Posts: 449
Threads: 94
Joined: Jun 2015
Reputation:
6
I have to setup a project:
- 1 central logicmachine (weatherstation and other knx devices)
- 28 logicmachine's to receive data from the central logicmachine
I have a setup now with default multicast ip and it works,
1
i like to use encrypted data so i enabled that. and also the only secure communication is enabled. Is it true that i can't use ets now? or is there an option to enable secure ets communication?
2
how to setup the ip > local rule and the local > ip rule on both devices to match the following:
- only data from central to the 28 lm's, not from the 28 lm's to central
- and only data from the lm 1.1.1 and the weatherstation 1.1.2 is allowed
3
Can i do more to have a safe data transmission?
4
Do i forget something?
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
At this moment secure communication is only possible via Multicast. Secure Tunnelling is not supported yet so for ETS programming you will have to temporary disable the "Enable only secure communication" option.
On central LM you can enable any of the IP > Local filters in "Accept" mode and leave the filter table blank. This will block all incoming IP telegrams. On other LMs allow 1.1.1 and 1.1.2 in IP > Local, block any outgoing telegrams to minimize the traffic and enable "Filter local update telegrams".
Make sure that all LMs have NTP enabled and working correctly. This is needed for the encryption to work.
For improved network security you can look into VLANs.
Posts: 449
Threads: 94
Joined: Jun 2015
Reputation:
6
hello, we installed the central logicmachine and 28 client lm's. It looks like it works, because the first hours all packets are received by the clients. But after some time only the first 5 lm's received the packets and the other client lm's doesn't receive it anymore.
what can be the problem?
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
Check how the multicast is configured on network switches/routers.
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
TTL should be increased only when there are routers between LMs, otherwise it should be kept at 1.
See if you have IGMP snooping enabled on Mirkotik switches. Try disabling it if enabled.
Posts: 449
Threads: 94
Joined: Jun 2015
Reputation:
6
ip architecture:
- main switch mikrotik 48 ports with layer3 vlan.
- every room has its own Ubiquiti UniFi USW-FLEX-MINI switch 5 ports with the LM on one port
after increasing the TTL to 20 it looks like the problem is solved, why? What exactly does the multicast ttl parameter?
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
Be careful with setting high TTL value, you might flood your network with multicast packets.
TTL defines how many hops the multicast packet can make. Certain routers and switches can decrement the TTL value for each packet. When TTL reaches 0 the packet is discarded. In this case TTL value should be increased but only to a value that allows all traffic to pass correctly, not higher.
Posts: 449
Threads: 94
Joined: Jun 2015
Reputation:
6
and after two weeks of good functioning, communication has stopped again.
Posts: 7764
Threads: 42
Joined: Jun 2015
Reputation:
447
If the switch has multicast groups enabled and the switch was restarted it can lose the group table and multicast won't work. Try connecting to the nearest switch of any LM and check if multicast is passed there or not.
For multicast to work correctly on Mikrotik you need to enable both "IGMP snooping" and "Multicast Querier". This way the switch will periodically send multicast group queries and will update internal tables correctly.
Posts: 449
Threads: 94
Joined: Jun 2015
Reputation:
6
some findings:
- the intercom runs the same multicast route (different vlan): main switch, sub switch, videophone and it will continue to work
- "IGMP snooping" and "Multicast Querier" are turned off, if they are turned on, the videophone video traffic will stop immediately and the multicast traffic to the LM will stop within 30 minutes. With the settings off it will be fine for a few weeks.
- when restarting a client LM, the problem is temporarily solved again