background image

 

 

 

Product Description 

 

MECip 

SECURE 

 

 

 

- 10 - 

1.5

 

Secure Commissioning 

Before the secured download of a configuration setting and/or the Individual Address can 
start, the individual Device Certificate of MECip-Sec must have been added to the ETS 
project. To be able to add it, the ETS project must be password-protected. 

 

A secured download is only possible after activation of Secure Commissioning. 

 

Activation of Secure Commissioning demands the individual Device Certificate. 

 

Device Certificates can only be added to a password-protected ETS project. 

When no project password is set, Secure Commissioning cannot be activated. ETS projects 
with having Secure Commissioning and/or IP Security set to active always require pre-setting 
a project password. Having no project password set on activation, the ETS then asks to type it 
in. 

 

Figure 3: Set Project Password 

 

The individual Device Certificate always is enclosed with a KNX Secure product. To keep 
the product fully configurable by the user, it is important to make sure the Device 
Certificate cannot be lost (please note chapte

1.7 Safekeeping of Device Certificate

). 

 

Содержание MECip-Sec

Страница 1: ...MECip SECURE MECip Sec KNX IP Secure Router Technical Application Description...

Страница 2: ...t written approval it may not be reproduced or commercialized distributed or presented to other individuals for commercial purpose Details and information contained within may be subject to change wit...

Страница 3: ...ice Certificate 12 1 8 Feature Summary 13 2 KNXnet IP 14 2 1 IP Secure Tunneling 14 2 2 IP Secure Routing 14 2 3 IP Firmware Update 14 3 KNX Secure 15 4 Operational Description 16 4 1 IP Secure Router...

Страница 4: ...nd 31 6 1 Protection of the MECip Sec Web Front end 31 6 2 Accessing the MECip Sec Web Front end 32 6 2 1 via Windows Explorer 32 6 2 2 via IP Address 33 6 2 3 via MAC Address 34 6 3 Device Info 35 6...

Страница 5: ...s firmware via IP With using this web front end it s easy to identify MECip Sec in an installation by remotely switching on the Programming LED For reasons of protection the web frontend can be deacti...

Страница 6: ...ors State IP Main line Ethernet Connector Bus State KNX TP Subline Function Button Telegram Traffic IP Main line Programming Button Telegram Traffic KNX TP Subline KNX TP Connector Group Address Routi...

Страница 7: ...Traffic IP Main line blinking green Telegram traffic extent indicated by blinking off No telegram traffic Telegram Traffic KNX TP Subline blinking green Telegram traffic extent indicated by blinking b...

Страница 8: ...ge red filter route all block all Individual Address Routing Table 4 LED Status Display for Factory Reset after first Function Button Press Number LED Color Comment State IP orange lights red if not c...

Страница 9: ...mmissioning requires the Device Certificate Activation of Secure Commissioning requires a minimum ETS version see also Security functions Figure 2 Connection Scheme To start a secured configuration do...

Страница 10: ...e Certificate Device Certificates can only be added to a password protected ETS project When no project password is set Secure Commissioning cannot be activated ETS projects with having Secure Commiss...

Страница 11: ...upply The device may only be installed and put into operation by a qualified electrician or authorized person For planning and construction of electric installations the appropriate specifications gui...

Страница 12: ...ces that are used within the ETS project ETS then automatically uses the correct certificates for programming the relevant devices For clear identification of the device after removing the tear off pa...

Страница 13: ...mes available Settings to increase data throughput and decrease high bus traffic are featured IACK sending on sent out messages is configurable Repetition is configurable for both Physical Telegrams a...

Страница 14: ...nnections become secured This means the data communication of every channel is encrypted and the possibility is offered to protect the single channels by passwords 2 2 IP Secure Routing Regarding KNX...

Страница 15: ...ecure couplers in secure mode and plain KNX IP Secure couplers cannot be configured when IP Backbone Security is on Encrypted KNX telegrams that are processed by secured devices can be distinguished b...

Страница 16: ...not When MECip Sec receives telegrams that use group addresses as destination only the telegrams whose group addresses are entered in the filter table are routed If a telegram is routed by MECip Sec...

Страница 17: ...have the same IP multicast address Multicast IP address 224 0 23 12 may need to be changed in respect of the network type and of the network components settings It is recommended to change this addre...

Страница 18: ...absolutely mandatory to guarantee proper functioning In a KNX system with MECip Sec backbone couplers and MECtp Sec line couplers it is necessary to ensure that every MECip Sec has an address assigne...

Страница 19: ...taking a webcam picture of the QR code that is additionally contained on the tear off part of the Device Certificate side label Figure 6 Tear off Part of the Device Certificate Side Label After openin...

Страница 20: ...Operational Description MECip SECURE 20 Figure 8 Adding Device Certificate...

Страница 21: ...hes Programming Mode on and off LED 7 lighting red indicates Programming Mode is on Once the download is started in ETS the Programming Button has to be pressed After that the new Individual Address b...

Страница 22: ...toIP the Obtain an IP address automatically option must be set For more details and information about configuring IP networks please ask your local network administrator Figure 10 Automatic IP Address...

Страница 23: ...used as ETS Current Interface and its IP address is changed by a configuration download ETS tries to maintain the connection to the Current Interface having the previous IP address To be more exact t...

Страница 24: ...ction and set the Switch off time use the parameter tab General like shown in chapter 5 1 General After switching back from Manual Function to normal operation the latest downloaded filter parameter s...

Страница 25: ...st update button in the web front end MECip Sec switches to its boot mode see chapter 6 5 Firmware Update and Status update authorized is indicated Figure 13 Authorized Update Request Table 8 Activati...

Страница 26: ...Group telegrams pass all telegrams Configuration setting for telegram routing when the Manual Function is active Switch off time for Manual Function 10 min 1 hour 4 hours 8 hours 1 hour After expiry o...

Страница 27: ...ering and route all telegrams are transmitted To set telegram routing different as available here use configure Group telegrams Main group 0 13 transmit all not recommended block filter filter Filteri...

Страница 28: ...Routing of Physical Telegrams and Group Telegrams can be set to block no routing filter telegrams are routed according to filtering and route all telegrams are transmitted To set telegram routing diff...

Страница 29: ...er subline transmission error e g due to missing receiver Group telegrams can be not repeated be repeated only once or be repeated for max 3 times Telegram confirmation on subline if routed always if...

Страница 30: ...dow must be used A click on the Tunneling Channel opens the channel s Properties window for configuring Then up to four Individual Addresses of the subline can be set Figure 17 Configuring of IP Secur...

Страница 31: ...ttings To raise protection for an installation the web front end availability is configurable The highest degree is reached when not available is set for normal runtime operation To use the remote fun...

Страница 32: ...owser the correct HTTP port must be used Factory default HTTP port is 8080 6 2 1 via Windows Explorer When the web front end is set to be available MECip Sec appears in the local network window due to...

Страница 33: ...set IP configuration HTTP port IP address and DHCP in the URL bar has to be entered without brackets http IP address HTTP port Example1 DHCP is not used With the latest ETS download the IP address was...

Страница 34: ...ce in the Windows explorer Due to name resolution it is mandatory to establish communication by Host name Hereby activation of NetBIOS is necessary Use the MAC address AA BB CC XX YY ZZ and the pre se...

Страница 35: ...vice Info After accessing the web front end the Device Info tab appears General information about actual device state current settings device parameters like addresses names etc and software versions...

Страница 36: ...is additionally visible The red curve shows the maximum busload on TP and the green one shows the average busload on TP Figure 24 KNX Tab For showing the busload diagram the web browser must support S...

Страница 37: ...must be made sure the new assigned addresses have not been existing in the project before or in the installation When Security is active it is highly recommended not to press the Set button and to ass...

Страница 38: ...b front end instructions from step 3 to step 5 must be followed refresh request update To exit boot mode it is necessary to enter the Update tab of the web front end Then either the firmware update ha...

Страница 39: ...en the request update button appears it has to be pressed to select the update file and enter boot mode Figure 28 Request Update Step 5 The update file can be selected and be uploaded by a click on Up...

Страница 40: ...gment For communication across different lines or segments the couplers connecting the lines generate the relevant IACKs BUSY A BUSY is a negative IACK frame If the sender detects a BUSY then the rece...

Страница 41: ...see Acknowledgement frames Individual Address The Individual Address of a device defines the location of the device within the topology Long Telegrams Long telegrams or long frames are telegrams havi...

Страница 42: ...available since ETS version 5 7 2 ETS Inside 1 4 0 Short Telegrams Short telegrams or short frames are telegrams having an APDU length that is not exceeding 15 octets Short telegrams use the standard...

Страница 43: ...ams main group 0 13 filter filter table is empty Group telegrams main group 14 31 route all Physical telegrams filter KNX TP KNX TP Subline to IP Main line Group telegrams main group 0 13 filter filte...

Страница 44: ...Pollution degree 2 according to IEC60664 1 Protection class III according to IEC61140 Overvoltage category II according to IEC60664 1 Approbation KNX certified according to ISO IEC14543 3 and EN ISO...

Страница 45: ...Technical MECip SECURE 45 8 3 Drawings Dimensions shown here are specified in mm The total device width is 2 modules at 18 mm Figure 30 Dimension drawings...

Страница 46: ...ovided with the distribution The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission THIS SOFTWARE IS PROVIDED BY THE...

Страница 47: ...on again dis reconnection of KNX TP line Is it Ok to connect and disconnect the Ethernet cable quickly No Don t do this Before reconnection wait for a few seconds What shows the Programming LED if the...

Страница 48: ...b front end Update tab must be used or after 10 min it will be switched off automatically Is it possible to do a Reset during the device is in boot mode No LED 2 Bus State KNX TP will light up red whe...

Страница 49: ...IP address in the IP window of the device properties download the application and select the MECip Sec that is now indicated by the new IP address I want to set filter settings but LED 5 works not as...

Страница 50: ...e R1 0 March 2022 TAD is intended for x 0 1 2 and y a b c Firmware 3 0 x Databases R1 0y ETS version ETS5 7 3 and higher Weblink to actual ETS Database https www tapko de mecip sec Contact sales tapko...

Отзывы: