User Manual

ManualsBrandsSiemens ManualsBuilding automationDesigo - Praxisleitfaden BACnet-Netzwerke in der Gebäudeautomation

Overview

Merging BACnet/IP networks

A6V11159798_en--_03 23 | 71

Examples for industrial switches are:

● Siemens SCALANCE XB-000 range: Unmanaged switches with electric and/or optical ports for setting

up small networks, AC/DC 24 V, used in edge or distribution areas.

● Siemens SCALANCE XB-200 range: Manageable layer 2 IE switches with a console port, diagnostic LED

and redundant power supply for use as a distribution switch, supports ring technology RSTP, VLAN,

port mirroring for troubleshooting and diagnostics, configuration with Step7/TIA, Web or Command Line

Interface (CLI), SNMP.

● Siemens SCALANCE XM-400 Range: Managed Layer 3 IE Switch with auxiliary routing functions

between IP subnetworks.

For details, see:

https://mall.industry.siemens.com/mall/de/WW/Catalog/Products/9300002?tree=CatalogTree

We refer here again to topics IT security and IT basic protection.

The increasing use of Ethernet connections up to the field level means that the associated security issues

are also increasing in importance. Open communications and increased networking of different systems

and disciplines not only present enormous possibilities, but also considerable risks. The appropriate

measures must be undertake to fully protect building automation and control under the aspect of security.

As also depicted in the graphic above, you can achieve security segmentation of an important and security-

relevant discipline (e.g. fire or intrusion) via the security module Scalance S623 or Sinema Remote Control.

Cell protection with a firewall can protect against unauthorized access and data transmission via VPN

against manipulation or spying.

For details, see:

https://mall.industry.siemens.com/mall/de/WW/Catalog/Products/10224584?tree=CatalogTree

https://mall.industry.siemens.com/mall/de/WW/Catalog/Products/10263934?tree=CatalogTree

You must ensure that the IP network is secure since the BACnet protocol transmit unencrypted.

Risk factors:

● Unprotected network sockets

● Unprotected WLAN networks

● Unprotected system and hardware

● Physical access to equipment rooms, control panels, and operator units

● Access rights on the network and in the Desigo system

The elements of infrastructure, IT systems, networks, and applications must be discussed under the

aspects of security and appropriate measures need to be developed. Customer, domestic, or industry

guidelines and directives must be observed under all circumstances.

For additional details, see

IT security on installations with Desigo

(CM110663) and

Practical Guide on IP

Networks in Building Automation and Control Systems

(CM110668).

Floor2

Fire and Security Systems

XB205-3

Floor1

Basement

XM416-4C

XB205-3

S 623

XB205-3

Fire

Network

Intrusion

Panel

Intrusion

Panel

Access Control

Controller

Camera

PTZ Outdoor

Camera

PTZ Outdoor

Fire and Security Systems

IP Card Reader

Desigo

Room Automation Stations

Basement

Desigo

Room Automation Stations

XB004-1

(Power AC 24 V)

Desigo

Primary Automation Stations

XB005

(Power AC 24 V)

S 623

Desigo CC

Workstation

Camera

PTZ Indoor

Dedicated communication over

Fiber Optics

BACnet/IP over

Ethernet (Twisted Pair)

Ethernet (Fiber Optics)