enertexbayern Enertex KNX IP Secure Router Manual And Configuration

Manual and Configuration

Enertex® KNX IP Secure Router

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enertex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 2 von 19

Note

The content of this document may not be reproduced, distributed, distributed or stored in any form
whatsoever, in whole or in part, without the prior written consent of Enertex® Bayern GmbH.

Enertex® is a registered trademark of Enertex® Bayern GmbH. Other product and company names
mentioned in this manual may be trademarks or trade names of their respective owners.

This manual is subject to change without notice or announcement and does not claim to be complete or
correct.

Inhalt

Security Notes.............................................................................................................................................. 3

Assembly and connection........................................................................................................................... 3

Comissioning................................................................................................................................................ 3

Boot ......................................................................................................................................................... 3

Displays.................................................................................................................................................... 3

Reset........................................................................................................................................................ 4

Functional Overview.................................................................................................................................... 4

ETS Parameter.............................................................................................................................................. 4

Terms....................................................................................................................................................... 4

ETS 5.6.6 and ETS 5.7.0......................................................................................................................... 5

Version requirements...............................................................................................................................................5

Special behavior ......................................................................................................................................................5

Topology...................................................................................................................................................5

Device Properties..................................................................................................................................... 7

General.....................................................................................................................................................................7

IP Properties ............................................................................................................................................................7

Device-specific parameters......................................................................................................................8

General.....................................................................................................................................................................8

Special Functions.....................................................................................................................................................8

Behavior of the KNX side...................................................................................................................................8

Standard tunnel preferred IP.............................................................................................................................9

Routing.............................................................................................................................................................11

Physical address filter............................................................................................................................................11

Group address filter................................................................................................................................................11

Standard...........................................................................................................................................................12

Telnet........................................................................................................................................................... 15

Latest documentation and Software........................................................................................................18

Specification...............................................................................................................................................18

Open Source Software............................................................................................................................... 19

Extended Group Address Filter.......................................................................................................................13

LWIP ...................................................................................................................................................... 19

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

Security Notes

• Installation and assembly of electrical equipment may only be carried out by qualified

electricians.

• When connecting KNX / EIB interfaces, KNX ™ training is required.

• Failure to observe this instruction may result in damage to the unit, fire or other hazards.

• This guide is part of the product and must remain with the end user.

• The manufacturer is not liable for costs or damages caused to the user or third parties

by the use of this device, misuse or interference of the connection, malfunctions of the
device or of the subscriber devices.

• The opening of the housing, other unauthorized modifications and / or conversions to

the device will void the guarantee!

• The manufacturer shall not be liable for any inappropriate use.

Assembly and connection

To operate the Enertex® KNX IP Secure Router, you need:

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 3 von 19

Comissioning

Boot

Displays

• A 10/100 Mbit compatible Ethernet connection

• KNX / EIB bus connection

When powered the display shows the product name. The default for the network is DHCP.
The boot time is about 2 seconds. During this time, the green / red / yellow LEDs operate as
running light for a short time. At the end of the boot process, the IP address of the device is
shown in the display.

If the IP address assignment is done via DHCP server, the boot time is extended accordingly.
As soon as "KNX Ready" appears in the display, the device can be addressed via the bus and,
for example, alternatively be programmed via a USB interface. The green LED flashes every
second with a duty cycle of 1:30.

After one minute, the display turns off automatically.

To turn this on again, the DISPLAY button on the front panel must be pressed briefly. When the
display is activated, pressing the DISPLAY button will scroll through various pages of
information.

Page 1 shows the firmware version, IP address, physical address, serial number, bus voltage
and used tunnel connections.

Page 2 shows all IP settings, as well as the boot time.

Page 3 gives information about the telegram load.

Page 4 shows the FDSK as long as the device has not been set to the secure state.

There are three LEDs on the front. The green LED flashes every second with a duty cycle of
1:30 and indicates ready for operation. The red LED indicates the programming mode, the
yellow LED indicates bus activity.

In the LAN socket two further LEDs are installed. The green indicates a connection to another IP

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

device or switch ("Link"), the yellow LED shows the IP data transfer.

Reset

If the device is to be reset to the factory settings, the PROG button on the front panel must be
pressed for 10 seconds. After this time, the red LED starts to flash - then the PROG key can be
released and the device carries out the reset to the delivery condition.

Functional Overview

The device has the following functions:

• KNX IP Secure

◦ Eight independent KNXnet / IP tunnel connections

◦ Communication via TCP or UDP KNX IP routing for communication between KNX

◦ KNX IP routing in encrypted (secure) mode.

◦ KNX IP tunneling in encrypted (secure) mode.

◦ Telegram forwarding and filtering according to physical address

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 4 von 19

lines, areas and systems

◦ Telegram forwarding and filtering according to group address with up to 62 filter

blocks

• Displays

◦ LED displays for KNX communication, Ethernet communication and programming

mode

◦ Power indicator

◦ OLED display for status messages, parameter displays etc.

• Special functions

◦ Configuration via ETS and Telnet

◦ SNTP server

◦ Measurement of the TP bus voltage (Telnet, OLED display)

◦ Maximum TP APDU packet length of the KNX bus (248 bytes)

◦ Maximum TP packet length adjustable (Telnet) between 55 and 248 bytes (APDU)

◦ Simulation of UDP tunnels for ETS communication (Telnet)

• Performance

◦ Specification of a max. TP data rate for writing KNX telegrams

◦ Buffering up to 256 telegrams per tunnel (2048 in total) in the device on the IP side

ETS Parameter

Terms

Encryption, encrypted If devices send data information via the TP bus or IP network, they are

generally readable by third parties. These only require access to the TP bus or IP network for
reading. Encryption of the data in this context means that the contents of the telegrams are no
longer to be interpreted if the encryption parameters (for example passwords) are unknown.

◦ Buffering up to 1024 telegrams for telegrams from IP to TP

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 5 von 19

Key, Key Parameter A series of numbers known only to the ETS project. These numbers are
used to transform the data in both directions: encryption and decryption.

FDSK (Factory Default Setup Key) The initial factory key. This key is used when
commissioning the initial programming. A new key is loaded into the device, whereby this
process is encrypted with the FDSK. The FDSK key is then no longer valid. It is reactivated only
when resetting to factory settings.

Backbone For IP routers, this is always the IP network.

Multicast An IP address in the network over which all the routers of a backbone communicate.

Tunnel connections do not need this address. Multicast connections are always established with
the UDP protocol. Unlike TCP communication, an UDP telegram can always be lost. This is e.g.
for WLAN connections very likely. Therefore, the routing backbone should always be realized
with an Ethernet cable connection, as this is almost 100% transmission safe.

Backbonekey The routing protocol communicates in secure mode with encrypted telegrams.
The key for encryption must be the same for all participants and is loaded into the device. The
ETS generates the necessary backbone key on its own.

Tunnelling A KNX point-to-point connection on the TCP / IP network, which is established with
UDP or TCP protocol. Tunneling communication is reliable and has incorporated a link layer for
that purpose. Therefore independent of the ethernet connection, e.g. Cable or WLAN, and
regardless of the TCP / IP protocol (UDP or TCP), no data is lost. With UDP, however, the
restriction is that the data link layer works with a one-second timeout. For Enertex devices, this
timeout can be adjusted in the advanced setup.

Telnet A simple TCP server on port 23 that enables direct text-based communication with the IP
device. Telnet is a de facto standard used at the window level, e.g. with "Putty" is addressed.

Secure Mode If the device is parameterized via the ETS so that the communication is only
encrypted, this is referred to as secure mode.

Plain Mode If the device is parameterized via the ETS so that the communication is only
unencrypted, this is called unsecured mode.

ETS 5.6.6 and ETS 5.7.0

Version requirements

For error-free operation of the devices in secure mode, ETS 5.7.x or higher is required.

In plain mode, the device can basically be programmed as of ETS 5.6.6. Although the secure
mode can be parameterized, it is not fully implemented in this version. If the device is therefore
to be operated secure, we recommend working with version 5.7 or higher.

Special behavior

If you program the individual address in the ETS 5.6.6 with its own nd a tunnel connection, the
ETS will throw an error message at the end. This is to be ignored, the assignment of the address
has nevertheless been made.

If no tunnel addresses are assigned in the application, all tunnels are set by the ETS to

15.15.255. Communication via the tunnel connection can then be considerably disturbed or not
possible.

Topology

If the device is integrated in a secure project, the ETS saves the parameterization of this
particular device including secure parameters. If the device is reset to factory settings, the ETS
(5.6 or 5.7) only addresses the device in encrypted form. Therefore, communication with the
ETS can no longer be established. In this case, only deleting the application and restarting the
ETS will help.

If an update of Windows runs in the background, strange phenomenon can occasionally occur
with the communication between the device and the ETS. In this case, wait for the end of the
update and restart Windows.

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 6 von 19

To insert the router into an ETS project, it must have an IP backbone. Example: the following
ETS topology:

Figure 1: Topology (left) and properties of the backbone

Lines:

1: Backbone Medium IP

1.1: Line Medium TPium TP

In the Properties Diagram of the Backbone (NOTE: For this click on Topology, directly above
"Dynamic Folders", see Figure 1), you will find the settings for the Multicast of the Backbone.
Network latency (see Figure 1) can be changed if the routing is over a large distributed system.
In this case, increase the time constant.

The device is parameterized with the ETS 5.6.6 or higher. The KNX IP Secure Router supports
up to eight KNX (Secure) IP tunnel connections and can be used as a line or area coupler.

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

Device Properties

General

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 7 von 19

IP Properties

Figure 2: Properties of the device

Name Any name can be assigned, max. 30 characters

Secure Comissioning If activated, the encryption is active for commissioning: all parameters

are then transmitted in encrypted form, although e.g. Tunnel connections are still unencrypted.

Secure Tunnelling If activated, the tunnel connections can only be established via KNX Secure
Tunneling.

Abbildung 3: IP Einstellungen des Geräts

Obtain an IP address automatically The device requires a DHCP server for IP address
assignment

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

Use a static address The user specifies the IP settings.

Comissioning Password A password from which the ETS generates a key. This is the key to

secure commissioning (see above).

Authentication Code With the authentication password, the user proves that he has access to
the project.

MAC Address Is a device property

Multicast Address Is given by the backbone configuration (see Figure 1).

Device-specific parameters

General

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 8 von 19

Name Options Description

(Text) The ETS has manufacturer-

Enable Special Functions off/on Enertex® devices offer special

Special Functions

Behavior of the KNX side

Figure 4: General settings of the device

independent uniform parameter
dialogs for various settings. To
simplify the application, a note text is
displayed here.

functions to ensure a maximum of
flexibility.

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 9 von 19

Figure 5: Behavior of the KNX side

Name Options Description

ACK for every telegram off/on The router acknowledges each

ACK for routed telegram only off/on The router only confirms the

Repeat routed telegrams if not
ACKed

Inhibit programming from TP
side

Max. number of telegrams to
KNX TP

Standard tunnel preferred IP

Enertex® devices offer the possibility for standard tunnel connections (before 2019) to assign
each of these tunnel connections to an IP address. In the analysis of group telegrams, this
makes it easier to assign the telegrams to the sender which "sits" behind the tunnel, as e.g.
Visualizations or smartphone apps.

Note:

This assignment can be resolved at any time by the ETS or a new so-called extended tunnel
connection (as of 2019).

telegram, even if it does not forward
this telegram (TP only)

telegrams that it forwards (TP only)

off/on The router repeats unconfirmed

individually addressed telegrams
(TP only)

off/on See parameter dialog

5 .. 50 See parameter dialog

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 10 von 19

Figure 6: Preferred IP for Tunnelling

Name Options Description

Slow Connection off/on The tunnel connections over UDP

are controlled by default with a
connection timeout of 1 second.
This may be too short for
connections over the Internet.

UDP Connection Timeout 1 ,0 ... 8,0 sec Tunnel X should preferably be used

for communication with the
parametrized IP address.

Preferred IP for Tunnel X off/on

End device IP (IP-V4 Address)

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

Routing

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 11 von 19

Figure 7: Routing

Name Options Description

Check of topology off/on See parameter dialog

Legacy routing off/on See parameter dialog

Physical address filter

Name Options Description

Physically addressed filter, block, route The physically addressed telegrams

Figure 8: Physical address filter

(e.g., actuator programming) may be
routed, blocked, or filtered via the
routing. This affects all
communication related to the device
address.

Block Broadcast Telegrams off/on Broadcast telegrams (e.g.,

Group address filter

searching for actuators in
programming state) can be routed or
blocked through the router.

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

Standard

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 12 von 19

Figure 9: Standard Filter Group address

Name Options Description

IP=>KNX Direction: Telegrams from the IP

side to the KNX side

Main Group 0 to 13 filter, block, route Group

telegrams can be routed,
blocked or filtered via
the routing. Groups 14

Group telegrams can be routed,
blocked or filtered via the routing.
The groups 0 to 13 are summarized

here to a block.
and 15 are grouped
together to form a block.

Main Group 14 to 15 filter, block, route Group telegrams can be routed,

blocked or filtered via the routing.

Groups 14 and 15 are grouped

together to form a block.

Main Group 16 to 31 filter, block, route Group telegrams can be routed,

blocked or filtered via the routing.

The groups 16 and 31 are here

combined to form a block.

Extended Group Address
Filter

off/on In addition to the block-oriented

filtering of group address telegrams,

each group can also be separately

routed, blocked or filtered via the

routing. With this function, the

parameter dialog can be opened for

this purpose.

KNX=>IP Direction: Telegrams from the KNX

side to the IP side

Main Group 0 to 13 filter, block, route Group telegrams can be routed,

blocked or filtered via the routing.

The groups 0 to 13 are summarized

here to a block.

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 13 von 19

Main Group 14 to 15 filter, block, route Group telegrams can be routed,

blocked or filtered via the routing.

Groups 14 and 15 are grouped

together to form a block.

Main Group 16 to 31 filter, block, route Group telegrams can be routed,

blocked or filtered via the routing.

The groups 16 and 31 are here

combined to form a block.

Extended Group Address
Filter

Extended Group Address Filter

For both directions, in addition to the block-oriented filtering of group address telegrams, each
group can also be individually routed, blocked or filtered via the routing. Therefore, there are the
links in the navigation bar when activated (see Figure 8 and Figure 9, respectively) „ext. filter
IP=>KNX“ and „ext. filter KNX=>IP“.

For each of these entries, there are 32 more group address filters that work independently of the
block-oriented filters. The settings of the 32 group address filters override those of the block­oriented filter.

off/on In addition to the block-oriented

filtering of group address telegrams,

each group can also be separately

routed, blocked or filtered via the

routing. With this function, the

parameter dialog can be opened for

this purpose.

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 14 von 19

Figure 10: Extended Group Address Filter

Name Options Description

Main Group 00 inactive, filter, block,

forward

Group telegrams of this main group

can be routed, blocked or filtered via

the routing. If the filter is not active,

the behavior of the parameters of

Figure 8 and Figure 9, respectively.

Main Group NN

See above See above

NN= 1.. 31

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

Telnet

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 15 von 19

Telnet can be used to request additional information from the IP router. Telnet access is factory­protected with the password "knxsecure".

Once the router is in secure mode, the telnet interface is disabled.

Although it can be enabled for developer purposes prior to programming the secure mode, this is
a security risk.

help

ifconfig

ifconfig [help|dhcp|ip
|mask]

tpconfig

tpconfig [help|set]

lcconfig

systembc [0|1]

progmode [0|1]

apdu [55..248]

Displays all available commands

Displays network parameters

IP mode.......: DHCP

IP............: 192.168.33.142

Subnet mask...: 255.255.0.0

Gateway.......: 192.168.33.1

NTP server....: 192.53.103.108

Sys multicast.: 224.0.23.12
RT multicast..: 224.0.23.12
Hardware addr.: 00:50:c2:79:3f:ff

Sys multicast: Multicast address for System telegrams
RT multicast: Multicast address für routingt telegrams

Set network parameters via the telnet interface.
Expamples

Setting IP Addresse with DHCP:

ifconfig dhcp

Statically set the IP address to 192.168.1.2 (in this case, the gateway and mask should also be
adapted, see below)

ifconfig ip 192.168.1.2

Set the gateway to 192.168.1.1:

ifconfig gw 192.168.1.1

Set the mask to 255.255.255.0:

ifconfig mask 255.255.255.0

Show KNX parameters

KNX bus state.: up
KNX address...: 15.15.000
Serial number.: 00-a6-00-00-00-01

Set KNX parameters via the telnet interface.

Set the TP address to 1.1.0:

tpconfig set 1.1.0

Coupler type..: line coupler
IP -> KNX:

GA 0-13......: route

GA 14-15......: filter

GA 16-31......: block

Ph. addr......: filter

Broadcast.....: route

KNX -> IP:

GA 0-13......: route

GA 14-16......: filter

GA 16-31......: block

Ind.addr......: filter

Broadcast.....: route

Check IA rout.: disabled
Ind.Addr.tlg..: individually addressed telegrams are 3 times
repeated

Set certain bits in the system broadcasts so that IP routing is possible even on older devices
(e.g. Gira Homerserver). By default, this compatibility mode is turned on.

Wrong handling of bits in system broadcasts (necessary for e.g. Gira
Homeserver) is 1 (on)

Query or change programming mode (0 = off, 1 = on)

Read or configure the maximum length of the KNX TP telegrams. This may be necessary if
there is an incorrect implementation of a TP stack. In that case the ETS may try to use
telegrams with 248 bytes payload, but the TP device can not process (e.g. Zennio Z35i).
Default is 248 and should only be changed if necessary.

# apdu
maximal len of a KNX telegram 248.
Usage: apdu [55 .. 248]

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 16 von 19

tpratemax [5..50]

stats

free [clear]

Read or configure maximum telegram rate (IP => TP); 50 T / s corresponds to 100% bus load.

# tpratemax
no limit, sending with maximum performance to TP.
Usage: tpratemax [5 .. 50]

Shows various statistics on device and bus status

uptime: 114 days, 2:19
KNX communication statistics:
TX to IP (all)..: 333729 (ca. 233 t/m)

TX to KNX.......: 23244 (ca. 16 t/m)

RX from KNX.....: 94559 (ca. 66 t/m)

Overflow to IP..: 0
Overflow to KNX.: 0
TX tunnel re-req: 260
TP bus voltage..: 28.95 V

TX TP rate......: 50 T/s (= 100 %)

Uptime: Runtime of the interface since last restart
TX to IP (all): Number of all telegrams sent on IP
TX to KNX: Number of all telegrams sent on KNX
RX from KNX: number of telegrams received from the KNX bus
Overflow to IP: Number of telegrams that could not be sent to IP
Overflow to KNX: Number of telegrams that could not be sent to the KNX bus
TX tunnel re-req: Number of telegrams that had to be repeated in the tunnel connections
TP bus voltage: Current bus voltage (at the time of calling stats)
TX TP rate: maximum telegram rate (TP)

Shows statistics about the memory usage

Used stack memory...: 14 %

Allocated memory....: 64 %

Unused memory.......: 35 %

TP-Tx buffer........: 0 %

TP-Tx buffer max....: 0 %

TP-Rx buffer max....: 0 %

Tunnel-T8 buffer max: 92 %

Used stack memory: Function stack utilization
Allocated memory: Allocated device memory
Unused memory: Unused device memory
TP-Tx buffer: Currently used TP send buffer
TP-Tx buffer max:Max. Utilization of TP send buffer (IP => TP) since system startup
TP-Rx buffer max:Max. Utilization TP receive buffer (IP <= TP) since system startup
Tunnel-XX (XX=1..8) buffer max:Max. Utilization of the tunneling buffer. Only tunnels whose
buffer was used at all will be displayed

Clear the buffer statistics:

free clear

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 17 von 19

tunnel [1..8]

version

mask

display [0|1]

tunaddr 1..8 address
tunaddr reset
tunaddr setall
tunaddr help

tunmode [std/tpblk]

lock [0|1]

topology [0|1]

Tunneltime [1.0..8.0]

Shows active tunnel connections (without argument) or detailed information about the specified
tunnel connection (with argument 1..8)

# tunnel
Tunnels open: 1/8
1: 00.02.246, closed
2: 00.02.247, open (CCID: 82)
3: 00.02.248, closed
4: 00.02.249, closed
5: 00.02.250, closed
6: 00.02.251, closed
7: 00.02.252, closed
8: 00.02.253, closed

# tunnel 2

Tunnel 2..................: open (CCID 82)

KNX address...............: 00.02.247

HPAI control..............: 192.168.22.252:4808

HPAI data.................: 192.168.22.252:4808

Connect. type.............: TUNNEL_CONNECTION

Communication.............: UDP CONNECTION

TX tun req................: 23169

TX tun re-req.............: 0

RX tun req................: 821

RX tun re-req (identified): 0
RX tun req (wrong seq.)...: 0

Current tunnel buffer.....: 0 %

Connected since (UTC).....: 16:26:16 29-01-2019

CCID: Connection ID of the tunnel connection
KNX address: Tunnelling address
HPAI control: Control endpoint of the connection partner
HPAI data: Data endpoint of the connection partner
Connect. Type:Connection type tunnel or management connection
Communication: UDP or TCP Connection
TX tun req: Number of telegrams sent to the tunnel connection
TX tun re-req: Number of telegrams that had to be repeated in the tunnel connections
RX tun req: Number of telegrams received from the tunnel connections
RX tun re-req: Number of telegrams received twice by the tunnel connections
RX tun req (wrong seq.):number of frames received from the tunnel connections with wrong
sequence number
Current tunnel buffer: Utilization currently of the IP buffer of the tunnel
Connected since (UTC): Time since the tunnel connection has been established.

Firmware-Version

Mask-Version

Query or change the display mode (0 = standard, 1 = inverted)

KNX address of a tunnel read (tunaddr) or change, e.g. tunaddr 1 15.15.240, set all
tunnel addresses consecutively from a certain start address (tunaddr setall 15.15.15),
or reset the KNX addresses of all tunnels to factory settings (tunaddr reset)

# tunaddr
1: KNX address: 15.15.010
2: KNX address: 15.15.011
3: KNX address: 15.15.012
4: KNX address: 15.15.013
5: KNX address: 15.15.014
6: KNX address: 15.15.015
7: KNX address: 15.15.016
8: KNX address: 15.15.017

Read tunnel mode (without parameters) or set (tp or tpblk);
tunmode tpblock:IP => KNX If same backbone forward to line frame

KNX=> IP if same sub line send to backbone

Query lock status (without further parameters) or change (0 = off, 1 = on). Setting is identical to
programming lock TP page, Figure 5.

A router can prevent the forwarding of physically addressed telegrams by filtering, i. It is not
possible to reprogram devices across a line. This becomes interesting when using outdoor
lines.

However, e.g. if a KNX-USB interface is connected to an outdoor line directly to the bus, the
router itself could be re-programmed, so that it forwards the physically addressed telegrams.
With that, any access to the internal line is possible.

This can be prevented with this telnet function. If you set telnet "lock" to 1, the router can no
longer be programmed via the KNX line and corresponding activation of forwarding via KNX
TP is no longer possible.

Query or change "topology check" (0 = off, 1 = on). Setting is identical to "Topology check",
Figure 7

Subline Topology has been violated with 1.2.3
Last logged at 18:28:31 09-11-2018

Mainline Topology has been violated with 1.2.3
Last logged at 18:24:31 09-11-2018

Query or change timeout for tunnel connection (1.0 to 8.0). Setting is identical to "slow
connection", Figure 6

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 18 von 19

tunudp

date

sntp [query|server IP]

sendack [0|1]

blockfilter [0|1]

routingcounter [0|1]

logmem

passwd oldpw newpw
passwd oldpw
passwd newpw

secure [0|1]

factory_reset

die

reboot

logout

Query or change the type of tunnel connection for the ETS (0 = default, 1 = UDP only).

Show date and time

Send request to the NTP server (sntp query) or set the IP of the NTP server (sntp
server 1.2.3.4)

Querying or changing every telegram (ACK). Setting is identical to the documentation to
Figure 5.

Disable all group address filters (i.e., forward all) regardless of the settings of the ETS. Query
or change (0 = off, 1 = on).

Query or change routing counter handling (0 = default, 1 = behavior before 2018). This setting
is identical to Legacy Routing Algorithm <2018, Figure 7

Event memory in the device. Suitable for the development of clients. Read out for support
requests.

Changes the current Telnet password (passwd), deletes the current password (old passwd) or
sets a new password if none is currently set (new passwd)

Display or change the behavior of the Telnet interface in secure mode (0 = disable, default, 1 =
enable)

Note: Although it can be enabled for developer purposes prior to programming the
secure mode, this is a security risk.

Reset to factory settings and reboot

Test hardware watchdog. Executes reset.

reboot

end Telnet-Session

Latest documentation and
Software

Under http://www.enertex.de/d-produkt.html you will find the current ETS database file as well as
the current product description.

Specification

Symbols

KNX (Powersupply) DC 21 ... 32 V SELV

Ethernet-Interface Rj45-connector 10M/100MBit Ethernet

Display Graphical OLED, 128x64

KNX Functions • KNXIP Secure Tunneling and Routing

Environment -5 ... +45° C

Installation • Only for use in dry interiors.

Outer dimensions 35,0 mm x 89,6 mm x 62,9 mm (L x B x H)

Must not be disposed of with household waste.

current consuimption < 20 mA

Programming LED (red), Bus Activity LED (yellow), Voltage LED (green flashing)
Network link (green), network activity (yellow)

• Up to 48 telegrams per second

• AES 128 encryption

• Asymmetric key exchange for tunnel connections

• UDP and TCP communication

• Up to 8 tunnel connections

• Up to 62 group address filters

• APDU 248, parameterizable between 55 and 248

• TP telegram rate limit

• TP bus voltage measurement (display telnet or display)

• Only for installation in distributor according to DIN 43880 on DIN rail

35mm according to EN 50022.

• Degree of protection IP20

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de

Open Source Software

This product uses third-party software from the following authors:
Adam Dunkels <adam@sics.se>
Marc Boucher <marc@mbsi.ca> and David Haas <dhaas@alum.rpi.edu>
Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc.
Martin Husemann <martin@NetBSD.org>.
Van Jacobson (van@helios.ee.lbl.gov)
Paul Mackerras, paulus@cs.anu.edu.au,
Christiaan Simons <christiaan.simons@axon.tv>
Jani Monoses <jani@iv.ro>
Leon Woestenberg <leon.woestenberg@gmx.net>

LWIP

Quelle: https://savannah.nongnu.org/projects/lwip/

Copyright (c) 2001-2004 Swedish Institute of Computer Science.
All rights reserved.

Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.

3. The name of the author may not be used to endorse or promote products
derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE.

1164-EnertexKNXIPSecureRouter_US-2.odt, 2019-03- 25 Seite 19 von 19

Enertex® Bayern GmbH – Ebermannstädter Straße 8 - 91301 Forchheim - Deutschland - mail@enert ex.de