beautypg.com

Ontr ls o, Application #8, Bbmd server with firewall but no local ip devices – Contemporary Control Systems BASrouter Application Guide User Manual

Page 11: Application guide — basrouters

background image

AG-BASRTB00-BD0

Page 11

Application Guide — BASrouters

C

ONTR LS

O

®

CONTEMPORARY

Application #8 —

BBMD Server with Firewall but No Local IP Devices

This application is very similar to Application #6 but this

time the EIPR IP Router firewall is enabled. A firewall

requires that message initiation begin on the LAN-side

of the IP router and not from the WAN-side. Therefore

it would be impossible for a request initiated on the

WAN-side to reach the BASrouter located on the

LAN-side unless a “port is opened” in the IP Router.

This action is called Port Forwarding and the port that

must be opened is the UDP port 47808 which is the

registered BACnet port (BAC0). Using the IP Router

Port Forwarding screen, both the 47808 UDP and TCP

ports are enabled to IP LAN-side address 192.168.2.2

which is the address of the BASrouter and the BBMD

Server. On the Firewall screen, the Firewall is shown

as enabled. On the Advanced screen of the BASrouter,

both BBMD and Accept FDR must be checked.

The IP Router address on the WAN-side is 192.168.1.1.

Although this happens to be a private IP address, it

still must be entered on the Advanced screen of the

BASrouter as the Public IP Address. Because of the

firewall, BACnet clients located on the WAN-side must

be informed that to reach BACnet devices on the LAN-

side they must use this Public IP Address 192.168.1.1.

A BACnet/IP controller on the 192.168.1.0 subnet must have

its Foreign Device Registration configured for a BBMD

address of 192.168.1.1 and not the actual BBMD address

of 192.168.2.2. However, because of the Port Forwarding

entry made to the IP Router, a BACnet message sent to

192.68.1.1 will be forwarded to 192.68.2.2.

The PC in this example is running a BACnet client

application so it must be configured for Foreign Device

Registration just like the BACnet/IP controllers. If a

BBMD resided on the 192.168.1.0 subnet, FDR would

not need to be configured for any devices on this subnet.

There are some settings on the IP Router that should

be explained. For the LAN Setup, DHCP Server

Settings are shown to be enabled. This allows DHCP

client devices on the attached subnet to receive an IP

address if requested. However, the BASrouter does

not have DHCP client capability so its IP address must

be manually set to 192.168.2.2. The Local IP Address

is the LAN-side address of the IP Router.

On the WAN Setup there is a Default Gateway Address

of 192.168.1.254 which represents the IP address of an

upstream IP Router that is not shown. This setting has

no relevance to this application.

BACnet/IP Subnet 192.168.1.0/24

Network 1

BACnet/IP Subnet 192.168.2.0/24

Network 1

BACnet MS/TP Network 3

EIPR IP Router

BASRT-B

BACnet

Router

(BBMD

Enabled)

EIPR IP Router (WAN Side)

EIPR IP Router (LAN Side)

PC

Configuration

This manual is related to the following products:
See also other documents in the category Contemporary Control Systems Hardware: