©
2019 WEINZIERL ENGINEERING GmbH
Page 1/8
Operation and installation manual
KNX IP Router 752
secure
(Art. # 5249)
Compact bus powered Router between LAN/Ethernet and KNX bus with KNX security
KNX IP Router 752
secure
Application
The compact KNX IP Router 752
secure
enables the forwarding
of telegrams between different lines via a LAN (IP) as a fast
backbone. The device also serves as a programming interface
between a PC and the KNX bus (e.g. for ETS programming).
The device supports KNX Security. The option can be activated
in the ETS. As a secure router, the device enables the coupling
of unsecured communication on a KNX TP line with a secure IP
backbone.
KNX Security also prevents unauthorised access to the interface
function (tunneling).
The IP address can be assigned via DHCP or via the ETS con-
figuration. The device operates according to the KNXnet/IP
specification using core, device management, tunneling and
routing.
The KNX IP Router 752
secure
has an extended filter table for
main groups 0..31 and can buffer up to 150 telegrams. Power is
supplied via the KNX bus.
KNX Security
The KNX standard was extended by KNX Security to protect
KNX installations from unauthorized access. KNX Security relia-
bly prevents the monitoring of communication as well as the
manipulation of the system.
The specification for KNX Security distinguishes between KNX
IP Security and KNX Data Security. KNX IP Security protects the
communication over IP while on KNX TP the communication
remains unencrypted. Thus KNX IP Security can also be used in
existing KNX systems and with non-secure KNX TP devices.
KNX Data Security describes the encryption at telegram level.
This means that the telegrams on the twisted pair bus are also
encrypted.
KNX IP Security for the router function
The coupling of individual KNX TP lines via IP is referred as KNX
IP routing. Communication between all connected KNX IP rout-
ers takes place via UDP multicast.
Routing communication is encrypted with KNX IP Security. This
means that only IP devices that know the key can decrypt the
communication and send valid telegrams. A time stamp in the
routing telegram ensures that no previously recorded telegrams
can be replayed. This prevents the so-called replay attack.
The key for the routing communication is reassigned by ETS for
each installation. If KNX IP Security is used for routing, all con-
nected KNX IP devices must support security and be configured
accordingly.
KNX IP Security for the interface function
When using a KNX IP router as an interface to the bus, access
to the installation is possible without security for all devices that
have access to the IP network. With KNX Security a password is
required. A secure connection is already established for the
transmission of the password. All communication via IP is en-
crypted and secured.
KNX Data Security for the device
The KNX IP Router 752
secure
also supports KNX Data Security
to protect the device from unauthorised access from the KNX
bus. If the KNX IP router is programmed via the KNX bus, this is
done with encrypted telegrams.
Encrypted telegrams are longer than the previously used
unencrypted ones. For secure programming via the bus,
it is therefore necessary that the interface used (e.g.
USB) and any intermediate line couplers support the so-
called KNX long frames.
KNX Data Security for group telegrams
Telegrams from the bus that do not address the KNX IP Router
as a device are forwarded or blocked according to the filter
settings (parameters and filter table). It does not matter whether
the telegrams are unencrypted or encrypted. Forwarding takes
place exclusively on the basis of the destination address. The
security properties are checked by the respective recipient.
KNX Data Security and KNX IP Security can be used in parallel.
In this case, for example, a KNX sensor would send a group
telegram encrypted with KNX Data Security to the bus. When
forwarding via KNX IP with KNX IP Security, the encrypted
telegram would be encrypted again just like unencrypted ones.
All participants on the KNX IP level that support KNX IP Security
can decode the IP encryption, but not the data security. Thus the
telegram from the other KNX IP routers is again transmitted to
the target line(s) with KNX Data Security. Only devices that know
the key used for data security can interpret the telegram.
EN