Theben 9070771 User manual
IPsecure Interface KNX
9070771
Product Manual
IPsecure Interface KNX
Contents
i
Contents
Page
1General........................................................................................................... 3
1.1 Using the product manual .........................................................................................................................................3
1.1.1 Notes..............................................................................................................................................................................4
1.2 Cyber security (network security).............................................................................................................................5
1.3 Preventing access to the different media...............................................................................................................5
1.4 Twisted pair cabling....................................................................................................................................................5
1.5 IP cabling inside the building ....................................................................................................................................5
1.6 Connection to the Internet.........................................................................................................................................6
1.7 KNXnet/IP Security .....................................................................................................................................................6
1.8 Product and functional overview..............................................................................................................................7
1.8.1 Overview of versions...................................................................................................................................................9
2Device technology........................................................................................ 11
2.1 Technical data ............................................................................................................................................................11
2.2 Connection diagram ..................................................................................................................................................13
2.3 Dimension drawing ...................................................................................................................................................14
2.4 Mounting and installation........................................................................................................................................15
2.4.1 Unloading the device and resetting to factory settings.....................................................................................16
2.5 Description of inputs and outputs..........................................................................................................................18
2.6 Operating controls.....................................................................................................................................................19
2.7 Display elements .......................................................................................................................................................19
3Commissioning............................................................................................. 21
3.1 Overview......................................................................................................................................................................21
3.2 Parameters .................................................................................................................................................................22
3.3 Communication objects............................................................................................................................................24
3.4 Use of the integrated tunneling servers ...............................................................................................................24
3.4.1 Tunneling server settings ........................................................................................................................................25
3.5 KNX Secure..................................................................................................................................................................26
4Planning and application .............................................................................27
4.1 The IPsecure Interface in the network...................................................................................................................27
4.1.1 Assignment of IP address ........................................................................................................................................27
4.1.2 Monitoring an IPsecure Interface KNX...................................................................................................................27
4.2 The Theben IP Tool ...................................................................................................................................................28
4.2.1 Discovery.....................................................................................................................................................................28
4.2.2 Firmware update .......................................................................................................................................................29
5Contact .........................................................................................................30
6Open source software components (OSS)...................................................31
IPsecure Interface KNX
General
3
1General
The Theben IPsecure Interface KNX connects the KNX bus to an Ethernet network. KNX telegrams can be sent to or
received from other devices via the network.
The interface can be used as a programming interface (ETS), and clients, e.g. visual display systems, can access
the KNX bus via the IPsecure Interface KNX. The device supports the KNX Secure protocol (KNXnet/IP Security).
1.1 Using the product manual
This manual provides detailed technical information on the function, installation and programming of the Theben
KNX device. The application is explained using examples.
This manual is divided into the following chapters:
Chapter 1 General
Chapter 2 Device technology
Chapter 3 Commissioning
Chapter 4 Planning and application
Chapter A Appendix
IP Interface KNX
General
4
1.1.1 Notes
Notes and safety instructions are represented as follows in this manual:
Note
Tips for usage and operation
Examples
Application examples, installation examples, programming examples
Important
These safety instructions are used as soon as there is danger of a malfunction without risk of damage or injury.
Attention
These safety instructions are used as soon as there is danger of a malfunction without risk of damage or injury.
Danger
These safety instructions are used if there is a danger to life and limb with inappropriate use.
Danger
These safety instructions are used if there is an extreme danger to life with inappropriate use.
IPsecure Interface KNX
General
5
1.2 Cyber security (network security)
The industry is increasingly faced with cyber security risks. To increase the stability, security and robustness of its
solutions, Theben has introduced official robustness tests for Internet security as part of the product development
process.
In addition, the information below includes guidelines and mechanisms that you can use to improve the security of
KNX systems.
1.3 Preventing access to the different media
The basis for any protection concept is the careful shielding of the system against unauthorized access. Only
authorized persons (installers, janitors and users) should have physical access to a KNX system.
The critical points of every KNX medium must be protected as well as possible during planning and installation.
In general, applications and devices should be permanently installed to prevent their easy removal and in this way
prevent access to the KNX system for unauthorized persons. Subdistributions with KNX devices should be closed,
or in rooms to which only authorized persons have access.
1.4 Twisted pair cabling
•The ends of KNX twisted pair cables should not be visible or protrude from the wall either inside or outside
the building.
•If available, use the anti-theft devices on the application modules.
•Bus cables outdoors represent an elevated risk. Ensure that physical access to KNX twisted pair cables is
especially difficult here.
•For extra security, devices installed in areas with limited protection (outdoor areas, underground parking lots,
restrooms, etc.) can be designed as a separate line. Enabling the filter tables in the Line Couplers (KNX only)
prevents attackers from gaining access to the whole system.
1.5 IP cabling inside the building
For building automation, use a separate LAN or WiFi network with its own hardware (routers, switches, etc.).
Regardless of the KNX system, apply the usual security mechanisms for IP networks. These are examples:
•MAC filter
•Encryption of wireless networks
•Usage of strong passwords and protection of these against access by unauthorized persons
Note
The device cannot be reached during IP, TCP or UDP flooding (access from the Internet). To prevent this
reaction, set a data rate limit at network level.
Please discuss the topic with your network administrator.
IP Interface KNX
General
6
1.6 Connection to the Internet
The device is not intended for use on the public Internet. For this reason router ports in the direction of the
Internet must not be opened; this action will ensure KNX communication is not visible on the Internet.
Systems can be accessed via the Internet in the following ways:
•Access to KNX installations via VPN connections. However, this requires a router with VPN server functionality.
•Use of manufacturer-specific solutions or visualizations, e.g. access via https.
1.7 KNXnet/IP Security
The device should always be operated in KNX Secure mode. This ensures security for the tunneling servers and for
commissioning the device itself.
See also chapter 3.5, KNX Secure.
IPsecure Interface KNX
General
7
1.8 Product and functional overview
The Theben IPsecure Interface KNX connects the KNX bus to an Ethernet network. KNX telegrams can be sent to or
received from other devices via the network.
The interface can be used as a programming interface (ETS), and clients, e.g. visual display systems, can access
the KNX bus via the Interface.
The device uses the KNXnet/IP protocol from the KNX Association for communication (tunneling).
The Interface features five tunneling servers, see chapter Use of the integrated tunneling servers. They support
both bus monitor and group monitor mode.
The tunneling servers can be operated in KNX Secure mode.
IP Tool
IPsecure
Router
KNX
IPsecure
Interface
KNX
IP Interface KNX
General
8
The power supply can be implemented via PoE (Power over Ethernet) according to IEEE 802.3af class 1 or via a
supply voltage. If both options are connected simultaneously, PoE will be used.
The Theben Tool, which is capable of detecting the Interface in the network (IP discovery), is available for the
IPsecure Interface (see chapter Theben Tool).
An ETS app (Theben Update App) is available for the firmware update. If KNX Secure mode is not activated for the
devices, a firmware update can also be performed with the Theben Tool.
During the update process, the KNX bus (TP) must be connected in addition to the IP network (LAN). Otherwise,
the update process will fail.
It must be ensured that no voltage failure (KNX or IP) occurs during the update process, otherwise the device can
be destroyed.
IPsecure Interface KNX
General
9
1.8.1 Overview of versions
Device IP Interface IPsecure Interface
Application IP Interface IPsecure Interface
ETS from ETS 3 from ETS 5
Properties of the IP Interface
Number of tunneling servers 1 5
IP discovery (IP Tool)
Firmware update with (IP Tool *
Firmware update with Theben Update App -
Power over Ethernet
KNX Secure -
* Only if the device is not operated in KNX Secure mode
IPsecure Interface KNX
Device technology
11
2Device technology
IPsecure Interface KNX
IPsecure Interface KNX is the interface
between KNX installations and IP networks.
KNX telegrams can be sent to or received
from other devices via the network.
The Interface can be used as a programming
interface (ETS), and clients, e.g.
Visualisations, can access the KNX bus v
ia
the
Interface.
The device uses the KNXnet/IP protocol and
the KNXnet/IP Security protocol from the
KNX Association (tunneling) for
communication.
The device is powered by 12 to 30
V DC or
PoE (Power over Ethernet) to IEEE 802.3af
class 1. If both option
s are connected
simultaneously, PoE will be used.
2.1 Technical data
Supply Auxiliary voltage Us12…30 V DC (+10%/-15%)
or PoE (IEEE 802.3af class 1)
Power dissipation Maximum 1.8 W
Auxiliary voltage current consumption Maximum 120 mA at 12 V
Rated voltage Un12 V DC
Current consumption KNX < 10 mA
Connections KNX Bus connection terminal
Plug-in terminal for operating voltage Plug-in terminal
LAN RJ45 socket for 10/100BaseT,
IEEE 802.3 networks, AutoSensing
Operating and display elements Red LED and button For assignment of the physical address
Green "On" LED Operation readiness indicator
Yellow "LAN/Link" LED Network connection indicator
Yellow "Telegram" LED KNX telegram traffic indicator
Protection degree IP 20 To DIN EN 60 529
Protection class II To DIN EN 61 140
Isolation category Overvoltage category III according to DIN EN 60 664-1
Pollution degree 2 according to DIN EN 60 664-1
KNX safety extra low voltage SELV 30 V DC
Temperature range Operation -5…+45 °C
Storage -25…+55 °C
Transport -25…+70 °C
Ambient conditions Maximum air humidity 95 %, no condensation allowed
Atmospheric pressure Atmosphere up to 2,000 m
IPsecure Interface KNX
Device technology
12
Design Modular installation device (MDRC) Modular installation device, ProM
Overall dimensions 90 x 36 x 64 mm (H x W x D)
Mounting width 2 x 18 mm modules
Mounting depth 68 mm
Installation On 35 mm mounting rail To DIN EN 60 715
Mounting position Any
Weight 0.1 kg
Housing, color Plastic, halogen free, gray
Approvals KNX to EN 50 090-1, -2
CE marking In accordance with the EMC directive and low
voltage directive
Device type Application Maximum number of
communication objects
Maximum number of
group addresses
Maximum number of
assignments
IPsecure Interface KNX IPsecure Interface/…* 0 0 0
* … = Current version number of the application. Please refer to the software information on our website for this purpose.
Note
ETS (ETS 5 version 5.7.4 or higher) and the current version of the device application are required for programming.
If the device is to be operated in KNX Secure mode, the commissioning key (FDSK; see chapter KNX Secure) on the side of the unit will
be required as well.
The latest version of the application and corresponding software information are available for download from www.abb.com/knx.After
import into ETS, the application is stored in the Catalogs window under Manufacturers/Theben/System Infrastructure and
Interfacing/IP Routers and Interfaces.
The device does not support the locking function of a KNX device in ETS. If you use a BCU code to disable access to all the project
devices, it has no effect on this device. Data can still be read and programmed.
Exception: When KNX Secure mode is activated, the device can be programmed only using the existing project.
IPsecure Interface KNX
Device technology
13
2.2 Connection diagram
IPsecure Interface KNX
1
ON LED
6
Programming LED
2
LAN/LINK LED
7
Programming button
3
Telegram LED
8
Label carrier
4
Power supply connection
9
LAN or LAN/PoE connection
5
KNX connection
10
Cover cap
Note
It is also possible to power the Interface via the voltage output without choke of an Theben KNX
power supply.
This reduces the number of KNX devices that can be connected to the Theben KNX power supply
accordingly.
IPsecure Interface KNX
Device technology
14
2.3 Dimension drawing
IPsecure Interface KNX
IPsecure Interface KNX
Device technology
15
2.4 Mounting and installation
The device is a modular installation device for quick installation in distribution boards on 35 mm mounting rails to
DIN EN 60 715.
The installation position can be selected as required.
The connection to the bus is implemented using the supplied bus connection terminal. The terminal assignment is
located on the housing.
The device is ready for operation after connecting the bus voltage and the auxiliary voltage.
Accessibility to the device for the purpose of operation, testing, visual inspection, maintenance and repair must be
provided compliant to DIN VDE 0100-520.
Prerequisites for commissioning
In order to commission the device, a PC with ETS (ETS 5 version 5.7.4 or higher) and a supply voltage of 12 to 30 V
DC are required. Alternatively, the device can be powered via PoE (Power over Ethernet) to IEEE 802.3af class 1.
The device is ready for operation after connection to the bus voltage and auxiliary voltage.
Mounting and commissioning may only be carried out by electrical specialists. The appropriate standards,
directives, regulations and specifications for the appropriate country should be observed when planning and
setting up electrical installations and security systems for intrusion and fire detection.
•Protect the device from damp, dirt and damage during transport, storage and operation.
•Only operate the device within the specified technical data!
•The device should only be operated in an enclosed housing (distribution board)!
•The voltage supply to the device must be switched off before mounting work is performed.
Danger
To avoid dangerous touch voltages which originate through feedback from differing phase conductors, all poles
must be disconnected when extending or modifying the electrical connections.
Supplied state
All physical tunneling connection addresses are set to 15.15.100 in the supplied state. In other words, only one
tunnel is visible to the outside. The tunneling connection addresses set in ETS will be adopted only after the first
download.
The IP address is set to automatic IP assignment (DHCP/AutoIP).
Assignment of the physical address
The physical addresses and parameters are assigned and programmed in ETS.
The device features a Programming button for assignment of the physical address. The red Programming LED
lights up after the button has been pressed. It goes off as soon as ETS has assigned the physical address or the
Programming button is pressed again.
IPsecure Interface KNX
Device technology
16
Download reaction
The device can be programmed in various ways: via one of the integrated tunneling servers ("local download") or
via another programming interface (USB or IP).
Note
Any USB interface used for programming a KNX Secure device must support “long frames.”
Suitable is an USB interface from Theben.
There must be a connection to the KNX TP (twisted pair) in order to program the device.
Approx. 10 seconds after the download is complete, the device reboots and closes all open tunneling connections.
If the device's IP address was changed during the download, the tunneling connections must be reconfigured
manually in the tunneling clients. Tunneling clients establish the connection to the server via the IP address.
The data programmed with ETS is adopted approx. 30-60 seconds after the download.
2.4.1 Unloading the device and resetting to factory settings
The device can be reset to the factory settings. This is a Secure device, so the following information must be
observed:
When the device is operated in KNX Secure mode, it can be reset via ETS only if ETS uses the project with which
the device was parametrized or if the commissioning key is available in the project.
The device can be unloaded by right-clicking it in ETS.
Option: unloading the application
•The IP address and IP configuration will be retained
•The passwords and IP addresses of the tunneling servers will be deleted
•The tool key assigned by ETS will be retained. In other words, the FDSK will not be needed for reprogramming
•The physical address will be retained
Option: unloading the physical address and the application
•The device will be reset to the factory state
•The FDSK will be needed for re-commissioning unless it is still available in the ETS project from the original
commissioning process
IPsecure Interface KNX
Device technology
17
Resetting to factory settings can also be performed directly on the device. This is not a security risk, because the
device will no longer be part of the system afterward.
•Press the Programming button when the KNX bus is not connected
•Hold the Programming button down and plug on the bus terminal. The Programming LED flashes (2 Hz)
•Press the button, hold it for at least 5 s and then release it. The Programming LED goes out, and the device
reboots with the factory settings
The Interface can be reprogrammed if ETS connects with the device after reset and if the device’s FDSK is still
known to ETS. ETS will report that the device was reset in this case.
See chapter KNX Secure, for more information about the FDSK (Factory Default Setup Key).
Cleaning
Disconnect the device from the electrical power supply before cleaning. If devices become dirty, they can be
cleaned using a dry cloth or a cloth dampened with a soapy solution. Never use corrosive agents or solutions.
Maintenance
In the event of damage, e.g. during transport and/or storage, repairs are not allowed to be made.
Please keep the device’s firmware up to date; see chapter Firmware update.
IPsecure Interface KNX
Device technology
18
2.5 Description of inputs and outputs
Supply voltage input 12 to 30 V DC
Only a DC voltage in a range of 12 to 30 V may be connected to the power supply input. We recommend using an
power supply 640 mA S KNX from our range. It is also possible to power the Interface via the voltage output
without choke of an Theben KNX power supply.
Caution
The supply voltage must be 12 to 30 V DC, or the device is powered via PoE (Power over Ethernet) according to
IEEE 802.3af class 1.
Connecting the device to a voltage outside the permissible range can destroy it!
KNX connection
The supplied bus connection terminal is used to connect to the KNX bus.
Note
Programming requires ETS (ETS 5 version 5.7.4 or higher).
LAN connection
The network connection is carried out via an Ethernet RJ45 interface for LAN networks. The network interface can
be operated with a transmission speed of 10/100 Mbit/s. Network activity is indicated by the LAN/LINK LED on
the front of the device.
IPsecure Interface KNX
Device technology
19
2.6 Operating controls
There are no operating controls located on the IPsecure Interface.
2.7 Display elements
Three indicator LEDs are located on the front of the device:
ON LAN/LINK Telegram
ON
•The LED lights up a few seconds after the auxiliary voltage is connected.
•After the supply voltage is connected, the LED initially lights up continuously.
After approx. 40 seconds, the LED starts flashing until the startup process is complete and
the LED lights up continuously again.
LAN/LINK
•The LED lights up when the auxiliary voltage is present and the interface is connected to an Ethernet network.
•The LED flashes when the device detects activity on the network, e.g. when data is exchanged.
Telegram
•The LED lights up when the interface is connected to a TP network and the startup process is complete (see
"On" LED).
•The LED flashes when the device detects activity on the KNX subline TP1 (twisted pair 1), e.g. when data is
exchanged.
IPsecure Interface KNX
Commissioning
21
3Commissioning
The IPsecure Interface KNX is parameterized using the application and the Engineering Tool Software ETS.
The application can be found under Theben AG/System components/Interfaces.
For parameterization purposes, a PC or laptop with ETS and a connection to KNX are required.
3.1 Overview
The IPsecure Interface is parameterized using the Engineering Tool Software (ETS 5 version 5.7.4 or higher).
IPsecure Interface KNX
Commissioning
22
3.2 Parameters
This chapter describes the parameters of the IPsecure Interface using the parameter windows.
Parameter window IP settings
All parameters for the device are set in the Properties window of ETS.
Note
The device name, IP address and tunneling servers are set in the Properties window of ETS.
The IP parameters (device name, assignment of the IP address by DHCP or static) are configured in the Properties
window of ETS.
The device name can be entered in the Settings Properties window. The device name loaded into the device can be
changed in the Name field. The device name is used for identification of the device on LAN. After a search query,
e.g. by ETS, every KNXnet/IP device reports its name and can be allocated accordingly. For example, the
installation location can be identified by the names assigned to the devices, e.g.IP Interface, HALL, SUB7, etc.
Note
The default device name on delivery is "IPsecure Interface". After the first download, the device name entered
in the Properties window of ETS is loaded into the device.
Caution
Only the first 30 characters of the device name are loaded into the device; the rest is truncated.
IPsecure Interface KNX
Table of contents
Other Theben Recording Equipment manuals
