Beruflich Dokumente
Kultur Dokumente
Setup Guide
January 2018
S2 Security Corporation
One Speen Street
Suite 300
Framingham MA 01701
www.s2sys.com
S2 Support: 508 663-2505
Document #NBO-SS-01
© S2 Security Corporation 2009-2018. All rights reserved.
This guide is protected by copyright and all rights are reserved by S2 Security Corporation. It may
not, in whole or in part, except insofar as herein directed, be copied, photocopied, reproduced,
translated or reduced to any electronic medium or machine-readable form without prior written
consent of S2 Security Corporation.
Third party trademarks, trade names, product names, and logos may be the trademarks or
registered trademarks of their respective owners.
Requirements
You will need the following:
S2 NetBox Online, obtained from S2 Security. For a quote, contact S2 Sales:
Phone: 508 663-2500
Email: sales@s2sys.com
Physical S2 nodes and the physical resources (reader/keypad, input, and
output devices) that will be wired to the nodes.
Supported nodes are S2 Network Node with M1-3200 blade and
S2 MicroNode Plus. No other node types or devices such as locksets,
intrusion panels, or cameras are supported.
A PC with network connectivity to your S2 nodes and one of the following
browsers:
Chrome 61
Firefox 55
Internet Explorer 11
Safari 8 or 9
Required:
Refer also to Tech Note 24: S2 Node Operational Requirements, which describes
networking requirements for optimal S2 node performance.
This section provides instructions for setting up an S2 Network Node with M1-3200
blade or S2 MicroNode Plus for use with S2 NetBox Online. It describes how to:
Obtain the network configuration for the S2 node. This information is included
in the order acknowledgement sent from S2 Security.
If you do not have access to the order acknowledgement, contact
S2 Customer Service:
Phone: 508 663-2500, option 1
Email: orders@s2sys.com
Log into the S2 node to change the default password. (page 4)
Update the node firmware by pointing the S2 node to the IP address for the
S2 NetBox Online instance. The S2 node will establish a connection to
download a new version of the firmware, but it will not fully connect. (page 5)
Establish a full and secure connection by pointing the S2 node to the server
name for the S2 NetBox Online instance and enabling secure node
communications. (page 7)
View additional node information. (page 9)
Use the debug utilities to retrieve diagnostic information for the S2 node,
revert it to factory defaults, and reboot it. (page 10)
Gateway address.
Server name and IP address for your S2 NetBox Online instance.
IP address for the primary DNS server, and for the secondary DNS server if
one is configured.
5. Enter the current login password (admin), enter and re-enter the new
password, and click Change.
6. (optional) Under Security Policies, select either or both of the following check
boxes and click Update:
Allow logins when locked: This will allow users to log into the S2
node when the enclosure door is closed.
Disable this web service when SSL is disabled: This will
ensure that the web server will be inaccessible to users when SSL is
disabled.
2. To use a static IP address for the S2 node, enter the new IP address, network
mask, and gateway address; and leave the Use DHCP check box
unchecked.
- or -
To allow the network set the IP address dynamically, leave the IP address,
network mask, and gateway address at their defaults and select the Use
DHCP check box.
Note:
For more information about using DHCP, refer to Tech Note 35: USB
Commissioning of S2 Nodes.
3. In the Network Controller section, enter the IP address for your S2 NetBox
Online instance.
The IP address is included in the order acknowledgement sent from
S2 Security.
4. (optional) Clear the Auto-Revert check box to disable the Auto-Revert
feature, which is enabled by default.
This feature causes the S2 node to revert to its previous configuration in five
minutes. If Auto-Revert is enabled and you have configured the network
settings incorrectly, resulting in an inability to connect to the S2 node, it will
revert to the last known configuration.
5. Click Submit.
6. Click OK on the two warning messages that appear.
7. Close your browser window.
Important:
If you left Auto-Revert enabled at step 4, and you are confident that the
network configuration is correct, you must log into the S2 node again within
five minutes to prevent it from reverting to the previous configuration.
To log in again, you can either switch your PC to the new subnet of the S2
node, or access it from another system on the target network.
2. In the Network Controller section, replace the IP address for the primary
controller with the server name for the S2 NetBox Online instance.
The server name for the S2 NetBox Online instance is included in the order
acknowledgement sent from S2 Security. To successfully connect the S2
node, you must replace the primary controller IP address with this server
name, and you must select the S2 Signed option at step 5.
3. Enter the IP address for the primary DNS server, and for the secondary DNS
server if one is configured.
Important:
If you left Auto-Revert enabled at step 4, and you are confident that the
network configuration is correct, you must log into the S2 node again within
five minutes to prevent it from reverting to the previous configuration.
To log in again, you can either switch your PC to the new subnet of the S2
node, or access it from another system on the target network.
In the Current Status section, the unique identifier (UID) for the S2 node
should be displayed in green and it should have the status Connected. This
may take a few minutes.
On the Node Info page (shown below), the S2 node should show its status as
Connected/Secure.
Note:
Following a hardware reset of the S2 node to factory defaults (described on page 11),
you will need to re-enable secure communications for the node.
If there is a secure node configuration error, a message in the Activity Log will indicate
the reason for the error, as described in Table 1.
2. To retrieve system diagnostics, click Get Diags and wait for up to one
minute. Email the files to S2 Support for review.
3. To revert the node to factory defaults, click Revert.
This closes the existing connection to the S2 NetBox Online instance, clears
the current system configuration and credentials from the node, and restores
the firmware to the factory pre-installed image. Only the node’s network
configuration and digital certificates are retained.
Note:
If you are unable to log into a current generation S2 node, you will need to use the
orange Revert button on the node blade to reset the node to factory defaults. When
the Revert button is held down for an extended period of time, each of the four LEDs
will blink sequentially. They will then blink on and off in unison, indicating that the
revert process has completed and the node has been returned to its factory default
settings. You can now release the Revert button.
For information on using the software to revert an S2 node to factory defaults but
retain its network configuration and digital certificates, see page 10.
Note:
For information on setting up elevator access control, refer to the online help.
Note:
In the procedures below you will use the access control blade diagram, but this is not
the only way to configure portal resources. See the online help for more information.
Setting Up a Reader/Keypad
Set up a reader/keypad for each portal’s incoming reader, keypad, or combination
reader/keypad device.
To set up a reader/keypad:
1. On the blade diagram, click the 7-pin connector to which the reader/keypad
device is connected (or click the link for that reader connector on the right side
of the page).
The Readers/Keypads configuration page appears:
2. Enter a descriptive Name for the reader/keypad, or click add and then enter
the name.
3. Make sure the Enabled check box to the right of the Name field is selected.
The Expansion Slot and Position fields will be filled in automatically
based on your selection at step 1.
4. From the Reader/Keypad Type drop-down list, select the reader/keypad
device type.
5. Click Save.
Setting Up Inputs
Set up an input for each portal’s DSM (door status monitor) and, optionally, an input
for each portal’s REX (request to exit) device.
To set up an input:
1. On the blade diagram, click the 2-pin connector to which the input device is
connected (or click the link for that input connector on the right side of the
page).
2. Enter a descriptive Name for the input, or click add and then enter the
name.
3. Make sure the Enabled check box to the right of the Name field is selected.
4. To ensure that the input is armed at all times, make sure the Always
Armed check box is selected.
Note:
If the input needs to be armed only at certain times, clear the Always Armed
check box and add the input to an input group. The time spec assigned to the
input group will determine when its inputs will be armed.
Important:
It is critical that this selection accurately reflects the input circuit. The system
supports 1K Ohm resistors only, and a circuit diagram is displayed on the
page next to Termination Circuit. The various circuits and resistor
configurations create resistance values used by the system in determining
normal, alarm, and trouble states.
Setting Up Outputs
Set up an output for each portal’s lock.
To set up an output:
1. On the blade diagram, click the 3-pin connector to which the output device is
connected (or click the link for that output connector on the right side of the
page).
The Outputs configuration page appears:
3. Enter a descriptive Name for the portal, or click add and enter the name.
4. From the Network Node drop-down list, select the S2 node for which you
are configuring the portal.
Sections appear on the page for selecting the portal’s lock, DSM, REX, and
incoming reader/keypad:
5. From the Location drop down menu, select a location. The Master location
is selected by default.
6. Select resources for the portal’s Lock and DSM and, optionally, for its REX.
7. Select a resource for the portal’s Reader 1 and/or Keypad 1.
8. Click Save.
Important:
For a time spec whose start time is later than its end time, the time spec
period will end on the day following the last day of the week you select. For
example, suppose that when setting up a Weekdays 8 PM to 7 AM time spec,
you select the days Monday through Friday. The time spec period will start at
8 PM on Monday and will end at 7 AM on Saturday, even though Saturday is
not one of the days you selected. To have the time spec period end at 7 AM
on Friday, you would need to select only the days Monday through Thursday.
6. Click Save.
Note:
The default reader group, All Readers, is a system-owned group containing all
readers currently configured in the system. When you add a reader to the system, it is
added to the All Readers group automatically.
2. Enter a descriptive Name for the access level, or click add and then enter
the name.
3. Select the Enabled check box to the right of the Name field to enable the
access level.
4. For Reader(s), select the reader group you created.
5. For Time Spec, select the time spec you created.
6. Click Save.
For information on other functions of access levels, see the S2 online help.
Note:
If you do not know the format of an individual credential or the existing credential
population, you can use the Card Decoder utility to decode the bits on Wiegand
formatted credentials and the bytes on Track 2 of Magnetic stripe credentials. For
instructions, see the online help. (Search for Decoding Cards.)
Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new name, and making any needed
changes to the new format.
3. Enter a Name for the new card format. This is a required entry.
4. To enable the card format, select the Enabled check box.
5. Enter a Description for the card format.
Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.
9. Enter in the following four fields the correct start-bit and bit-length values for
the format you are creating:
Facility Code Start: The first bit of the facility code number.
Facility Code Length: The number of bits used to indicate the facility
code. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the facility code portion of the card
format.
Encoded # Start: The first bit of the card ID number.
Encoded # Length: The number of bits used to indicate the card ID
number. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the card ID portion of the format.
Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility Code
Start, and Facility Code Length.
10. Select the Hot Stamp and encoded numbers default identical
check box if the number printed on the card is the same as the encoded
number.
If this box is checked, whenever you either enroll a card using a reader or
manually enter a number in the Hot Stamp # field, the system populates both
Hot Stamp # and Encoded # fields with the same value.
11. Bit definitions in card format: These drop-down lists will fill in
automatically when you complete step 7 above. The number of bit drop-down
lists will match the number you entered in the Length box at step 5.
P is for a parity bit. F is for a facility code bit. N is for a card number bit.
12. Parity bit definitions: These drop-down lists are filled in with the default
parity bit definitions for the Wiegand format. The first bit (bit 1) is used for
even parity error checking and covers bits 2 through 13. The last significant bit
(bit 26) is used for odd parity error checking and covers bits 14 through 25.
13. Click Save.
Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new Name, and making any needed
changes to the new format.
3. Enter a Name for the new card format. This is a required entry.
4. Enter a Description for the card format.
5. From the Data Format drop-down list, select Magstripe Track 2.
6. In the Length text box, enter the number of bytes in this card format. This is
a required entry. The number entered here determines the number of byte
definition drop-down lists provided below.
7. Check the card manufacturer's documentation for the facility code of the card
batch you are using. Enter this number in the Facility Code field.
Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.
8. Enter in the following four fields the correct start byte and byte length values
for the format you are creating:
Facility Code Start: The first byte of the facility code number.
Facility Code Length: The number of bytes used to indicate the
facility code.
Encoded # Start: The first byte of the card ID number.
Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility
Code Start, and Facility Code Length.
Note:
An access level that is not assigned to a person record is stored in the database of the
S2 NetBox Online instance and is not downloaded to S2 nodes.
Note:
Although the ID# is not required, supplying a unique Person ID for each
person record allows the records to be reliably retrieved, modified, and
deleted via the API.
3. To issue a credential, click Add New Credential on the Access Control tab
to display the fields shown below:
4. Enter the Hot Stamp # and Encoded #, and select the Credential
Format you created earlier. The Status for the credential should remain
Active.
Note:
You can also add a credential by presenting it at the system’s enrollment
reader, as described in the next procedure.
6. Select the access level you created from the Available list, and click the right
arrow button to move it to the Selected list.
7. Click Save.
C R
certificate, SSL 8 reader groups, creating 19
communications between S2 nodes and the S2 Net- readers/keypads, setting up 14
Box Online instance, securing 7 requirements for S2 NetBox Online 1
credential formats, creating 21, 24 resetting an S2 node 10
resetting S2 node factory defaults 11
D
resources, configuring for portals 13
default S2 node password, changing 4 reverting an S2 node 10
diagnosing S2 node problems 10
digital certificate, selecting for an S2 node 8 S
S2 nodes
F
changing default password 4
factory defaults, resetting for S2 nodes changing security settings 4
using the hardware 11 configuring resources for 12
using the software 10 diagnosing problems 10
firmware, updating for S2 nodes 5 enabling secure communications 7
resetting 10
I
reverting to factory defaults 10, 11
inputs, setting up 14 updating firmware 5
secure communications, enabling for S2 nodes 7
K
setting up
keypads, setting up 14 access levels 20
credential formats 21
M
inputs 14
M1-3200 blade Reset button 11 outputs 16
magnetic stripe credential format, creating 24 person records 25
portal access control 12
O
portals 17
outputs, setting up 16 reader groups 19
reader/keypads 14
S2 nodes 3
time specs 18
SSL certificate, selecting for an S2 node 8
T
testing a portal access control configuration 28
time specs, creating 18
W
Wiegand credential format, creating 22