Merging BACnet/IP networks - Basic Documentation - DXR2.E09-101A - PXA.24M - PXC4.E16 - PXC4.E16S - PXC4.M16 - PXC4.M16S - PXC5.E003 - PXC5.E24 - PXC5.E24M - PXC5.E24S - PXC5.E40 - PXC5.E40M - PXC5.E40S - PXC7.E400L - PXC7.E400M - PXC7.E400S

The following illustrates, based on this fundamentals, how to structure a small, mid-size, or large, up to a multi-discipline project.

Small to mid-sized project

Up to 500 automation stations.

Siemens SCALANCE Distribution Switches (XB205-3) are equipped as a managed layer 2 switches:

• Connects over various floors
• Can further expand the project
• Support the expansion per VLAN and ring topology
• Offers port mirroring (network analysis)

The Siemens SCALANCE Edge Switch (XB005) distributes on a floor as an unmanaged layer 2 switch:

• Important Desigo room automation stations are installed in a star topology (central functions, important rooms)
• A few, critical room automation stations can be connected in a daisy chain topology

Fiber optics network the distribution switches over longer distances. The distribution and networking on the floors up to the edge swtiches over copper cables.

Mid-size to large project

The next example also illustrates a clearly structured network. The distribution switches are networks in ring technology, improving network availability and reliability.
An independent IP network is set up together with a layer 3 core switch to which the most important network components are connected.

On the actual floors, up to 20 Desigo room automation stations are network over a daisy chain. The entire network continues operated, even if a device fails.

Copper cabling can still be used to reach individual edge switches. And from there distributed (depending on the application) in a star or daisy chain topology.

The distribution switches are equipped as managed layer 2 switches; the edge switches as unmanaged.

This topology illustrates that you can expand in the future using layer 2 switches. Separate VLANs can be configured for each floor to separate disciplines (HVAC, room automation, video, fire detection systems). Ring cabling of distribution switches meet customer requirements for reliability. Important Desigo room automation stations for central functions and important rooms are cabled in a star topology to the edge switch.

Large project

The following illustrates a large project with various disciplines. Emphasis is also placed here on speed, availability, a structure cabling concept, and standardized connection technology. Advanced availability and redundancy is achieved by using an additional core switch.

Glass fiber optics can cable network components across building over long distances, over EMC risky areas, and where there is a risk of potential drift.

Examples for industrial switches are:

• Siemens SCALANCE XB-000 range: Unmanaged switches with electric and/or optical ports for setting up small networks, AC/DC 24 V, used in edge or distribution areas.
• Siemens SCALANCE XB-200 range: Manageable layer 2 IE switches with a console port, diagnostic LED and redundant power supply for use as a distribution switch, supports ring technology RSTP, VLAN, port mirroring for troubleshooting and diagnostics, configuration with Step7/TIA, Web or Command Line Interface (CLI), SNMP.
• Siemens SCALANCE XM-400 Range: Managed Layer 3 IE Switch with auxiliary routing functions between IP subnetworks.

For details, see:

https://mall.industry.siemens.com/mall/de/WW/Catalog/Products/9300002?tree=CatalogTree

We refer here again to topics IT security and IT basic protection.

The increasing use of Ethernet connections up to the field level means that the associated security issues are also increasing in importance. Open communications and increased networking of different systems and disciplines not only present enormous possibilities, but also considerable risks. The appropriate measures must be undertaken to fully protect building automation and control under the aspect of security.

As also depicted in the graphic above, you can achieve security segmentation of an important and security-relevant discipline (e.g. fire or intrusion) via the security module Scalance S623 or Sinema Remote Control. Cell protection with a firewall can protect against unauthorized access and data transmission via VPN against manipulation or spying.

For details, see:

https://mall.industry.siemens.com/mall/de/WW/Catalog/Products/10224584?tree=CatalogTree

https://mall.industry.siemens.com/mall/de/WW/Catalog/Products/10263934?tree=CatalogTree

You must ensure that the IP network is secure since the BACnet/IP protocol transmits unencrypted.

Risk factors:

• Unprotected network sockets
• Unprotected WLAN networks
• Unprotected system and hardware
• Physical access to equipment rooms, control panels, and operator units
• Access rights on the network and in the Desigo system

The elements of infrastructure, IT systems, networks, and applications must be discussed under the aspects of security and appropriate measures need to be developed. Customer, domestic, or industry guidelines and directives must be observed under all circumstances.

For additional details, see Desigo Cybersecurity Guidelines Application Guide (A6V14142297) and Practical Guide on IP Networks in Building Automation and Control Systems (CM110668).