Example isolated Metasys BACnet/IP network - Metasys - LIT-12012458 - Field Device - Metasys BACnet/IP Controller - 13.0

Metasys IP Networks for BACnet/IP Controllers Technical Bulletin

Product
Document type
Technical Bulletin
Document number
LIT-12012458
Version
13.0
Revision date
2024-08-20
Product status
Active

Figure 1 illustrates an Isolated Metasys BACnet/IP network. In this example, the network is to be converted to a Connected network at some time in the future. The network engine s are placed in the same VLAN and subnet (VLAN 5 and subnet 192.168.5.0/24 would be the VLAN and subnet allocated by IT for the BAS network).

The subnetworks for the IP-based BAS devices are allocated from the BAS network's address space:

  • VLAN 10: 172.16.10.0/24
  • VLAN 11: 172.16.11.0/24
  • VLAN 12: 172.16.12.0/24
Note: It is not required that the VLAN number be included in the subnetwork address as shown in this example.

The devices are assigned to VLANs (10 through 12) within the BAS network.

The network engine s, Metasys server , and access switches are placed in VLAN 5 and subnetwork 192.168.5.0/24. This is the VLAN and subnet pre-allocated by IT for when the BAS network will eventually be connected to the IT network. A firewall is connected to the BAS aggregation switch through an access port. The firewall routes traffic to the BAS subnet by way of a SVI (10.10.100.2) in a different VLAN (100) on the BAS aggregation switch. These are also pre-allocated by IT for when the BAS network will eventually be connected to the IT network. Figure 1 illustrates an Isolated Network using these VLAN and subnetwork values.

Figure 1. Isolated Metasys BACnet/IP network example

The BAS Access switches are interconnected with each other, providing link redundancy. Because the BAS switches are interconnected by way of trunks, Rapid Spanning Tree Protocol (RSTP) best practices must be followed when configuring the trunks between the BAS switches.

The following table details the recommended IP address assignments for the devices in each of the VLANs within the BAS network.

Table 1. Recommended IP addresses for isolated network example

VLAN

Subnetwork

SVI

IP controllers

Network engine

10

172.16.10.0 /24

172.16.10.1

172.16.10.10 - 172.16.10.220

192.168.5.4

11

172.16.11.0 /24

172.16.11.1

172.16.11.10 - 172.16.11.220

192.168.5.5

12

172.16.12.0 /24

172.16.12.1

172.16.12.10 - 172.16.12.220

192.168.5.6

The BAS aggregation switch acts as the primary router for the BAS network, routing traffic within the BAS network as well as routing traffic between the BAS network and the firewall. The firewall routes traffic between the BAS network and a VPN, allowing remote access to the BAS network. The following route statements are required to achieve this behavior:

Table 2. Maintenance VLAN 20 (172.16.20.0 /29)

Device

Destination subnet

Route

Firewall

0.0.0.0/0

To the Internet

192.168.5.0/24

10.10.100.2

BAS Aggregation Switch

0.0.0.0/0

10.10.100.1

172.16.10.0/24

192.168.5.2

172.16.11.0/24

192.168.5.2

172.16.12.0/24

192.168.5.3

BAS Access Switch 1

0.0.0.0/0

192.168.5.1

BAS Access Switch 2

0.0.0.0/0

192.168.5.1

The ports connected to the IP-based Metasys devices need to be configured as access ports for the appropriate VLAN (10, 11, or 12). In addition, the following switch port configurations are required:

Table 3. Switch port configuration

Endpoint 1

Endpoint 2

Connection type

VLAN membership/allowed VLAN(s)

Aggregation Switch

Firewall

Access port

100

Aggregation Switch

Metasys server

Access port

5

Aggregation Switch

Access Switches

Trunk

5

Access Switch 1

Access Switch 2

Trunk

5