This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm that you accept these cookies being set.

multicast
#1
I have to setup a project:
- 1 central logicmachine (weatherstation and other knx devices)
- 28 logicmachine's to receive data from the central logicmachine

I have a setup now with default multicast ip and it works,


i like to use encrypted data so i enabled that. and also the only secure communication is enabled. Is it true that i can't use ets now? or is there an option to enable secure ets communication?

2
how to setup the ip > local rule and the local > ip rule on both devices to match the following:
- only data from central to the 28 lm's, not from the 28 lm's to central
- and only data from the lm 1.1.1 and the weatherstation 1.1.2 is allowed

3
Can i do more to have a safe data transmission?

4
Do i forget something?
Reply
#2
At this moment secure communication is only possible via Multicast. Secure Tunnelling is not supported yet so for ETS programming you will have to temporary disable the "Enable only secure communication" option.

On central LM you can enable any of the IP > Local filters in "Accept" mode and leave the filter table blank. This will block all incoming IP telegrams. On other LMs allow 1.1.1 and 1.1.2 in IP > Local, block any outgoing telegrams to minimize the traffic and enable "Filter local update telegrams".

Make sure that all LMs have NTP enabled and working correctly. This is needed for the encryption to work.

For improved network security you can look into VLANs.
Reply
#3
hello, we installed the central logicmachine and 28 client lm's. It looks like it works, because the first hours all packets are received by the clients. But after some time only the first 5 lm's received the packets and the other client lm's doesn't receive it anymore.

what can be the problem?
Reply
#4
Check how the multicast is configured on network switches/routers.
Reply
#5
(30.05.2022, 12:32)admin Wrote: Check how the multicast is configured on network switches/routers.

all default logicmachines and settings and default mikrotik switches as network.

maybe the multicast ttl parameter? its default 1
Reply
#6
TTL should be increased only when there are routers between LMs, otherwise it should be kept at 1.
See if you have IGMP snooping enabled on Mirkotik switches. Try disabling it if enabled.
Reply
#7
ip architecture:
- main switch mikrotik 48 ports with layer3 vlan.
- every room has its own Ubiquiti UniFi USW-FLEX-MINI switch 5 ports with the LM on one port

after increasing the TTL to 20 it looks like the problem is solved, why? What exactly does the multicast ttl parameter?
Reply
#8
Be careful with setting high TTL value, you might flood your network with multicast packets.
TTL defines how many hops the multicast packet can make. Certain routers and switches can decrement the TTL value for each packet. When TTL reaches 0 the packet is discarded. In this case TTL value should be increased but only to a value that allows all traffic to pass correctly, not higher.
Reply
#9
and after two weeks of good functioning, communication has stopped again.
Reply
#10
If the switch has multicast groups enabled and the switch was restarted it can lose the group table and multicast won't work. Try connecting to the nearest switch of any LM and check if multicast is passed there or not.

For multicast to work correctly on Mikrotik you need to enable both "IGMP snooping" and "Multicast Querier". This way the switch will periodically send multicast group queries and will update internal tables correctly.
Reply


Forum Jump: