Switch / Router / Firewall focused on BMS cybersecurity
OxBras
BMS Security: The OxBras integrates into Ethernet/IP architectures as a complement to existing equipment.
Network isolation: The built-in switch segments operational networks using VLANs, including a VLAN dedicated to IP and BMS security, with IP locking via NFC key.
Intrusion detection: More than just a firewall, the OxBras continuously monitors BMS protocols and alerts you in case of anomalies or unauthorized events.
Monitoring and diagnostics: The SNMP protocol reports the status of OxBras units, BMS equipment, alerts, and bandwidth usage by protocol.
Power supply: Dual input 12/24V AC/DC, low power consumption (12 VA) for silent operation without ventilation.
Easily configure your network through the web interface
Configuration is performed via a web page, which can be disabled during commissioning. The configuration is distributed across the cluster in an encrypted database, allowing rapid router reinstallation. An SSH console is also available.
Easy deployment
Devices on the two floor loops are automatically scanned and assigned addresses by one or two DHCP servers. The spanning tree protocol ensures redundant communication. CSV import/export allows identification, positioning, and IP assignment. IPv6 with local DNS simplifies management by name rather than by address.
Power supply
The OxBras comes standard with redundant power supplies, either DC or AC, at 12 V or 24 V. Its low consumption of 12 VA allows its fanless enclosure to operate efficiently and silently.
Connection interfaces
It can serve as the foundation of your IP network infrastructure or be integrated into an existing architecture using standard market products. Connections to the main loop are made either via copper RJ45 or fiber optic using an SFP transceiver. OxBras units are deployed in clusters to enhance security and reliability.
Reliability and redundancy
Some IT or BMS services are more sensitive, such as routing tables, the VPN server, or the configuration server. When these become unavailable, part of the installation stops functioning. Within the cluster, these services are “floating”: when the master is unavailable, a lower-priority OxBras router takes over.
Security
The support for the 802.1X access control protocol in the OxBras firmly emphasizes security. VLAN management is ensured through 802.1Q protocol support. Trunk mode is available on the building network, and filtering is performed via MAC addresses for floor equipment that does not support 802.1Q.
A color TFT touchscreen displays the status of the OxBras cluster. The overall condition is summarized using icons and a color-coded legend.
All anomalies are logged locally or on a remote syslog server for analysis purposes. An NFC chip located on the back of the screen provides enhanced authentication as well as a communication channel between the OxBras and mobile devices, enabling the activation or deactivation of services.
Diagnostic
The SNMP protocol provides status data for OxBras routers as well as installed BMS devices on the network, including key alarms and alerts. Bandwidth indicators per BMS protocol are available. After scanning devices on the floor loops, the modules are cyclically tested. Depending on the BMS protocols supported by each device, the validity of responses can be verified for LON, BACnet, and Modbus. For commissioning and advanced diagnostics, a port forwarding feature for Wireshark is available on the OxBras cluster.
