figure 24 Set Tunneling Addresses without Secure 35 Figure 25 Set Tunneling Addresses in ETS5 with Secure 36 Figure 26 Set Tunneling Address ETS5 Properties 36 Fig...

Page 56: ... Communication objects Time Date 39 Table 10 Status elements 1 Bit 40 Table 11 Status elements 1 Byte 41 Table 12 Status elements 2 Byte 41 Table 13 Status elements 4 Byte 41 Table 14 Status elements 14 Byte 41 Table 15 Communication objects Status elements 41 Table 16 Setting options Bit Alarm 42 Table 17 Communication objects Bit Alarm 42 Table 18 Settings Text Alarm 44 Table 19 Communication ob...

Page 57: ...ying around careless plastic foil bags etc can be a dangerous toy for kids 8 2 Disposal routine Do not throw the waste equipment in the household rubbish The device contains electrical devices which must be disposed as electronic scrap The casing contains of recyclable synthetic material 8 3 Assemblage Danger to life due to electric current All activities on the device should only be done by an el...

Reviews:

No comments

Related manuals for SCN-IP000.03

Watchguard Wireless Router Quick Start Manual preview
Wireless Router
Brand: Watchguard Pages: 11
D-Link DWR-712 Quick Installation Manual preview
DWR-712
Brand: D-Link Pages: 32
D-Link DIR-456 Quick Installation Manual preview
DIR-456
Brand: D-Link Pages: 28
D-Link DIR-820 Quick Installation Manual preview
DIR-820
Brand: D-Link Pages: 48
D-Link EXO DIR-2660 Quick Installation Manual preview
EXO DIR-2660
Brand: D-Link Pages: 83
D-Link DIR-508L User Manual preview
DIR-508L
Brand: D-Link Pages: 155
Xantrex C12 Owner'S Manual preview
C12
Brand: Xantrex Pages: 8
Lantronix Device Server UDS 10 Hardware Manual preview
Device Server UDS 10
Brand: Lantronix Pages: 8
Multitech MultiConnect SE MTS2EA Quick Start Manual preview
MultiConnect SE MTS2EA
Brand: Multitech Pages: 8
Ace ADSL2+ Wireless MIMO Router User Manual preview
ADSL2+ Wireless MIMO Router
Brand: Ace Pages: 64
KYLAND Technology KIEN1009 Hardware Installation Manual preview
KIEN1009
Brand: KYLAND Technology Pages: 24
EXAGATE SYSGuard 6001 Quick Installation Manual preview
SYSGuard 6001
Brand: EXAGATE Pages: 7
Hameg HM6050-2K Manual preview
HM6050-2K
Brand: Hameg Pages: 46
Pakedge RT-3100 Quick Start Manual preview
RT-3100
Brand: Pakedge Pages: 8
Ultra Fan Commander User Manual preview
Fan Commander
Brand: Ultra Pages: 4
3Com HiPer DSP Getting Started Manual preview
HiPer DSP
Brand: 3Com Pages: 17
Icy Box IB-NAS902 User Manual preview
IB-NAS902
Brand: Icy Box Pages: 17
Westlock Controls Corporation Intellis 7604 Installation And Operation Manual preview
Intellis 7604
Brand: Westlock Controls Corporation Pages: 39

Brands by name

Popular brands

Load more brands