Products Lines Technologies

UK and Germany offices will be closed for festive season from Monday, December 23rd, 2024, and will reopen on January 6th, 2025, at 8:00 AM. You can continue placing your orders online, we assure you that these orders will be prioritized and fulfilled promptly upon our return.


To see your discounted prices, please register/login.


Cascading IP Routers for Additional Isolation

For increased security and isolation, IP routers can be cascaded. Make sure that each LAN-side subnet address is unique when cascading IP routers. The left-most IP router can have its WAN-side IP address assigned using DHCP client or by using static IP address assignment.

The illustration shows a pair of EIGR routers, but the right-most router could also be some other type of router because the EIGR supports standard Internet protocols. A common use case for this application would be an already existing router/firewall in the business system that would correspond to the right-most router in the image. If automation devices need to be added, they can form their own subnet behind the second router. The traffic of the automation devices is restricted to its own subnet behind the second IP router and doesn't burden the existing business or IT network with extra traffic. In case access to the automation network is needed to get any relevant statistics or production data, a port forwarding rule can be used to provide access. An additional port forwarding rule on the internet facing router/firewall can be configured to extend the access to the automation network over the internet. IP routers have features, such as an Allowlist, to restrict access from specific originating IP Addresses to provide additional security.

This article focuses on an automation system, but the concept can be easily applied to a BACnet System to manage a BMS network. Learn more by watching our Cascading the EIGR IP Router for Additional Isolation video.

Featured in this story