background image

©

2019 WEINZIERL ENGINEERING GmbH 

Page 1/8

 

 

Operation and installation manual

 

KNX IP Router 752 

secure

 

(Art. # 5249)  

Compact bus powered Router between LAN/Ethernet and KNX bus with KNX security 
 

 

 

KNX IP Router 752

 secure

 

 

 
Application 

The compact KNX IP Router 752 

secure

 enables the forwarding 

of telegrams between different lines via a LAN (IP) as a fast 
backbone. The device also serves as a programming interface 
between a PC and the KNX bus (e.g. for ETS programming). 
 
The device supports KNX Security. The option can be activated 
in the ETS. As a secure router, the device enables the coupling 
of unsecured communication on a KNX TP line with a secure IP 
backbone. 
 
KNX Security also prevents unauthorised access to the interface 
function (tunneling). 
 
The IP address can be assigned via DHCP or via the ETS con-
figuration. The device operates according to the KNXnet/IP 
specification using core, device management, tunneling and 
routing. 
 
The KNX IP Router 752 

secure

 has an extended filter table for 

main groups 0..31 and can buffer up to 150 telegrams. Power is 
supplied via the KNX bus. 
 
 

KNX Security 

 

The KNX standard was extended by KNX Security to protect 
KNX installations from unauthorized access. KNX Security relia-
bly prevents the monitoring of communication as well as the 
manipulation of the system. 

The specification for KNX Security distinguishes between KNX 
IP Security and KNX Data Security. KNX IP Security protects the 
communication over IP while on KNX TP the communication 
remains unencrypted. Thus KNX IP Security can also be used in 
existing KNX systems and with non-secure KNX TP devices. 

KNX Data Security describes the encryption at telegram level. 
This means that the telegrams on the twisted pair bus are also 
encrypted. 

KNX IP Security for the router function 

The coupling of individual KNX TP lines via IP is referred as KNX 
IP routing. Communication between all connected KNX IP rout-
ers takes place via UDP multicast. 

Routing communication is encrypted with KNX IP Security. This 
means that only IP devices that know the key can decrypt the 
communication and send valid telegrams. A time stamp in the 
routing telegram ensures that no previously recorded telegrams 
can be replayed. This prevents the so-called replay attack. 

The key for the routing communication is reassigned by ETS for 
each installation. If KNX IP Security is used for routing, all con-
nected KNX IP devices must support security and be configured 
accordingly. 

KNX IP Security for the interface function 

When using a KNX IP router as an interface to the bus, access 
to the installation is possible without security for all devices that 
have access to the IP network. With KNX Security a password is 
required. A secure connection is already established for the 
transmission of the password. All communication via IP is en-
crypted and secured. 

KNX Data Security for the device 

The KNX IP Router 752 

secure

 also supports KNX Data Security 

to protect the device from unauthorised access from the KNX 
bus. If the KNX IP router is programmed via the KNX bus, this is 
done with encrypted telegrams. 

 

Encrypted telegrams are longer than the previously used 
unencrypted ones. For secure programming via the bus, 
it is therefore necessary that the interface used (e.g. 
USB) and any intermediate line couplers support the so-
called KNX long frames. 

KNX Data Security for group telegrams 

Telegrams from the bus that do not address the KNX IP Router 
as a device are forwarded or blocked according to the filter 
settings (parameters and filter table). It does not matter whether 
the telegrams are unencrypted or encrypted. Forwarding takes 
place exclusively on the basis of the destination address. The 
security properties are checked by the respective recipient. 

KNX Data Security and KNX IP Security can be used in parallel. 
In this case, for example, a KNX sensor would send a group 
telegram encrypted with KNX Data Security to the bus. When 
forwarding via KNX IP with KNX IP Security, the encrypted 
telegram would be encrypted again just like unencrypted ones. 
All participants on the KNX IP level that support KNX IP Security 
can decode the IP encryption, but not the data security. Thus the 
telegram from the other KNX IP routers is again transmitted to 
the target line(s) with KNX Data Security. Only devices that know 
the key used for data security can interpret the telegram. 

EN 

 

Summary of Contents for 5249

Page 1: ... and send valid telegrams A time stamp in the routing telegram ensures that no previously recorded telegrams can be replayed This prevents the so called replay attack The key for the routing communication is reassigned by ETS for each installation If KNX IP Security is used for routing all con nected KNX IP devices must support security and be configured accordingly KNX IP Security for the interfa...

Page 2: ...upler If the individual address is in the form of x y 0 x y 1 15 the router operates as a line coupler If it is in the form of x 0 0 x 1 15 the router acts as a backbone coupler Switch LAN KNX IP Router 752 secure 1 0 0 KNX IP Router 752 secure 2 0 0 KNX TP 1 1 0 1 2 0 1 2 1 1 2 6 1 2 5 1 2 4 1 2 3 1 2 2 1 1 1 1 1 6 1 1 5 1 1 4 1 1 3 1 1 2 KNX TP 2 1 0 2 2 0 2 2 1 2 2 6 2 2 5 2 2 4 2 2 3 2 2 2 2 1...

Page 3: ...indications of the IP LED For testing purposes for example during commissioning the configured routing settings filter or block can be bypassed via manual operation With the button Pass GAs the forwarding of group addressed telegrams can be activated With the button Pass IAs the forwarding of individually ad dressed telegrams can be activated This is visualized with a single flash of the Mode LED ...

Page 4: ...ace function the device contains additional individu al addresses that can be set in the ETS When a client e g ETS sends via the KNX IP Router telegrams to the bus they contain a sender address as one from the additional addresses Each address is associated with a connection Thus response telegrams can be clearly transmitted to the respective client The additional individual addresses must be sele...

Page 5: ...dresses for the interface connections are displayed in the topol ogy view Each individual KNX address can be changed by clicking on the list entry and typing in the desired address into the Individual Address text field If the text field frame switches to color red after entering the address the address is already taken within your ETS project Make sure that none of the addresses above are already...

Page 6: ...nzierl de ETS parameter dialogue The following parameters can be set using the ETS General settings Prog mode on device front In addition to the normal programming button the device allows activating the programming mode on the device front without opening the switchboard cover The programming mode can be activated and deactivated via pressing simultaneously both buttons and This feature can be en...

Page 7: ...whether the received group telegram should be routed to KNX Group telegrams main group 14 to 31 Block No group telegrams of main groups 14 to 31 are routed to KNX Route All group telegrams of the main groups 14 to 31 are routed to KNX Filter The filter table is used to check whether the received group telegram should be routed to KNX Individually addressed telegrams Block No individually addressed...

Page 8: ...rm downloads via IP Open Source Licenses This product contains open source software license curve25519 donna Curve25519 elliptic curve public key func tion Source http code google com p curve25519 donna Copyright 2008 Google Inc All rights reserved Redistribution and use in source and binary forms with or with out modification are permitted provided that the following condi tions are met Redistrib...

Reviews: