Sie sind auf Seite 1von 41

S2 NetBox®

Initial Software
Setup Guide

January 2018

S2 Security Corporation
One Speen Street
Suite 300
Framingham MA 01701
www.s2sys.com
S2 Support: 508 663-2505

Document #NB-SS-16
© S2 Security Corporation 2009-2018. All rights reserved.

This guide is protected by copyright and all rights are reserved by S2 Security Corporation. It may
not, in whole or in part, except insofar as herein directed, be copied, photocopied, reproduced,
translated or reduced to any electronic medium or machine-readable form without prior written
consent of S2 Security Corporation.

Third party trademarks, trade names, product names, and logos may be the trademarks or
registered trademarks of their respective owners.

The following are trademarks or registered trademarks of S2 Security Corporation:


 S2 NetBox®, S2 NetBox® Plus, S2 NetBox® Extreme, S2 NetBox® Enterprise,
S2 NetBox® Virtual Machine, S2 NetBox® Online
 S2 MicroNode™ Plus
 S2 Magic Monitor®
 S2 Global®
 S2 NetVR®, S2 NetBox® VR, S2 NetBox® VR Quatro, S2 NetVR® Software Solution
 S2 Mobile Security Officer®, S2 Mobile Security Professional™
 S2 Cumulus™
Contents
Introduction ................................................................................................................. 1
Summary of the Initial Setup Process ................................................................................ 2
Configuring Initial Settings ........................................................................................ 3
Accepting the License Agreement ..................................................................................... 3
Configuring Initial System Settings .................................................................................... 6
Changing the Default Password......................................................................................... 7
About the Time Server Settings ......................................................................................... 8
Setting Up S2 Nodes.................................................................................................... 9
Obtaining the Network Configuration ................................................................................. 9
Changing the Default Password....................................................................................... 10
Configuring Network Settings........................................................................................... 12
Enabling Secure Node Communications ......................................................................... 15
Viewing Additional Node Information ............................................................................... 17
Using the Debug Utilities.................................................................................................. 18
Renaming and Enabling S2 Nodes .................................................................................. 18
Setting Up Portal Access Control ............................................................................. 20
Configuring Portal Resources .......................................................................................... 21
Setting Up a Reader/Keypad ..................................................................................... 22
Setting Up Inputs ....................................................................................................... 22
Setting Up Outputs .................................................................................................... 24
Creating Portal Definitions ............................................................................................... 25
Creating a Time Spec....................................................................................................... 26
Creating a Reader Group................................................................................................. 27
Creating an Access Level ................................................................................................ 28
Creating a Credential Format........................................................................................... 29
Adding People to the System........................................................................................... 33
Testing Your Configuration ............................................................................................... 36
Index ............................................................................................................................37

S2 Security Corporation iii January 2018


Introduction
This guide provides instructions for performing the initial setup of the following S2
systems:
 Security management systems:
 S2 NetBox®
 S2 NetBox Extreme
 S2 NetBox Enterprise
 Converged systems:
 S2 NetBox VR
 S2 NetBox VR Quatro
The guide also provides instructions for setting up current generation S2 nodes.
These include:
 S2 Network Node with M1-3200 blade
 S2 Network Node VR
 S2 MicroNode™ Plus

Note:
Refer to Tech Note 24: S2 Node Operational Requirements, which describes
networking requirements for optimal S2 node performance.

The setup instructions assume that the hardware installation has been completed for
the S2 system and all S2 nodes to be included in the system. Consult the following
table to determine the appropriate installation guides for your S2 system components.

S2 System Components Installation Guide


S2 NetBox S2 NetBox Hardware Installation Guide
S2 NetBox Extreme (Document #NNEQ-HW-nn)

S2 NetBox VR Quatro
S2 Network Node with M1-3200 blade
S2 Network Node VR

S2 Security Corporation 1 January 2018


S2 NetBox Initial Software Setup Guide Introduction

S2 System Components Installation Guide


S2 NetBox Enterprise S2 NetBox Enterprise Hardware Installation Guide
(Document #EN-HW-nn)
S2 NetBox VR S2 NetVR Installation and Initial Setup Guide
(Document #NVR-HW-nn)
S2 MicroNode Plus S2 MicroNode Plus Hardware Installation Guide
(Document #MNP-HW-nn)

In the document numbers, nn refers to the latest revision.


All hardware installation guides are available from Support Central on the S2 Security
web site (www.s2sys.com). They are also available from the online help. (Search for
Guides and Technical Notes.)

Summary of the Initial Setup Process


The initial setup process involves the following steps:
 Logging into the system and configuring its initial settings (page 3).
 For a security management system or converged system, setting up S2
nodes to communicate with the S2 controller (page 9).
For S2 NetBox VR, and S2 NetBox VR Quatro, you will also need to configure the IP
cameras connected to the S2 NetVR video management system. Follow the
instructions in the S2 NetVR Setup and Configuration Guide (Document
#NVR-SC-nn).
After configuring the cameras, you will need to click Check Connection on the Set Up
NetVR Appliance page (under Configuration : Video) to see them in the S2 NetBox
web interface.

S2 Security Corporation 2 January 2018


Configuring Initial Settings
When the hardware installation for your S2 system is complete, the enclosure will be
wired for power and the system will be connected to a local PC (one that is not
connected to the corporate network) via an Ethernet switch.
Before connecting the system to the corporate network, follow the instructions in this
section to:
 Accept the software license agreement.
 Configure initial system settings (page 6).
 Log into the system and change the factory default login password (page 7).
Once the system is connected to the corporate network, you can log in again and use
the web interface to:
 Set up and enable S2 nodes (page 9).
 (optional) On an S2 node, set up a basic configuration for portal access
control and test your configuration (page 20).

Accepting the License Agreement


Be sure that the local PC you will use for the configuration is powered up and
connected to the system via an Ethernet switch.

To review and accept the license agreement:


1. Set the local PC to a static IP address of 192.168.0.n, where n is a number
between 100 and 200. (Do not use 249, 250, or 251.)
2. Set the Subnet Mask to 255.255.255.0.
3. Set the Gateway to 192.168.0.1.
4. Open a browser on the local PC and point it to the factory default IP address
for your system: 192.168.0.250
5. Press ENTER.
The Software License page shown in Figure 1 appears.

S2 Security Corporation 3 January 2018


S2 NetBox Initial Software Setup Guide Configuring Initial Settings

Figure 1. Software License page.

6. If the Activation Key and Product Key boxes do not contain the correct
keys for your system, you will need to enter them manually.
The Activation Key and Product Key are included on a license label that is
shipped with the system.
7. After reviewing the license agreement, click Apply to accept the terms. Be
sure to click Apply only once.
The Initmode page shown in Figure 2 appears.

S2 Security Corporation 4 January 2018


S2 NetBox Initial Software Setup Guide Configuring Initial Settings

Figure 2. Initmode page.

Use the instructions in the following section to configure initial system


settings.

S2 Security Corporation 5 January 2018


S2 NetBox Initial Software Setup Guide Configuring Initial Settings

Configuring Initial System Settings


Once you have accepted the license agreement, you can use the Initmode page to
configure initial settings for the S2 system.

Important:
If your S2 NetVR system is running version 1.8.6 of the S2 NetVR software, do not
use the instructions below. Instead, refer to Revision 05 of the S2 NetVR Installation
and Initial Setup Guide (NVR-HW-05) for information on configuring initial settings.

To configure initial system settings:


1. Obtain the following values from your network administrator and enter them
into the appropriate boxes in the Network Settings section:
 The static IP address for the S2 system.
 The appropriate subnet mask.
 The gateway IP address.
 DNS (Domain Name Server) IP addresses (optional).

Important:
If you change the IP address, take note of the new address, because you will
need it to log in later.

2. Under Initmode Settings, select No from the drop-down list.


This ensures that the Initmode page will not be displayed automatically again
when you reboot. This option is set to Yes only to allow you to change the
system’s IP values during the initial setup.
Later, when you are logged into the web interface, you can use the Network
Settings page (under Configuration : Site Settings) to view and change
network settings.
3. Under Time Settings, it is strongly recommended that you configure at least
one time server. If you do not have a time server, locate a public NTP server.
The time server settings are described on page 8.
Configuring a time server is especially important for S2 NetVRs, to ensure
that security cameras and the S2 NetVR video recordings are synchronized to
the same time. If you do not configure a time server now, you can configure
one later on the Network Controller Time Settings page.
4. Skip the Email Settings section for now. You can change these settings later,
if you decide to use email alerts.

S2 Security Corporation 6 January 2018


S2 NetBox Initial Software Setup Guide Configuring Initial Settings

5. In the Web Server Settings section, change the default HTTP port number
(80) only if the network administrator provides a different port number.
6. Click Save.
It may take several minutes for the system to shut down and restart. When it
restarts, the “restarting Web Server” message on your screen is replaced by a
message indicating that the IP address for the server will change in a few
seconds, and you will need to enter the new address into the browser and log
in again.
7. Connect the system to the corporate network.
8. Set the PC back to an IP address on the corporate network. All further
configuration work can be done through the corporate network.

Important:
If the S2 system is now on a different subnet, be sure to connect the PC to the
same subnet, so you will be able to log in again after your changes have
taken effect.

9. Change the system’s factory default login password, as described below.

Changing the Default Password


To log in and change the factory default login password:
1. Point your browser to the IP address you assigned to the S2 system.
2. On the Login page, enter the user name admin and the password admin.
3. Click Go to display the web interface.
4. Select Change Password from the command palette.
To show the command palette, hover over this icon on the right side of the
page bar:

5. Enter the factory default password (admin), enter the new password, and then
re-enter the new password.
6. Click Save.
Other users can be added to the system later and assigned user roles,
including the full system setup role. They will be able to log into the system
and use the functions accessible to them based on their roles.

S2 Security Corporation 7 January 2018


S2 NetBox Initial Software Setup Guide Configuring Initial Settings

Important:
To log in subsequently, you will need to enter the username and password for the
S2 system. If these are unknown, the system will need to be reset to factory defaults.
For instructions, refer to the hardware installation guide for your system.

About the Time Server Settings


Use of an Network Time Protocol (NTP) server ensures that the S2 system will be
synchronized regularly with the exact time used by all other network resources. For
the system to synchronize its own time, at least one NTP server must be designated
on the Time Settings page (under Configuration : Time). If no time server is available,
the system clock may drift slightly over time.
The available time settings are as follows:
 Manually Set Date/Time: If there will be no NTP server available, remove
the default values from the Timeserver fields and use the drop-down lists to
select the date and time supplied by the network administrator. Be sure to use
standard time, because the Timezone setting will automatically adjust for
daylight saving time.
 Timeserver 1, Timeserver 2, Timeserver 3: Use the default values
(0.ubuntu.pool.ntp.org, 1.ubuntu.pool.ntp.org, and 2.ubuntu.pool.ntp.org) if
your system is installed on a network with Internet access.
 Timezone: Select the appropriate time zone for your area from the
drop-down list. The default value in this field is America/New York.

Note:
Any S2 NetBox or S2 NetVR can act as an NTP server. If you have multiple
S2 NetVRs, you can minimize your reliance on external NTP servers by pointing just
one S2 NetBox or S2 NetVR to the IP address of an external NTP server, pointing all
other S2 NetVRs to the IP address of that S2 system, and pointing your IP cameras to
the IP addresses of their NetVRs. This configuration will ensure that the time on your
devices will be synchronized, even if external NTP servers are inaccessible.

S2 Security Corporation 8 January 2018


Setting Up S2 Nodes
An S2 node is the system component that manages local access control decisions,
using data provided by the S2 NetBox controller. The S2 node persistently stores its
configuration information and event data, so it will continue to function if the
connection with the S2 controller is lost. It also manages the installed application
extension blades.

This section provides setup instructions for the following S2 nodes, which use a
built-in web server for configuration: S2 Network Node with M1-3200 blade,
S2 MicroNode Plus, and S2 Network Node VR. It describes how to:
 Obtain the network configuration for the S2 node.
 Connect to the S2 node, change the default password, and optionally
configure security policies. (page 10)
 Configure network settings for the S2 node, to allow it to communicate with
the S2 controller. (page 12)
 Enable secure communications for the S2 node. (page 15)
 View additional node information. (page 17)
 Use the debug utilities to retrieve diagnostic information for the S2 node,
revert it to factory defaults, and reboot it. (page 18)

Required:
Refer to Tech Note 24: S2 Node Operational Requirements, which describes
networking requirements for optimal S2 node performance.

Obtaining the Network Configuration


Before configuring network settings for an S2 node, obtain the following information
from your network administrator:
 Static IP address for the S2 node.
This is not needed if you plan to use DHCP for dynamic IP addressing.
 Network mask.
 Gateway address.

S2 Security Corporation 9 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

 One of the following:


 IP address for your S2 controller.
 Server name for your S2 controller and the IP address for at least the
primary DNS server. When configuring network settings for your S2
nodes, you will be able to enter the S2 controller’s server name if it is
running software version 4.9.12 or later.
It is assumed the S2 controller is online.

Changing the Default Password


It is strongly recommended that you change the S2 node’s default login password.
This requires establishing a direct Ethernet connection to the S2 node and manually
changing the IP address of your PC to an address on the 192.168.0.x subnet.

Note:
By default, the S2 node can be accessed only when the enclosure door is open. This
is a security precaution designed to prevent intruders from using the default password
to log into the S2 node and change its configuration. When you change the default
password, you can also select an option to allow logins when the door is closed.

To log into the S2 node and change the default password:


1. Connect one end of an Ethernet cable to the Ethernet port on your PC.
2. Connect the other end of the cable to the Ethernet port on the node blade—or
on the Network Controller for an S2 NetBox VR or S2 NetBox VR Quatro.

S2 Security Corporation 10 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

3. Change the IP address of your PC to an address on the 192.168.0.x subnet.


Do not use 192.168.0.251.
4. Connect to the S2 node by browsing to its default IP address: 192.168.0.251.
5. Enter the password admin and click Log in to log into the S2 node.
6. On the Node Info page (shown on page 17), record the Node Id number.
This will help you identify the S2 node in the S2 NetBox web interface. The
number corresponds to the16 character unique identifier (UID) that will be
shown for the node on the Network Nodes page.
7. Do one of the following:
 If your S2 controller is running software version 4.9.12 or later, click Web
Server in the header bar to display the page shown below.
 If your S2 controller is running software version 4.9.11 or earlier, click
Security in the header bar.

8. Under Change Password, enter the current login password (admin), enter and
re-enter the new password, and click Change.
9. (optional) Under Security Policies, select either or both of the following check
boxes and click Update:
 Allow logins when locked: This will allow users to log into the S2
node when the enclosure door is closed.
 Disable this web service when SSL is disabled: This will
ensure that the web server will be inaccessible to users when SSL is
disabled.

S2 Security Corporation 11 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

Configuring Network Settings


It is recommended that you change the IP address of the S2 node to an address
appropriate for the installation environment.

To configure network settings:


1. Click Network in the header bar to display the following page:

If this is a new S2 node, the page will show the factory default network
settings:
 IP address 192.168.0.251
 Net Mask 255.255.255.0
 Gateway Address 192.168.0.1

Note:
If the S2 controller is running software version 4.9.11 or earlier, the Node
Secure Communications section will appear on the Security page rather than
on the Network page.

S2 Security Corporation 12 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

2. To use a static IP address for the S2 node, enter the new IP address, network
mask, and gateway address, and leave the Use DHCP check box
unchecked.
- or -
To allow the network set the IP address dynamically, leave the IP address,
network mask, and gateway address at their defaults; and select the Use
DHCP check box.
For more information about using DHCP, refer to Tech Note 35: USB
Commissioning of S2 Nodes.
3. Under Network Controller, enter one of the following:
 The server name for your S2 controller. If you enter the server name, you
will also need to enter the IP address for at least the primary DNS server.
 The IP address for your S2 controller.
Entering the server name is an option only if the S2 controller is running
software version 4.9.12 or later.
4. (optional) Clear the Auto-Revert check box to disable the Auto-Revert
feature, which is enabled by default.
This feature causes the S2 node to revert to its previous configuration in five
minutes. If Auto-Revert is enabled and you have configured the network
settings incorrectly, resulting in an inability to connect to the S2 node, it will
revert to the last known configuration.
5. Click Submit.
6. Click OK on the two warning messages that appear.
7. Close your browser window.

Important:
If you left Auto-Revert enabled at step 4, and you are confident that the
network configuration is correct, you must log into the S2 node again within
five minutes to prevent it from reverting to the previous configuration.
To log in again, you can either switch your PC to the new subnet of the S2
node, or access it from another system on the target network.

To enable the S2 node and verify the S2 controller connection:


1. Log into the S2 NetBox and select Configuration : Site Settings :
Network Nodes.
2. On the Name drop-down list, select the Node Id number you recorded from
the Node Info page.

S2 Security Corporation 13 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

When you select the number it also appears in the Unique Identifier field.
Do not change this field.
3. Click the Rename link and enter a name that will help you identify the
S2 node.
4. Select the Enabled check box to enable the S2 node.
This allows the communication of data between the S2 node and
S2 controller.
5. Click Save.
6. Select Configuration : Site Settings : Node Status.
In the Current Status section, the unique identifier (UID) for the S2 node
should be displayed in green and it should have the status Connected. This
may take a few minutes.
Refer to page 18 for more information on renaming and enabling an S2 node.

Note:
If you are unable to log into a current generation S2 node, you will need to use the
orange Revert button on the node blade to reset the node to factory defaults. When
the Revert button is held down for an extended period of time, each of the four LEDs
will blink sequentially. They will then blink on and off in unison, indicating that the
revert process has completed and the node has been returned to its factory default
settings. You can now release the Revert button.

For information on using the software to revert an S2 node to factory defaults but
retain its network configuration and digital certificates, see page 18.

S2 Security Corporation 14 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

Enabling Secure Node Communications


Enabling secure communications for the S2 node will allow it to exchange data
securely with the S2 controller. Data sent between the node and controller will be
protected through the use of a digital certificate installed on both.
Cryptographic key pairs provided by the digital certificate will be used to encrypt and
sign the data, making it unreadable by unauthorized parties and verifying that your
organization is the source of the data.
To enable secure communications, you will need to select the digital certificate that is
currently configured for secure S2 node communications on the S2 controller. This will
be one of the following;
 The default certificate. This is a self-signed certificate that is installed on the
S2 controller with software release 4.9.00 or later and automatically
downloaded to S2 nodes.
 A custom certificate. If a custom certificate was configured on the S2
controller and downloaded to S2 nodes, it will be available for selection.
For information on configuring a digital certificate on the on the S2 controller
and downloading it to S2 nodes, search for Enabling Secure S2 Node
Communications in the S2 NetBox online help.
 The S2 Signed certificate. This certificate is signed by S2 Security. It is
installed on the S2 controller with software release 4.9.12 or later and
automatically downloaded to S2 nodes.

To enable secure S2 node communications:


1. Ensure that secure node communications is enabled on the S2 controller.
For instructions, search for Enabling Secure S2 Node Communications in the
S2 NetBox online help.
2. Log into the S2 node.
3. Do one of the following:
 If your S2 controller is running software version 4.9.12 or later, click
Network in the header bar to display the page shown on page 12.
 If your S2 controller is running software version 4.9.11 or earlier, click
Security in the header bar.
4. Under Node Secure Communications, select Enable.
5. To use the default certificate or the S2 Signed certificate, select it from the
Certificate drop-down list and click Submit.
If you select the S2 Signed certificate, be sure it is the certificate currently
configured for secure node communications on the S2 controller.

S2 Security Corporation 15 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

6. To use a custom certificate:


a. For Certificate Type, select Custom.
b. Click Choose File.
c. Browse to and open the custom certificate file.
The certificate’s file name and common name appear on the page. Be
sure it is the certificate currently configured for secure node
communications on the S2 controller.
d. Click Submit.
You should see a message indicating that the custom certificate has been
successfully updated.
7. To confirm that the node has restarted and is connected to the S2 controller,
log into the S2 NetBox and select Configuration : Site Settings : Node
Status.
On the Node Status page, the S2 node‘s UID will be displayed in green and it
will have the status Connected. This should take just a few seconds.

Note:
Following a hardware reset of the node to factory defaults (described on page 14), you
will need to re-enable secure communications for the node. If you use a custom
certificate, it will need to be downloaded to the node again. Only the default certificate
is retained on the node during a hardware reset to factory defaults.

If there is a secure node configuration error, a message in the Activity Log will indicate
the reason for the error, as described in Table 3.

Table 3. Activity Log Messages for Secure Node Configuration Errors

Error Message Meaning


secure connection attempt for <node> Secure node communications is disabled on the
S2 controller but enabled on the specified node.
certificate not found for <node> The specified node is using an unknown digital
certificate.
non-secure connection attempt for <node> Secure node communications is enabled on the
S2 controller but disabled on the specified node.

S2 Security Corporation 16 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

Viewing Additional Node Information


You can use the Node Info page to view information about an S2 node, such as its
unique identifier (UID).

To view additional node information:


 Click Info in the header bar to display the following page.

The Node Info section shows the following information:


 Network Controller Connection Status. If the value Connected is
shown, the S2 node and S2 controller are connected and communicating over
the network.
 Node Id: Shows the unique identifier (UID) of the S2 node.
 Node IP Address: Shows the IP address of the S2 node.
 Node Version: Shows the firmware version number.
 Serial Number: Shows the serial number of the node blade.
 Active Controller: Shows the IP address of the S2 controller to which the
S2 node is currently connected.
 Slots 1 through 7: Each shows an application extension blade installed in
the enclosure.

S2 Security Corporation 17 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

Using the Debug Utilities


The Utility page lets you diagnose problems with a node, revert the node to factory
defaults (but retain its network configuration and digital certificates), and reboot the
node.

To use the debug utilities:


1. Click Utility in the header bar to display the following page.

2. To retrieve system diagnostics, click Get Diags and wait for up to one
minute. Email the files to S2 Support for review.
3. To revert the node to factory defaults, click Revert.
This closes the existing connection to the S2 controller, clears the current
system configuration and credentials from the node, and restores the
firmware to the factory pre-installed image. Only the node’s network
configuration and digital certificates are retained.
When the node reconnects to the S2 controller, it upgrades to the latest
firmware, and the current system configuration and credentials are loaded
onto the node.
4. To reset the node, click Reset.
This power cycles the node to reset it.

Renaming and Enabling S2 Nodes


Once an S2 controller and an S2 node of any type have connected with each other,
communications between them can go no further until the S2 node is enabled. When
you enable an S2 node you should also change its name (initially its 16-character
UID) to one that will allow you to identify it.

S2 Security Corporation 18 January 2018


S2 NetBox Initial Software Setup Guide Setting Up S2 Nodes

Note:
If you are installing a system with multiple nodes, you might find it helpful to power up
and rename them one at a time. When viewing a long list of nodes in the user
interface, it will be easier to identify one from the other by their meaningful names
rather than by their 16 character UIDs.

To rename and enable an S2 node:


1. Make sure your PC has web access to the S2 controller so you will be able to
use its web interface.
If your PC is on a different subnet than the S2 controller, you will need
connect it to the S2 controller’s subnet, or have the network administrator
open a TCP port to the S2 controller.
2. Point your browser to the S2 controller’s IP address.
3. At the Login screen, enter your user name and password and click Go.
4. Select Configuration : Site Settings : Network Nodes.
5. Select the S2 node you want to enable from the Name drop-down list.
6. Click the Rename link and enter a name that will help you identify the S2
node. DO NOT change the Unique Identifier field.
7. If you used the nnconfig.exe utility to point the S2 node to the S2 controller, be
sure to enter into the Settings fields on the Network tab the same IP settings
you entered for the S2 node in nnconfig.exe.
Although the Current Status fields will show the IP settings you entered in
nnconfig, it is the values in the Settings fields that will be downloaded to the
S2 node the next time configuration changes are saved for it.
8. Select the Enabled check box to enable the S2 node and allow the
communication of data between it and the S2 controller.
9. Click Save.
10. Select Configuration : Site Settings : Node Status.
In the page that appears, the S2 node’s UID will be displayed in green, and it
will have the status Connected. This can take up to five minutes.
11. Continue to the following section, Setting Up Portal Access Control, for
information on configuring portal access control for an S2 node and then
testing your configuration.

S2 Security Corporation 19 January 2018


Setting Up Portal Access
Control
After you have enabled your S2 nodes and confirmed they are communicating with
the S2 controller, your can begin configuring the system for access control. A key task
will be setting up access control for your facility’s portals—its doors and other access
points.
This section takes you through the process of setting up a basic configuration for
portal access control, and then testing your configuration. This will require adding the
following to the system:
 Portal resources (page 21): Create definitions for the physical resources
(reader/keypad devices, input devices, and output devices) that are wired to
and S2 node and its application extension blades.
 Portal definitions (page 25): Create definitions for your portals. At a
minimum, each definition should specify a reader/keypad for its incoming
reader/keypad device, an input for its DSM (door status monitor), and an
output for the portal’s lock.
 A time spec (page 26): Create a time spec that specifies valid access times
for cardholders.
 A reader group (page 27): Create a reader group containing your portals’
readers/keypads and assign your access level to it.
 An access level (page 28): Create an access level and assign your time
spec to it.
 A credential format (page 29): Create a credential format that matches
the format of your facility’s cards or keypads.
 Person records (page 33): Create person records for cardholders who
should have access to your facility. Each person record will include your
access level and a credential with your credential format.
Any cardholder who presents his or her credentials at one of the
readers/keypads in your reader group at a valid access time (as defined by
the time spec you assigned to your access level) will be granted access.

Note:
For information on setting up elevator access control, refer to the online help.

S2 Security Corporation 20 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

Configuring Portal Resources


After selecting an S2 node in the S2 user interface, you can view diagrams of the
application extension blades (access control, input, output, and temperature) that are
connected to that S2 node.
This section describes how to use the diagram of an S2 node’s access control blade
(see the example in the figure below) to configure the reader/keypads, inputs, and
outputs you will need for portal access control.

Note:
In the procedures below you will use the access control blade diagram, but this is not
the only way to configure portal resources. See the online help for more information.

To view an S2 node’s access control blade diagram:


1. Select Configuration : Site Settings : Network Nodes.
2. Select an S2 node from the Name drop-down list.
3. Click the Blades tab.
4. Select an access control blade from the list on the left side of the page.
A diagram of the blade appears on the page:

S2 Security Corporation 21 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

Setting Up a Reader/Keypad
Set up a reader/keypad for each portal’s incoming reader, keypad, or combination
reader/keypad device.

To set up a reader/keypad:
1. On the blade diagram, click the 7-pin connector to which the reader/keypad
device is connected (or click the link for that reader connector on the right side
of the page).
The Readers/Keypads configuration page appears:

2. Enter a descriptive Name for the reader/keypad, or click add and then enter
the name.
3. Make sure the Enabled check box to the right of the Name field is selected.
The Expansion Slot and Position fields will be filled in automatically
based on your selection at step 1.
4. From the Reader/Keypad Type drop-down list, select the reader/keypad
device type.
5. Click Save.

Setting Up Inputs
Set up an input for each portal’s DSM (door status monitor) and, optionally, an input
for each portal’s REX (request to exit) device.

To set up an input:
1. On the blade diagram, click the 2-pin connector to which the input device is
connected (or click the link for that input connector on the right side of the
page).

S2 Security Corporation 22 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

The Inputs configuration page appears:

2. Enter a descriptive Name for the input, or click add and then enter the
name.
3. Make sure the Enabled check box to the right of the Name field is selected.
4. To ensure that the input is armed at all times, make sure the Always
Armed check box is selected.

Note:
If the input needs to be armed only at certain times, clear the Always Armed
check box and add the input to an input group. The time spec assigned to the
input group will determine when its inputs will be armed.

The Expansion Slot and Position fields will be filled in automatically


based on your selection at step 1.
5. From the Input supervision type drop-down list, select the circuit type
(NO = normally open, NC = normally closed) and resistor configuration, based
on how the input device is wired.

Important:
It is critical that this selection accurately reflects the input circuit. The system
supports 1K Ohm resistors only, and a circuit diagram is displayed on the
page next to Termination Circuit. The various circuits and resistor
configurations create resistance values used by the system in determining
normal, alarm, and trouble states.

S2 Security Corporation 23 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

For more specific information on these wiring configurations and resistance


values, see the section on connecting inputs in the installation guide for your
S2 node.
6. Click Save.

Setting Up Outputs
Set up an output for each portal’s lock.

To set up an output:
1. On the blade diagram, click the 3-pin connector to which the output device is
connected (or click the link for that output connector on the right side of the
page).
The Outputs configuration page appears:

2. Enter a descriptive Name for the output.


3. Make sure the Enabled check box to the right of the Name field is checked.
The Expansion Slot and Position fields will be filled in automatically
based on your selection at step 1.
4. From the Default State Code drop-down list, select the normal state for
the output device: either Energized or Not Energized.
Your selection will depend on how the output device has been wired and on
the type of lock you are using (fail-safe or fail-secure).
5. Click Save.

S2 Security Corporation 24 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

Creating Portal Definitions


Create a portal definition for each of your facility’s doors and other access points.
A basic portal definition will include an output for the portal’s lock, an input for its DSM,
and a reader/keypad for its incoming reader, keypad, or combination reader/keypad
device.

To create a portal definition:


1. Select Configuration : Access Control : Portals.
2. The Portals configuration page appears:

3. Enter a descriptive Name for the portal, or click add and enter the name.
4. From the Network Node drop-down list, select the S2 node for which you
are configuring the portal.
Sections appear on the page for selecting the portal’s lock, DSM, REX, and
incoming reader/keypad:

5. From the Location drop down menu, select a location. The Master location
is selected by default.
6. Select resources for the portal’s Lock and DSM and, optionally, for its REX.
7. Select a resource for the portal’s Reader 1 and/or Keypad 1.
8. Click Save.

S2 Security Corporation 25 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

Creating a Time Spec


Create a time spec that specifies valid access times.
Later you will add this time spec to an access level and assign the access level to
person records. This will ensure that your cardholders will be granted access to your
facility only at valid access times.

To create a time spec:


1. Select Configuration : Time : Time Specs.
The Time Specs configuration page appears:

2. Click add under the Name drop-down list.


3. Enter a descriptive name for the time spec.
4. Enter a Start Time and End Time in 24 hour format. For example, enter
09:00 for 9 AM.
The time spec will be in effect from the first second of the start time through
the last second of the end time. For example, if you enter 09:00 for the start
time and 17:59 for the end time, the time spec will be in effect from 9 AM to 6
PM—or more precisely, from 09:00:01 to 17:59:59.
5. Select the check box for each day of the week you want to include in the
time spec.

S2 Security Corporation 26 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

Important:
For a time spec whose start time is later than its end time, the time spec
period will end on the day following the last day of the week you select. For
example, suppose that when setting up a Weekdays 8 PM to 7 AM time spec,
you select the days Monday through Friday. The time spec period will start at
8 PM on Monday and will end at 7 AM on Saturday, even though Saturday is
not one of the days you selected. To have the time spec period end at 7 AM
on Friday, you would need to select only the days Monday through Thursday.

6. Click Save.

Creating a Reader Group


Create a reader group containing the reader/keypad of each portal.
Creating a reader group is optional, because you can also assign an access level to
individual readers. However, it is more convenient to include your portals’ readers in a
group that will have a common access level.
Later you will add the reader group to an access level and assign the access level to
person records. This will ensure that your cardholders will be granted access only at
readers/keypads in the group (and only at valid access times).

Note:
The default reader group, All Readers, is a system-owned group containing all
readers currently configured in the system. When you add a reader to the system, it is
added to the All Readers group automatically.

To set up a reader group:


1. Select Configuration : Access Control : Reader Groups.

S2 Security Corporation 27 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

The Reader Groups configuration page appears:

2. Enter a descriptive Name for the reader group.


3. For each reader you want to add to the group, select it in the Available list and
click the right-arrow button to move it to the Selected list.
4. Click Save.

Creating an Access Level


Create an access level that includes the time spec and reader group you have
created.
At the valid access times specified by the time spec, cardholders to whom the access
level is assigned will be able to present their credentials at readers/keypads in the
reader group to be granted access.

To create an access level:


1. Select Configuration : Access Control : Access Levels.

S2 Security Corporation 28 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

The Access Levels configuration page appears:

2. Enter a descriptive Name for the access level, or click add and then enter
the name.
3. Select the Enabled check box to the right of the Name field to enable the
access level.
4. For Reader(s), select the reader group you created.
5. For Time Spec, select the time spec you created.
6. Click Save.
For information on other functions of access levels, see the S2 online help.

Creating a Credential Format


Create a credential format that matches the format of your facility’s cards or keypads.
An access control blade supports readers and keypads with various data formats.
Most commonly used deployments use the Wiegand or Magnetic Stripe ABA Track 2
data formats, which are described further here.

S2 Security Corporation 29 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

Note:
If you do not know the format of an individual credential or the existing credential
population, you can use the Card Decoder utility to decode the bits on Wiegand
formatted credentials and the bytes on Track 2 of Magnetic stripe credentials. For
instructions, see the online help. (Search for Decoding Cards.)

To create a new Wiegand card/keypad format:


1. Select Configuration : Access Control : Card/Keypad Formats.
The Card/Keypad Formats configuration page appears:

2. Click add under the Name drop-down list.

Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new name, and making any needed
changes to the new format.

3. Enter a Name for the new card format. This is a required entry.
4. To enable the card format, select the Enabled check box.
5. Enter a Description for the card format.

S2 Security Corporation 30 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

6. From the Data Format drop-down list, select Wiegand.


7. In the Length text box, enter the number of bits in this card format. This is a
required entry. The number entered here determines the number of bit
definition drop-down lists provided below.
8. Check the card manufacturer's documentation for the facility code of the card
batch you are using. Enter this number in the Facility Code text box.

Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.

9. Enter in the following four fields the correct start-bit and bit-length values for
the format you are creating:
 Facility Code Start: The first bit of the facility code number.
 Facility Code Length: The number of bits used to indicate the facility
code. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the facility code portion of the card
format.
 Encoded # Start: The first bit of the card ID number.
 Encoded # Length: The number of bits used to indicate the card ID
number. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the card ID portion of the format.

Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility Code
Start, and Facility Code Length.

10. Select the Hot Stamp and encoded numbers default identical
check box if the number printed on the card is the same as the encoded
number.
If this box is checked, whenever you either enroll a card using a reader or
manually enter a number in the Hot Stamp # field, the system populates both
Hot Stamp # and Encoded # fields with the same value.
11. Bit definitions in card format: These drop-down lists will fill in
automatically when you complete step 7 above. The number of bit drop-down
lists will match the number you entered in the Length box at step 5.
P is for a parity bit. F is for a facility code bit. N is for a card number bit.

S2 Security Corporation 31 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

12. Parity bit definitions: These drop-down lists are filled in with the default
parity bit definitions for the Wiegand format. The first bit (bit 1) is used for
even parity error checking and covers bits 2 through 13. The last significant bit
(bit 26) is used for odd parity error checking and covers bits 14 through 25.
13. Click Save.

To create a magnetic stripe ABA Track 2 format:


1. Select Configuration : Access Control : Card/Keypad Formats.
The Card/Keypad Formats configuration page shown on page page 30
appears.
2. Click add under the Name drop-down list.

Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new Name, and making any needed
changes to the new format.

3. Enter a Name for the new card format. This is a required entry.
4. Enter a Description for the card format.
5. From the Data Format drop-down list, select Magstripe Track 2.
6. In the Length text box, enter the number of bytes in this card format. This is
a required entry. The number entered here determines the number of byte
definition drop-down lists provided below.
7. Check the card manufacturer's documentation for the facility code of the card
batch you are using. Enter this number in the Facility Code field.

Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.

8. Enter in the following four fields the correct start byte and byte length values
for the format you are creating:
 Facility Code Start: The first byte of the facility code number.
 Facility Code Length: The number of bytes used to indicate the
facility code.
 Encoded # Start: The first byte of the card ID number.

S2 Security Corporation 32 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

 Encoded # Length: The number of bytes used to indicate the card ID


number.

Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility
Code Start, and Facility Code Length.

9. Select the Hot Stamp and encoded numbers default identical


check box if the number printed on the card is the same as the encoded
number. If this box is checked, whenever you enroll a card using a reader or
manually enter a number in the Hot Stamp # field, the system populates both
Hot Stamp # and Encoded # fields with the same value.
10. To ensure that the new card format will be recognized by remote locksets with
magnetic stripe card readers, select the Magnetic Stripe Remote
Lockset supported check box.
11. Byte definitions in card format: These drop-down lists will fill in automatically
when you complete step 7 above. The number of byte drop-down lists will
match the number you entered in the Length box at step 5.
 F is for a facility code byte.
 N is for a card number byte.
 ? is for an unmatched number.
 SS is a Start Sentinel byte with the ASCII value “";".
 ES is an End Sentinel byte with the ASCII value “?”.
 LRC is a checksum character.
12. Click Save.

Adding People to the System


Before you can issue credentials and assign access levels to people, you must add
them to the system. To add a person, you create a person record.
You can issue credentials and assign access levels to a person as you are creating
his or her person record. You can also edit the person record later to add, modify, and
remove credentials and access levels.
When a credential is added to a person record, it is downloaded to S2 nodes in the
system, based on the person’s access levels and the readers or reader groups
assigned to those access levels.

S2 Security Corporation 33 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

Note:
An access level that is not assigned to a person record is stored in the S2 controller’s
database and is not downloaded to S2 nodes.

To add a person to the system:


1. Select Administration : People : Add.
A person record form appears.
2. Fill in the fields at the top of the form:

 The Last Name and Activation Date/Time fields are required


entries. Click the calendar icon to displays a calendar you can use to
select the activation date.
 Enter an Expiration Date/Time if you want the person's access to
expire automatically at a particular date and time.
 If your organization issues ID numbers, enter the person's ID number in
the ID# text box.

Note:
Although the ID# is not required, supplying a unique Person ID for each
person record allows the records to be reliably retrieved, modified, and
deleted via the API.

S2 Security Corporation 34 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

3. To issue a credential, click Add New Credential on the Access Control tab
to display the fields shown below:

4. Enter the Hot Stamp # and Encoded #, and select the Credential
Format you created earlier. The Status for the credential should remain
Active.

Note:
You can also add a credential by presenting it at the system’s enrollment
reader, as described in the next procedure.

5. To assign an access level, scroll down to the Access Levels section:

6. Select the access level you created from the Available list, and click the right
arrow button to move it to the Selected list.
7. Click Save.

To issue a credential using a reader:


1. Click the Add New Credential button on the Access Control tab of a
person record.
2. Enter the hot stamp number printed on the credential into the Hot stamp #
box.
3. Select the format you created earlier from the Credential Format
drop-down list.

S2 Security Corporation 35 January 2018


S2 NetBox Initial Software Setup Guide Setting Up Portal Access Control

4. Click the Read button to read the credential.


5. In the Issue Credential Using Reader dialog box, check to make sure the
enrollment reader you are using is selected in the drop-down, and then click
Go.
6. Present the credential to the reader. The encoded credential number appears
in the Encoded # box.
7. Click Save.

Testing Your Configuration


Once you have completed the procedures in this section, you can test your portal
access control configuration.

To test your configuration:


1. Have a cardholder present his or her credentials at any portal’s reader/keypad
at a valid access time (as defined by the time spec assigned to his or her
access level).
2. Select to Monitor : Activity Log.
3. Ensure that an Access granted entry similar to the one shown below was
added to the Activity Log.
10:28:10 AM Access granted for Jonathan Moore at Front Entrance

S2 Security Corporation 36 January 2018


Index
A inputs, setting up 22
accepting the license agreement 3
K
access control, setting up for portals 20
access levels, creating 28 keypads, setting up 22
Activation Key and Product Key 4
L
adding people to the system 33
licensing page 3
B logging into the system 7
basic portal access control configuration, setting up
20 M
blade diagrams, using to configure resources 21 M1-3200 blade
Ethernet port 10
C Reset button 14
certificate, SSL 15 magnetic stripe credential format, creating 32
communications between S2 nodes and the S2 con-
troller, securing 15 N
credential formats, creating 29, 32 network settings
configuring for current generation S2 nodes 12
D configuring for the S2 controller 6
default NTP server settings 8
HTTP port number 7
S2 node password, changing 10 O
S2 system password, changing 7 outputs, setting up 24
diagnosing S2 node problems 18
digital certificate, selecting for an S2 node 15 P
password
E changing for S2 node 10
email settings, S2 controller 6 changing for S2 system 7
enabling and renaming S2 nodes 18 person records, creating 33
portal access control configuration, testing 36
F portal access control, setting up 20
factory defaults, resetting for S2 nodes 14 portal definitions, creating 25
portals, configuring resources for 21
H power cycling an S2 node 18
HTTP port number, default 7 problems with an S2 node, diagnosing 18
Product Key and Activation Key 4
I
Initmode page R
changing initial S2 controller settings 6 reader groups, creating 27
displaying 4 readers/keypads, setting up 22

S2 Security Corporation 37 January 2018


S2 NetBox Initial Software Setup Guide Index

renaming and enabling S2 nodes 18 W


resetting an S2 node 18 web server settings for S2 controller 7
resetting S2 node factory defaults 14 Wiegand credential format, creating 30
resources, configuring for portals 21
reverting an S2 node 18

S
S2 controller
email settings 6
network settings 6
time server settings 8
web server settings 7
S2 nodes
changing default password 10
changing security settings 11
configuring resources for 20
diagnosing problems 18
enabling and renaming 18
enabling secure communications 15
resetting 18
reverting to factory defaults 14, 18
secure communications, enabling for S2 nodes 15
setting up
access levels 28
credential formats 29
inputs 22
outputs 24
person records 33
portal access control 20
portals 25
reader groups 27
reader/keypads 22
S2 nodes 9
time specs 26
Software License page, displaying 3
SSL certificate, selecting for an S2 node 15
system
configuring initial settings 6
logging in 7

T
testing a portal access control configuration 36
time server
available settings 8
configuring 6
time specs, creating 26

S2 Security Corporation 38 January 2018