LOYTEC LIP-ME20X User manual
LIP-ME20X
L-IP™BACnet Router
User Manual
LOYTEC electronics GmbH
Contact
LOYTEC electronics GmbH
Blumengasse 35
1170 Vienna
AUSTRIA/EUROPE
http://www.loytec.com
Version 7.2
Document №88073509
LOYTEC MAKES AND YOU RECEIVE NO WARRANTIES OR CONDITIONS,
EXPRESS, IMPLIED, STATUTORY OR IN ANY COMMUNICATION WITH YOU,
AND
LOYTEC SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTY OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. THIS
PRODUCT IS NOT DESIGNED OR INTENDED FOR USE IN EQUIPMENT
INTENDED FOR SURGICAL IMPLANT INTO THE BODY OR OTHER
APPLICATIONS INTENDED TO SUPPORT OR SUSTAIN LIFE, FOR USE IN
FLIGHT CONTROL OR ENGINE CONTROL EQUIPMENT WITHIN AN
AIRCRAFT, OR FOR ANY OTHER APPLICATION IN WHICH IN THE FAILURE
OF SUCH PRODUCT COULD CREATE A SITUATION IN WHICH PERSONAL
INJURY OR DEATH MAY OCCUR.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted,
in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise,
without the prior written permission of LOYTEC.
LC3020, L-Chip, L-Core, L-DALI, L-GATE, L-INX, L-IOB,
LIOB-Connect, LIOB-FT, L-IP, LPA, L-Proxy, L-Switch, L-Term,
L-VIS, L-WEB, L-ZIBI, ORION™ stack and Smart Auto-Connect™are
trademarks of LOYTEC electronics GmbH.
LonTalk®, LONWORKS®, Neuron®, LONMARK®, LonMaker®, i.LON®, and LNS®are
trademarks of Echelon Corporation registered in the United States and other countries.
LIP-ME201 User Manual 3 LOYTEC
Version 7.2 LOYTEC electronics GmbH
Contents
1Introduction ..................................................................................................7
1.1 Overview ..............................................................................................................7
1.2 LIP-ME20X Models............................................................................................8
1.3 Scope.....................................................................................................................8
2Disclaimer Cyber Security...........................................................................9
3Safety Instructions......................................................................................10
4What’s New in LIP-ME20X ......................................................................14
4.1 New in LIP-ME20X 7.2.0..................................................................................14
4.2 New in LIP-ME20X 6.4.0..................................................................................16
4.3 New in LIP-ME20X 6.0.0..................................................................................17
4.4 New in LIP-ME20X 5.3.0..................................................................................17
4.5 New in LIP-ME20X 5.1.0..................................................................................18
5Quick-Start Guide......................................................................................20
5.1 Hardware Installation and IP Connection......................................................20
5.2 Configuration of the LIP-ME20X....................................................................20
5.2.1 Configuration on the Web Interface.........................................................20
5.2.2 Configuration on the LCD Display ..........................................................20
5.3 Remote Protocol Analyzer................................................................................22
5.4 Reset to Factory Defaults..................................................................................22
6Hardware Installation................................................................................23
6.1 Enclosure............................................................................................................23
6.2 Product Label....................................................................................................23
6.3 Mounting............................................................................................................23
6.4 LED signals........................................................................................................24
6.4.1 MSTP Activity LED ................................................................................24
6.5 LCD Display and Jog Dial................................................................................24
6.6 Wiring ................................................................................................................26
7Firmware Update........................................................................................27
7.1 Firmware Update via the Web Interface.........................................................27
7.2 Firmware Update via the USB Port.................................................................27
8Troubleshooting..........................................................................................28
8.1 Technical Support.............................................................................................28
8.2 Packet Capture..................................................................................................28
9Security Hardening Guide.........................................................................29
9.1 Installation Instructions....................................................................................29
LIP-ME201 User Manual 4 LOYTEC
Version 7.2 LOYTEC electronics GmbH
9.2 Firmware........................................................................................................... 29
9.3 Ports................................................................................................................... 29
9.4 Services.............................................................................................................. 30
9.5 Upgrade Key Strength...................................................................................... 30
9.6 Logging and Auditing....................................................................................... 31
10Specifications ..............................................................................................32
10.1 Physical Specifications...................................................................................... 32
10.1.1 LIP-ME201C, LIP-ME202C................................................................... 32
10.1.2 LIP-ME204C........................................................................................... 32
10.2 Resource Limits................................................................................................. 33
11References ...................................................................................................34
12Revision History .........................................................................................35
LIP-ME201 User Manual 5 LOYTEC
Version 7.2 LOYTEC electronics GmbH
Abbreviations
100BaseT ............................100 Mbps Ethernet network with RJ-45 plug
ACL.....................................Access Control List
BACnet ...............................Building Automation and Control Network
BBMD.................................BACnet Broadcast Management Device
BDT ....................................Broadcast Distribution Table
B/IP.....................................BACnet over IP (this is a BACnet data link layer)
DHCP..................................Dynamic Host Configuration Protocol
DNS ....................................Domain Name System
DST.....................................Daylight Saving Time
FD .......................................Foreign Device
FTP .....................................File Transfer Protocol
GMT....................................Greenwich Mean Time
IP.........................................Internet Protocol
LAN ....................................Local Area Network
MAC ...................................Media Access Control
MIB.....................................Management Information Base
MS/TP.................................Master/Slave Token Passing (this is a BACnet data link layer)
NAT ....................................Network Address Translation, see Internet RFC 1631
NTP.....................................Network Time Protocol
OPC.....................................Open Process Control
OPC UA..............................OPC Unified Architecture
RSTP...................................Rapid Spanning Tree Protocol (Standard IEEE 802.1D-2004)
SNMP .................................Simple Network Management Protocol
SSH.....................................Secure Shell
UI........................................User Interface
UTC ....................................Universal Time Coordinated
VPN ....................................Virtual Private Network
WLAN.................................Wireless LAN
LIP-ME20X User Manual 7 LOYTEC
Version 7.2 LOYTEC electronics GmbH
1 Introduction
1.1 Overview
The LIP-ME20X is a BTL-certified BACnet router between MS/TP and B/IP (BACnet over
IP) as well as a BBMD (BACnet Broadcast Management Device) for transportation of
BACnet broadcasts over an IP network with several subnets. Additionally, it can serve as a
BACnet time master and a BACnet MS/TP slave proxy. The LIP-ME20X also provides
additional features such as optional write protection of the BDT, a BACnet/IP access
control list and a simple BBMD communications test to troubleshoot the network. The
MS/TP port supports remote Wireshark packet capture for troubleshooting the MS/TP
channel.
The LIP-ME202C and LIP-ME204C model are true multi-port MS/TP routers that come
with two Ethernet ports and two or four MS/TP ports respectively. The device setup can be
done easily on the LCD display. Each of the MS/TP ports is routed to BACnet/IP and can
serve a full-blown MS/TP channel. Communication settings as well as sophisticated MS/TP
token passing statistics are available on the Web interface per MS/TP port. The remote
Wireshark packet capture feature is also available on each of the MS/TP ports. This makes
the LIP-ME202C and LIP-ME204C a perfect alternative to installing four separate routers,
reducing space and cost.
In addition the LIP-ME20XC models are also equipped with enhanced security features
such as a built-in firewall and a secure Web interface for installation using HTTPS with
self-signed or installable CA certificates. By configuring separate IP networks on the two
Ethernet ports, the BACnet network can be entirely isolated from the configuration
interface.
For perfect integration into building management software such as the LWEB-900 by
LOYTEC, the LIP-ME20XC offers an embedded OPC UA server with certificate
authentication, which exposes important operational parameters as OPC tags. For enhanced
maintainability by IT departments these models provide the same data also through an
SNMP server. Together with the LWLAN-800 adapter the LIP-ME20XC can operate
BACnet/IP on the WLAN. By setting up an access point on the BACnet/IP network, the
device can be used to distribute MS/TP channels on a wireless network.
The LTE-800 mobile interface is available for LIP-ME20XC and offers access over a
mobile network. Together with the integrated OpenVPN client a secure BACnet channel
can be established and the LIP-ME20XC device is also reachable over multi-NAT access
networks, such as LTE.
LIP-ME20X User Manual 8 LOYTEC
Version 7.2 LOYTEC electronics GmbH
1.2 LIP-ME20X Models
This Section provides an overview of the different LIP-ME20X models in Table 1. This
table identifies the different features of those models. Models that possess a certain feature
have a check mark ()in the respective column. If a feature is not available in the particular
model, the column is left blank.
Model
Features
LIP-ME201C
LIP-ME202C
LIP-ME204C
BACnet Router
MS/TP Ports
1
2
4
BBMD
OPC XML-DA
OPC UA
SNMP
LCD Display
USB
Ethernet Switch/Hub
WLAN, LTE
1
1
1
SSH, HTTPS, Firewall
1To operate these protocols an expansion module is needed and must be
ordered separately.
Table 1: Available features in different LIP-ME20X models.
1.3 Scope
This document covers LIP-ME20X devices.
LIP-ME20X User Manual 9 LOYTEC
Version 7.2 LOYTEC electronics GmbH
2 Disclaimer Cyber Security
LOYTEC offers a portfolio of products, solutions and systems with cyber security functions
that enable the secure operation of devices, systems and networks in the field of building
automation and control technology. To ensure that devices, systems, and networks are
always protected against online threats, a holistic security concept is required that is
implemented using the latest technology and is being kept up-to-date. The LOYTEC
portfolio is only one component of such an overall concept.
The customer is responsible for preventing unauthorized access to the devices, systems and
networks. These should only be connected to a network or the Internet if adequate security
measures are in place (e.g. firewalls, separate networks) and a connection is required for
operation. In addition, LOYTEC’s recommendations for securing devices in the Security
Hardening Guide (Chapter 9) must be followed. For additional information, please contact
your support person at LOYTEC or visit our website.
LOYTEC is constantly working on improving the existing products in order to follow the
latest cyber security standards. Therefore, LOYTEC strongly recommends installing
updates as soon as they become available and always using the latest software versions.
LOYTEC explicitly points out that using older versions or refraining from updates increases
the risk of online security threats.
LIP-ME20X User Manual 10 LOYTEC
Version 7.2 LOYTEC electronics GmbH
3 Safety Instructions
ATTENTION
General Safety Instructions
Please regard the following general instructions for project planning and
execution:
Regard all measures or prohibitions of the respective country to avoid
danger of electricity and high voltage.
Other relevant regulations of the respective country.
House installation regulations of the respective country.
Regulations of the utility company.
Any specifications, diagrams, dispositions, cable lists and regulations
of the customer or system integrator.
Any third-party regulations (e.g., general contractor or client).
ATTENTION
Country-specific Safety Regulations
Failure to observe country-specific safety regulations can lead to property
damage and personal injury. Therefore, comply with the country-specific
regulations and the corresponding safety guidelines.
CAUTION
Electrical Safety
Essentially, electrical safety in building automation systems from LOYTEC
is based on the use of extra-low voltage and safe isolation from mains
voltage.
LIP-ME20X User Manual 11 LOYTEC
Version 7.2 LOYTEC electronics GmbH
CAUTION
IEC (SELV, PELV) (world-wide)
Depending on the extra-low voltage earthing (24VAC), this results in an
application according to SELV or PELV in accordance with IEC 60364-4-
41:
Ungrounded = SELV (Safety Extra Low Voltage),
Earth ground = PELV (Protected Extra Low Voltage).
CAUTION
NEC (North America)
Class 2 transformers with energy limitation to 100 VA or Class 2 circuits
with max. 100 VA (using a non-energy-limiting transformer of max.
400VA) combined with overcurrent limits (T-4A fuses) can be used for
each individual 24VAC device. Several fuses for several isolated secondary
circuits per transformer are possible. The same applies to power supplies
with 24VDC.
CAUTION
Device Safety
Device safety is guaranteed by supply with low voltage 24VAC or 24VDC
and a double insulation between mains voltage 230VAC, 24VAC circuits
and the housing or by supply via Power over Ethernet (PoE Class 1). In
addition, the specific regulations for electrical wiring according to this
manual must be observed.
CAUTION
Earth Ground of (System Zero AC/DC 24V)
The following items must be observed when earth-grounding system zero
24VAC:
In principle, both earth-grounding and non-grounding of system zero
of the operating voltage 24VAC is permitted. Important are the local
regulations and customs. Due to functional requirements, earth
ground may be necessary or inadmissible.
It is recommended to ground 24VAC systems unless this contradicts
the manufacturer’s instructions.
To avoid earth loops, systems with PELV may only be connected to
earth ground at one point in the system. Unless otherwise stated,
usually at the transformer.
LIP-ME20X User Manual 12 LOYTEC
Version 7.2 LOYTEC electronics GmbH
CAUTION
The same applies to 24VDC power supplies.
CAUTION
Functional Earth
Functional earth must be connected to the building’s protective earthing
(PE) system on the installation side.
CAUTION
Operating Voltage 24V AC/DC
The power supply must meet the requirements for SELV or PELV.
Permitted deviation of the nominal voltage:
At the transformer or power supply: 24V AC/DC -10 … + 10%
At the device: 24V AC or DC ±10 %
CAUTION
Specification for 24VAC Transformers
IEC: safety transformers according to IEC 61558 with double insulation,
designed for 100% duty cycle to supply SELV or PELV circuits.
U.S.: Class 2 circuits according to UL 5085-3.
For efficiency reasons, the power drawn from the transformer should be at
least 50% of the nominal load.
The nominal power of the transformer must be at least 25 VA. Using a
transformer of smaller size, the ratio of open circuit voltage to voltage at
full load becomes unfavorable (> + 20%).
CAUTION
Specification for 24VDC Power Supplies
Power supplies must be designed for 100% duty cycle to supply SELV or
PELV circuits.
U.S.: Class 2 circuits according to UL 5085-3.
For efficiency reasons, the power drawn from the power supply should be at
least 50% of the nominal load.
LIP-ME20X User Manual 13 LOYTEC
Version 7.2 LOYTEC electronics GmbH
CAUTION
Protection of the 24VAC Supply Voltage
Transformers must be protected on the secondary circuit, according to the
transformer dimensions and the effective load of all connected devices:
Always protect the 24VAC conductor (system potential),
Additionally protect the conductor (system zero) where required.
CAUTION
Protection of the 24VDC Supply Voltage
24VDC power supplies must be short-circuit proof or have an internal
microfuse.
Local regulations must be observed.
CAUTION
Protection of Mains Voltage
Transformers/24VDC power supplies must be protected on the primary
circuit using a control cabinet fuse.
CAUTION
Power over Ethernet (PoE)
LPAD-7 Touch Panels require a PoE Class 1 power supply (max. 12W),
which must be compliant to IEEE 802.3at-2009.
For the power supply of the PoE switches observe the manufacturer’s
specifications.
CAUTION
Attention to External Voltages
Any kind of introduction or spreading of dangerous voltages onto the low-
voltage circuits of the system (e.g. due to incorrect wiring) must be avoided
at any circumstance and represents an immediate life danger or can lead to
the entire or partial destruction of the building automation system.
LIP-ME20X User Manual 14 LOYTEC
Version 7.2 LOYTEC electronics GmbH
4 What’s New in LIP-ME20X
4.1 New in LIP-ME20X 7.2.0
This section describes the major changes and new features. For a full list of changes refer to
the Readme file.
New User Manual Structure
The LIP-ME20X User Manual has been split up into two parts: The LIP-ME20X User
Manual, which now covers the specific functions of the LIP-ME20X device models. And
the LOYTEC Device User Manual for the common Web interface, LCD display and
operating interfaces topics common to all LOYTEC devices.
Support for LTE
LOYTEC devices now support the LTE-800 mobile interface. This interface is connected
via the USB port and offers LTE/UMTS/GSM mobile network access. A SIM card from
your provider needs to be inserted and the LOYTEC device is ready on the mobile network.
A Mobile tab has been added to the port configuration interface for configuring the LTE-
800. Simply enable Mobile Network, enter your APN data and select which protocols shall
be run on LTE. The VPN client is also ready to be used on the LTE mobile network.
Figure 1: LTE-800 mobile configuration
LIP-ME20X User Manual 15 LOYTEC
Version 7.2 LOYTEC electronics GmbH
Internet Connection Sharing
Combined with an LTE-800 mobile interface a LOYTEC device can act as a NAT router to
share the mobile Internet connection with other devices on the LAN. For doing so, the
Internet connection sharing feature can be enabled on the IP Host tab, where the default
router interface is selected. Other devices on the LAN need to specify the IP address of the
LOYTEC device offering connection sharing as their default gateway. This way, local
devices can use NTP, VPN client or other Internet services.
Figure 2: Internet connection sharing
Dynamic DNS
LOYTEC devices can now make use of a dynamic DNS service to register a public DNS
name. This makes the device reachable over a publich IP address that can change over time,
for instance an LTE-800 mobile interface using a public IP address assigned by the mobile
carrier. A number of dynamic DNS providers are preconfigured and can be selected on the
IP Host tab of the port configuration as shown in Figure 3.
Figure 3: Dynamic DNS Settings
Secure Building Automation Protocols using VPN
This firmware version enhances flexibility and control over which building automation
protocols are directly available on the VPN. A separate VPN tab has been added to the port
configuration that allows configuring IP-based control protocols to be running directly on
the VPN client. This effectively secures otherwise unsecured automation protocols such as
BACnet/IP. When running on the VPN interface, the protocols are assigned the VPN’s IP
address and as a protocol node, the LOYTEC device is also reachable over multi-NAT
access networks, such as LTE.
For example, simply set up BACnet/IP on the VPN interface and add all other BACnet/IP
devices to the same VPN. Each node establishes a secure channel to the OpenVPN server
hub, which routes the traffic between the communicating peer nodes. No unencrypted traffic
will ever be transmitted.
LIP-ME20X User Manual 16 LOYTEC
Version 7.2 LOYTEC electronics GmbH
Figure 4: VPN tab on the port configuration interface.
IPv6
LOYTEC devices now support IPv6 using stateless address autoconfiguration (SLAAC) or
having a configured, fixed IPv6 address. The IPv6 feature is available on all Ethernet and
WLAN ports. With SLAAC no further configuration (except the required IPv6 router
equipment) is required. The static IPv6 address can be configured on the TCP/IP settings on
the port configuration.
Protocols that support IPv6 are the Web interface, SSH, HTTPS, NTP and BACnet/IPv6.
Additional IPv6 statistics have been added to the IP statistics pages for troubleshooting.
4.2 New in LIP-ME20X 6.4.0
This section describes the major changes and new features. For a full list of changes refer to
the Readme file.
Localized Web Interface
The entire Web interface of the device has been localized to German, French, and Chinese
language. Simply change the language on the LCD display or directly on the Web interface
via the new flag symbol on the upper right corner. Changing language is instant and does
not require a reboot.
Figure 5: Language selection on the Web interface
Safe Reboot and Auto-Login
Changing IP settings and rebooting could end in a device unreachable, if something was
different than expected. The new safe reboot feature helps out by reverting the changes
made, if not logged in in on the Web interface within 5 minutes after the reboot. Locking
oneself out by entering a mistaken IP address is no longer possible.
LIP-ME20X User Manual 17 LOYTEC
Version 7.2 LOYTEC electronics GmbH
Figure 6: Safe reboot screen suggesting new IP address.
Another new feature that helps getting logged in again is the session auto-login. After a
device has rebooted the Web interface restores the session and automatically logs in again.
Even when changing a static IP address the device tries to connect to the new IP or suggests
links for opening the device info page under the new IP address.
Backup before Upgrade
The firmware upgrade feature has been made safer by creating a backup before executing
the upgrade. This feature has been added to firmware and Configurator upgrade paths. It is,
however, optional and can be turned off by deselecting the check box.
Figure 7: Backup before Upgrade on the Web interface.
4.3 New in LIP-ME20X 6.0.0
This section describes the major changes and new features. For a full list of changes refer to
the Readme file.
BTL Testplan 12 Certified
The BACnet certification of all BACnet models has been updated to comply with protocol
revision 12. All new device models are now BTL certified.
4.4 New in LIP-ME20X 5.3.0
This section describes the major changes and new features. For a full list of changes refer to
the Readme file.
New Models LIP-ME201C, LIP-ME202C
This firmware release supports the new models LIP-ME201C and LIP-ME202C. The LIP-
ME202C is a BACnet/IP router with two MS/TP ports. Both models have an LCD display,
dual Ethernet and a built-in firewall.
LIP-ME20X User Manual 18 LOYTEC
Version 7.2 LOYTEC electronics GmbH
Project Documentation
A new feature on the device is a Web UI for creating and viewing project documentation on
the device. The documentation editor requires admin rights and allows storing files on the
device or creating documentation links as URLs. Both items can be viewed by guest users.
Examples include storing cabling plans as PDF or adding links to a Web site containing
manuals, plans or other useful project documentation.
4.5 New in LIP-ME20X 5.1.0
This section describes the major changes and new features. For a full list of changes refer to
the Readme file.
Dual-Ethernet with Separate Networks
LIP-ME20X models with two Ethernet interfaces can now be configured to work with
separate and isolated IP networks. For example, one Ethernet interface can be accessed over
HTTPS from a WAN connected to Ethernet 2 while the building network services are
running locally on the LAN connected to Ethernet 1. For configuration the device provides
separate Ethernet tabs in the port configuration, which allow selecting the offered services
on each interface. The example in Figure 8 shows a WAN interface with HTTPS and OPC
UA only, while BACnet/IP is still bound to Ethernet 1 (LAN).
Figure 8: New Ethernet 2 (WAN) tab
WLAN Interface
In combination with the external LWLAN-800 interface, the device provides new interface
tabs for wireless IP networks. Similar to the second Ethernet interface, one can choose
which protocols are available on the wireless network. The wireless interface can be
configured as a WLAN client, access point or mesh node. Using the latter, a wireless mesh
network of LOYTEC devices can be built.
Web Interface
The Web interface of the device offers a number of new features:
A new device info page provides a quick overview of all relevant operational
parameters, such as CPU load, active protocols, time synchronization and many more.
LIP-ME20X User Manual 19 LOYTEC
Version 7.2 LOYTEC electronics GmbH
A new firmware upgrade menu on the Web interface allows online checking for
firmware updates and upgrading by selecting a local firmware file.
OPC UA Server
The OPC server on the devices, which support security, has been extended by an OPC UA
server. This supports the OPC UA binary protocol and exposes the same OPC tags as the
well-known OPC XML-DA server. In addition OPC UA offers superior security features as
well as slimmer data transfers. For more information on the OPC UA server please refer to
respective Section in the L-INX/L-GATE User Manual [2].
SNMP
For accessing vital operational data in standard IT equipment, LIP-ME20X devices offer an
SNMP management base (MIB). All system registers are available in that MIB. The MIB
file can be downloaded from the device and imported in the SNMP management tool.
Alarms on the device can be exposed as SNMP traps..
LIP-ME20X User Manual 20 LOYTEC
Version 7.2 LOYTEC electronics GmbH
5 Quick-Start Guide
This chapter provides the minimum list of steps necessary to setup the LIP-ME20X.
5.1 Hardware Installation and IP Connection
Connect power, Ethernet, and MS/TP (Section 6.6).
The device is shipped with DHCP. The IP address is displayed on the LCD display.
If a static IP configuration is required, configure the IP address using the jog dial on the
LCD display (Section 5.2.2).
Reboot the LIP-ME20X to commit the new IP settings.
5.2 Configuration of the LIP-ME20X
5.2.1 Configuration on the Web Interface
Connect to the LIP-ME20X using the IP address displayed on the LCD in a Web
browser.
Click on Config and enter the administrator and operator passwords on first contact.
This is required before proceeding with configuration on the Web UI.
Click on BACnet Config and setup the BACnet Device Configuration (see Section
3.2.17 BACnet Configuration in the LOYTEC Device User Manual [1]).
Click on Port Config and setup the BACnet/IP and BACnet MS/TP port configuration
(see Section 3.2.18 BACnet/IP Configuration and Section 3.2.20 BACnet MS/TP
Configuration in the LOYTEC Device User Manual [1]). Make sure to set distinct
network numbers, which is required by the router to operate.
If the LIP-ME20X should also act as a BBMD, click on BACnet BDT and setup the
Broadcast Distribution Table (see Section 3.2.24 BACnet BDT Configuration in the
LOYTEC Device User Manual [1]).
Reboot the LIP-ME20X to commit the changes.
5.2.2 Configuration on the LCD Display
Device models with an LCD display can also be configured to their basic settings through
jog dial navigation on the LCD UI. Turn the jog dial to navigate between menu items and
Table of contents
Other LOYTEC Network Router manuals
