S2 NetBox Online Setup 01

S2 NetBox® Online
Setup Guide
January 2018
S2 Security Corporation
One Speen Street
Suite 300
Framingham MA 01701
www.s2sys.com
S2 Support: 508 663-2505
Document #NBO-SS-01
© S2 Security Corporation 2009-2018. All rights reserved.
This guide is protected by copyright and all rights are reserved by S2 Security Corporation. It may
not, in whole or in part, except insofar as herein directed, be copied, photocopied, reproduced,
translated or reduced to any electronic medium or machine-readable form without prior written
consent of S2 Security Corporation.
Third party trademarks, trade names, product names, and logos may be the trademarks or
registered trademarks of their respective owners.
The following are trademarks or registered trademarks of S2 Security Corporation:

 S2 NetBox®, S2 NetBox® Plus, S2 NetBox® Extreme, S2 NetBox® Enterprise,
S2 NetBox® Virtual Machine, S2 NetBox® Online
 S2 MicroNode™ Plus
 S2 Magic Monitor®
 S2 Global®
 S2 NetVR®, S2 NetBox® VR, S2 NetBox® VR Quatro, S2 NetVR® Software Solution
 S2 Mobile Security Officer®, S2 Mobile Security Professional™
 S2 Cumulus™
Contents
Introduction ................................................................................................................. 1
Requirements..................................................................................................................... 1
Where to Go for More Information ..................................................................................... 2
Setting Up S2 Nodes.................................................................................................... 3
Obtaining the Network Configuration ................................................................................. 3
Changing the Default Password......................................................................................... 4
Updating the S2 Node Firmware........................................................................................ 5
Establishing a Full and Secure Connection ....................................................................... 7
Viewing Additional Node Information ................................................................................. 9
Using the Debug Utilities.................................................................................................. 10
Setting Up Portal Access Control ............................................................................. 12
Configuring Portal Resources .......................................................................................... 13
Setting Up a Reader/Keypad ..................................................................................... 14
Setting Up Inputs ....................................................................................................... 14
Setting Up Outputs .................................................................................................... 16
Creating Portal Definitions ............................................................................................... 17
Creating a Time Spec....................................................................................................... 18
Creating a Reader Group................................................................................................. 19
Creating an Access Level ................................................................................................ 20
Creating a Credential Format........................................................................................... 21
Adding People to the System........................................................................................... 25
Testing Your Configuration ............................................................................................... 28
Index ............................................................................................................................29
S2 Security Corporation iii January 2018

Introduction
S2 NetBox® Online is a cloud based solution that runs on the Amazon Web Services
(AWS) Cloud Platform. It provides S2 NetBox functionality as a service.
This document describes:
 S2 NetBox Online requirements.
 How to configure S2 nodes to communicate with an S2 NetBox Online
instance. (page 3)
 How to set up a basic configuration for portal access control and then test
your configuration. (page 12)
Requirements
You will need the following:
 S2 NetBox Online, obtained from S2 Security. For a quote, contact S2 Sales:
 Phone: 508 663-2500
 Email: sales@s2sys.com
 Physical S2 nodes and the physical resources (reader/keypad, input, and
output devices) that will be wired to the nodes.
Supported nodes are S2 Network Node with M1-3200 blade and
S2 MicroNode Plus. No other node types or devices such as locksets,
intrusion panels, or cameras are supported.
 A PC with network connectivity to your S2 nodes and one of the following
browsers:
 Chrome 61
 Firefox 55
 Internet Explorer 11
 Safari 8 or 9
S2 Security Corporation 1 January 2018

S2 NetBox Online Setup Guide Introduction
Where to Go for More Information

The instructions in this guide assume that the hardware installation has been
completed for all S2 nodes to be included in the system. For instructions, consult the
following documentation:
 S2 NetBox Hardware Installation Guide (Document #NNEQ-HW-nn) for
information on installing an S2 Network Node with M1-3200 blade.
 S2 MicroNode Plus Hardware Installation Guide (Document #MNP-HW-nn)
for information on installing an S2 MicroNode Plus.
These guides are available for download from Support Central on the S2
Security web site (www.s2sys.com). In the document numbers, nn refers to
the latest revision.
Required:
Refer also to Tech Note 24: S2 Node Operational Requirements, which describes
networking requirements for optimal S2 node performance.

Setting Up S2 Nodes
An S2 node is the system component that manages local access control decisions,
using data provided by the S2 NetBox Online instance. The S2 node persistently
stores its configuration information and event data, so it will continue to function if the
connection with the S2 NetBox Online instance is lost. It also manages the installed
application extension blades.
This section provides instructions for setting up an S2 Network Node with M1-3200
blade or S2 MicroNode Plus for use with S2 NetBox Online. It describes how to:
 Obtain the network configuration for the S2 node. This information is included
in the order acknowledgement sent from S2 Security.
If you do not have access to the order acknowledgement, contact
S2 Customer Service:
 Phone: 508 663-2500, option 1
 Email: orders@s2sys.com
 Log into the S2 node to change the default password. (page 4)
 Update the node firmware by pointing the S2 node to the IP address for the
S2 NetBox Online instance. The S2 node will establish a connection to
download a new version of the firmware, but it will not fully connect. (page 5)
 Establish a full and secure connection by pointing the S2 node to the server
name for the S2 NetBox Online instance and enabling secure node
communications. (page 7)
 View additional node information. (page 9)
 Use the debug utilities to retrieve diagnostic information for the S2 node,
revert it to factory defaults, and reboot it. (page 10)
Obtaining the Network Configuration

To configure network settings for an S2 node, you will need the following information,
which is included in the order acknowledgement sent from S2 Security:
 Static IP address for the S2 node.
This is not needed if you plan to use DHCP for dynamic IP addressing.
 Network mask.

S2 NetBox Online Setup Guide Setting Up S2 Nodes
 Gateway address.
 Server name and IP address for your S2 NetBox Online instance.
 IP address for the primary DNS server, and for the secondary DNS server if
one is configured.
Changing the Default Password

It is strongly recommended that you change the S2 node’s default login password.
You can also select an option to allow logins when the enclosure door is closed. By
default, the S2 node can be accessed only when the enclosure door is open.
To log into the S2 node and change the default password:

1. Connect to the S2 node by browsing to its default IP address: 192.168.0.251.
2. Enter the password admin and click Log in to log into the S2 node.
3. On the Node Info page (shown on page 9), record the Node Id number.
This will help you identify the S2 node in the S2 NetBox Online web interface.
The number corresponds to the16 character unique identifier (UID) that will be
shown for the node on the Network Nodes page.
4. Click Web Server in the header bar to display the following page:
5. Enter the current login password (admin), enter and re-enter the new
password, and click Change.

6. (optional) Under Security Policies, select either or both of the following check
boxes and click Update:
 Allow logins when locked: This will allow users to log into the S2
node when the enclosure door is closed.
 Disable this web service when SSL is disabled: This will
ensure that the web server will be inaccessible to users when SSL is
disabled.
Updating the S2 Node Firmware

For an S2 node to be used with S2 NetBox Online, it must be running the latest
version of the node firmware. When you point an S2 node to the IP address for your
S2 NetBox Online instance, the node will establish a connection to download a new
version of the firmware, but it will not fully connect.
To update the node firmware:

1. Click Network in the header bar to display the following page:

2. To use a static IP address for the S2 node, enter the new IP address, network
mask, and gateway address; and leave the Use DHCP check box
unchecked.
- or -
To allow the network set the IP address dynamically, leave the IP address,
network mask, and gateway address at their defaults and select the Use
DHCP check box.
Note:
For more information about using DHCP, refer to Tech Note 35: USB
Commissioning of S2 Nodes.
3. In the Network Controller section, enter the IP address for your S2 NetBox
Online instance.
The IP address is included in the order acknowledgement sent from
S2 Security.
4. (optional) Clear the Auto-Revert check box to disable the Auto-Revert
feature, which is enabled by default.
This feature causes the S2 node to revert to its previous configuration in five
minutes. If Auto-Revert is enabled and you have configured the network
settings incorrectly, resulting in an inability to connect to the S2 node, it will
revert to the last known configuration.
5. Click Submit.
6. Click OK on the two warning messages that appear.
7. Close your browser window.
Important:
If you left Auto-Revert enabled at step 4, and you are confident that the
network configuration is correct, you must log into the S2 node again within
five minutes to prevent it from reverting to the previous configuration.
To log in again, you can either switch your PC to the new subnet of the S2
node, or access it from another system on the target network.

Establishing a Full and Secure Connection

Once an S2 node has downloaded the latest version of the firmware version, you must
point it to the server name for the S2 NetBox Online instance and enable secure node
communications (using a digital certificate signed by S2 Security). The node will fully
connect and show its status as Connected/Secure.
To establish a full and secure connection:

1. Click Network in the header bar to display the following page:
2. In the Network Controller section, replace the IP address for the primary
controller with the server name for the S2 NetBox Online instance.
The server name for the S2 NetBox Online instance is included in the order
acknowledgement sent from S2 Security. To successfully connect the S2
node, you must replace the primary controller IP address with this server
name, and you must select the S2 Signed option at step 5.
3. Enter the IP address for the primary DNS server, and for the secondary DNS
server if one is configured.

4. Under Node Secure Communications, select Enable.

5. Select S2 Signed from the Certificate type drop-down list.
By default, S2 NetBox Online node secure communications is configured
using the S2 Signed certificate. To successfully connect the S2 node, you
must choose the S2 Signed option—and at step 2, you must replace the
primary controller IP address with the server name for the S2 NetBox Online
instance.
6. (optional) Clear the Auto-Revert check box to disable the Auto-Revert
feature, which is enabled by default.
This feature causes the S2 node to revert to its previous configuration in five
minutes. If Auto-Revert is enabled and you have configured the network
settings incorrectly, resulting in an inability to connect to the S2 node, it will
revert to the last known configuration.
7. Click Submit.
8. Click OK on the two warning messages that appear.
9. Close your browser window.
Important:
If you left Auto-Revert enabled at step 4, and you are confident that the
network configuration is correct, you must log into the S2 node again within
five minutes to prevent it from reverting to the previous configuration.
To log in again, you can either switch your PC to the new subnet of the S2
node, or access it from another system on the target network.
To enable the S2 node and verify the S2 NetBox Online connection:

1. Log into the S2 NetBox Online instance and select Configuration : Site
Settings : Network Nodes.
2. On the Name drop-down list, select the Node Id number you recorded from
the Node Info page.
When you select the number it also appears in the Unique Identifier field.
Do not change this field.
3. Click the Rename link and enter a name that will help you identify the
S2 node.
4. Select the Enabled check box to enable the S2 node.
This allows the communication of data between the S2 node and S2 NetBox
Online instance.
5. Click Save.
6. Select Configuration : Site Settings : Node Status.

In the Current Status section, the unique identifier (UID) for the S2 node
should be displayed in green and it should have the status Connected. This
may take a few minutes.
On the Node Info page (shown below), the S2 node should show its status as
Connected/Secure.
Note:
Following a hardware reset of the S2 node to factory defaults (described on page 11),
you will need to re-enable secure communications for the node.
If there is a secure node configuration error, a message in the Activity Log will indicate
the reason for the error, as described in Table 1.
Table 1. Activity Log Messages for Secure Node Configuration Errors
Error Message Meaning

secure connection attempt for Secure node communications is disabled on the S2
<node> NetBox Online instance but enabled on the specified
node.
certificate not found for <node> The specified node is using an unknown digital certificate.
non-secure connection attempt Secure node communications is enabled on the S2
for <node> NetBox Online instance but disabled on the specified
node.
Viewing Additional Node Information

The Node Info page to view information about an S2 node, such as its unique identifier
(UID). To display the page, click Info in the header bar:

The page shows the following information:

 Network Controller Connection Status. If the value Connected is
shown, the S2 node and S2 NetBox Online instance are connected and
communicating over the network.
 Node Id: Shows the unique identifier (UID) for the S2 node.
 Node IP Address: Shows the IP address for the S2 node.
 Node Version: Shows the node firmware version number.
 Serial Number: Shows the serial number of the node blade.
 Active Controller: Shows the IP address for the S2 NetBox Online
instance to which the S2 node is currently connected.
 Slots 1 through 7: Each shows an application extension blade installed in
the enclosure.
Using the Debug Utilities

The Utility page lets you diagnose problems with a node, revert the node to factory
defaults (but retain its network configuration and digital certificates), and reboot
the node.
To use the debug utilities:

1. Click Utility in the header bar to display the following page.
2. To retrieve system diagnostics, click Get Diags and wait for up to one
minute. Email the files to S2 Support for review.
3. To revert the node to factory defaults, click Revert.
This closes the existing connection to the S2 NetBox Online instance, clears
the current system configuration and credentials from the node, and restores
the firmware to the factory pre-installed image. Only the node’s network
configuration and digital certificates are retained.

When the node reconnects to the S2 NetBox Online instance, it upgrades to

the latest firmware, and the current system configuration and credentials are
loaded onto the node.
4. To reset the node, click Reset.
This power cycles the node to reset it.
Note:
If you are unable to log into a current generation S2 node, you will need to use the
orange Revert button on the node blade to reset the node to factory defaults. When
the Revert button is held down for an extended period of time, each of the four LEDs
will blink sequentially. They will then blink on and off in unison, indicating that the
revert process has completed and the node has been returned to its factory default
settings. You can now release the Revert button.
For information on using the software to revert an S2 node to factory defaults but
retain its network configuration and digital certificates, see page 10.

Setting Up Portal Access
Control
After you have enabled your S2 nodes and confirmed they are communicating with
the S2 NetBox Online instance, your can begin configuring the system for access
control. A key task will be setting up access control for your facility’s portals—its doors
and other access points.
This section takes you through the process of setting up a basic configuration for
portal access control, and then testing your configuration. This will require adding the
following to the system:
 Portal resources (page 13): Create definitions for the physical resources
(reader/keypad devices, input devices, and output devices) that are wired to
and S2 node and its application extension blades.
 Portal definitions (page 17): Create definitions for your portals. At a
minimum, each definition should specify a reader/keypad for its incoming
reader/keypad device, an input for its DSM (door status monitor), and an
output for the portal’s lock.
 A time spec (page 18): Create a time spec that specifies valid access times
for cardholders.
 A reader group (page 19): Create a reader group containing your portals’
readers/keypads and assign your access level to it.
 An access level (page 20): Create an access level and assign your time
spec to it.
 A credential format (page 21): Create a credential format that matches
the format of your facility’s cards or keypads.
 Person records (page 25): Create person records for cardholders who
should have access to your facility. Each person record will include your
access level and a credential with your credential format.
Any cardholder who presents his or her credentials at one of the
readers/keypads in your reader group at a valid access time (as defined by
the time spec you assigned to your access level) will be granted access.
Note:
For information on setting up elevator access control, refer to the online help.

S2 NetBox Online Setup Guide Setting Up Portal Access Control
Configuring Portal Resources

After selecting an S2 node in the S2 user interface, you can view diagrams of the
application extension blades (access control, input, output, and temperature) that are
connected to that S2 node.
This section describes how to use the diagram of an S2 node’s access control blade
(see the example in the figure below) to configure the reader/keypads, inputs, and
outputs you will need for portal access control.
Note:
In the procedures below you will use the access control blade diagram, but this is not
the only way to configure portal resources. See the online help for more information.
To view an S2 node’s access control blade diagram:

1. Select Configuration : Site Settings : Network Nodes.
2. Select an S2 node from the Name drop-down list.
3. Click the Blades tab.
4. Select an access control blade from the list on the left side of the page.
A diagram of the blade appears on the page:

Setting Up a Reader/Keypad
Set up a reader/keypad for each portal’s incoming reader, keypad, or combination
reader/keypad device.
To set up a reader/keypad:
1. On the blade diagram, click the 7-pin connector to which the reader/keypad
device is connected (or click the link for that reader connector on the right side
of the page).
The Readers/Keypads configuration page appears:
2. Enter a descriptive Name for the reader/keypad, or click add and then enter
the name.
3. Make sure the Enabled check box to the right of the Name field is selected.
The Expansion Slot and Position fields will be filled in automatically
based on your selection at step 1.
4. From the Reader/Keypad Type drop-down list, select the reader/keypad
device type.
5. Click Save.
Setting Up Inputs
Set up an input for each portal’s DSM (door status monitor) and, optionally, an input
for each portal’s REX (request to exit) device.
To set up an input:
1. On the blade diagram, click the 2-pin connector to which the input device is
connected (or click the link for that input connector on the right side of the
page).

The Inputs configuration page appears:
2. Enter a descriptive Name for the input, or click add and then enter the
name.
3. Make sure the Enabled check box to the right of the Name field is selected.
4. To ensure that the input is armed at all times, make sure the Always
Armed check box is selected.
Note:
If the input needs to be armed only at certain times, clear the Always Armed
check box and add the input to an input group. The time spec assigned to the
input group will determine when its inputs will be armed.

5. From the Input supervision type drop-down list, select the circuit type
(NO = normally open, NC = normally closed) and resistor configuration, based
on how the input device is wired.
Important:
It is critical that this selection accurately reflects the input circuit. The system
supports 1K Ohm resistors only, and a circuit diagram is displayed on the
page next to Termination Circuit. The various circuits and resistor
configurations create resistance values used by the system in determining
normal, alarm, and trouble states.

For more specific information on these wiring configurations and resistance

values, see the section on connecting inputs in the installation guide for your
S2 node.
6. Click Save.
Setting Up Outputs
Set up an output for each portal’s lock.
To set up an output:
1. On the blade diagram, click the 3-pin connector to which the output device is
connected (or click the link for that output connector on the right side of the
page).
The Outputs configuration page appears:
2. Enter a descriptive Name for the output.

3. Make sure the Enabled check box to the right of the Name field is checked.
4. From the Default State Code drop-down list, select the normal state for
the output device: either Energized or Not Energized.
Your selection will depend on how the output device has been wired and on
the type of lock you are using (fail-safe or fail-secure).
5. Click Save.

Creating Portal Definitions

Create a portal definition for each of your facility’s doors and other access points.
A basic portal definition will include an output for the portal’s lock, an input for its DSM,
and a reader/keypad for its incoming reader, keypad, or combination reader/keypad
device.
To create a portal definition:

1. Select Configuration : Access Control : Portals.
2. The Portals configuration page appears:
3. Enter a descriptive Name for the portal, or click add and enter the name.
4. From the Network Node drop-down list, select the S2 node for which you
are configuring the portal.
Sections appear on the page for selecting the portal’s lock, DSM, REX, and
incoming reader/keypad:
5. From the Location drop down menu, select a location. The Master location
is selected by default.
6. Select resources for the portal’s Lock and DSM and, optionally, for its REX.
7. Select a resource for the portal’s Reader 1 and/or Keypad 1.
8. Click Save.

Creating a Time Spec

Create a time spec that specifies valid access times.
Later you will add this time spec to an access level and assign the access level to
person records. This will ensure that your cardholders will be granted access to your
facility only at valid access times.
To create a time spec:

1. Select Configuration : Time : Time Specs.
The Time Specs configuration page appears:
2. Click add under the Name drop-down list.

3. Enter a descriptive name for the time spec.
4. Enter a Start Time and End Time in 24 hour format. For example, enter
09:00 for 9 AM.
The time spec will be in effect from the first second of the start time through
the last second of the end time. For example, if you enter 09:00 for the start
time and 17:59 for the end time, the time spec will be in effect from 9 AM to 6
PM—or more precisely, from 09:00:01 to 17:59:59.
5. Select the check box for each day of the week you want to include in the
time spec.

Important:
For a time spec whose start time is later than its end time, the time spec
period will end on the day following the last day of the week you select. For
example, suppose that when setting up a Weekdays 8 PM to 7 AM time spec,
you select the days Monday through Friday. The time spec period will start at
8 PM on Monday and will end at 7 AM on Saturday, even though Saturday is
not one of the days you selected. To have the time spec period end at 7 AM
on Friday, you would need to select only the days Monday through Thursday.
6. Click Save.
Creating a Reader Group

Create a reader group containing the reader/keypad of each portal.
Creating a reader group is optional, because you can also assign an access level to
individual readers. However, it is more convenient to include your portals’ readers in a
group that will have a common access level.
Later you will add the reader group to an access level and assign the access level to
person records. This will ensure that your cardholders will be granted access only at
readers/keypads in the group (and only at valid access times).
Note:
The default reader group, All Readers, is a system-owned group containing all
readers currently configured in the system. When you add a reader to the system, it is
added to the All Readers group automatically.
To set up a reader group:

1. Select Configuration : Access Control : Reader Groups.

The Reader Groups configuration page appears:
2. Enter a descriptive Name for the reader group.

3. For each reader you want to add to the group, select it in the Available list and
click the right-arrow button to move it to the Selected list.
4. Click Save.
Creating an Access Level

Create an access level that includes the time spec and reader group you have
created.
At the valid access times specified by the time spec, cardholders to whom the access
level is assigned will be able to present their credentials at readers/keypads in the
reader group to be granted access.
To create an access level:

1. Select Configuration : Access Control : Access Levels.

The Access Levels configuration page appears:
2. Enter a descriptive Name for the access level, or click add and then enter
the name.
3. Select the Enabled check box to the right of the Name field to enable the
access level.
4. For Reader(s), select the reader group you created.
5. For Time Spec, select the time spec you created.
6. Click Save.
For information on other functions of access levels, see the S2 online help.
Creating a Credential Format

Create a credential format that matches the format of your facility’s cards or keypads.
An access control blade supports readers and keypads with various data formats.
Most commonly used deployments use the Wiegand or Magnetic Stripe ABA Track 2
data formats, which are described further here.

Note:
If you do not know the format of an individual credential or the existing credential
population, you can use the Card Decoder utility to decode the bits on Wiegand
formatted credentials and the bytes on Track 2 of Magnetic stripe credentials. For
instructions, see the online help. (Search for Decoding Cards.)
To create a new Wiegand card/keypad format:

1. Select Configuration : Access Control : Card/Keypad Formats.
The Card/Keypad Formats configuration page appears:
Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new name, and making any needed
changes to the new format.
3. Enter a Name for the new card format. This is a required entry.
4. To enable the card format, select the Enabled check box.
5. Enter a Description for the card format.

6. From the Data Format drop-down list, select Wiegand.

7. In the Length text box, enter the number of bits in this card format. This is a
required entry. The number entered here determines the number of bit
definition drop-down lists provided below.
8. Check the card manufacturer's documentation for the facility code of the card
batch you are using. Enter this number in the Facility Code text box.
Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.
9. Enter in the following four fields the correct start-bit and bit-length values for
the format you are creating:
 Facility Code Start: The first bit of the facility code number.
 Facility Code Length: The number of bits used to indicate the facility
code. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the facility code portion of the card
format.
 Encoded # Start: The first bit of the card ID number.
 Encoded # Length: The number of bits used to indicate the card ID
number. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the card ID portion of the format.
Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility Code
Start, and Facility Code Length.
10. Select the Hot Stamp and encoded numbers default identical
check box if the number printed on the card is the same as the encoded
number.
If this box is checked, whenever you either enroll a card using a reader or
manually enter a number in the Hot Stamp # field, the system populates both
Hot Stamp # and Encoded # fields with the same value.
11. Bit definitions in card format: These drop-down lists will fill in
automatically when you complete step 7 above. The number of bit drop-down
lists will match the number you entered in the Length box at step 5.
P is for a parity bit. F is for a facility code bit. N is for a card number bit.

12. Parity bit definitions: These drop-down lists are filled in with the default
parity bit definitions for the Wiegand format. The first bit (bit 1) is used for
even parity error checking and covers bits 2 through 13. The last significant bit
(bit 26) is used for odd parity error checking and covers bits 14 through 25.
13. Click Save.
To create a magnetic stripe ABA Track 2 format:

1. Select Configuration : Access Control : Card/Keypad Formats.
The Card/Keypad Formats configuration page shown on page page 22
appears.
Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new Name, and making any needed
changes to the new format.
3. Enter a Name for the new card format. This is a required entry.
4. Enter a Description for the card format.
5. From the Data Format drop-down list, select Magstripe Track 2.
6. In the Length text box, enter the number of bytes in this card format. This is
a required entry. The number entered here determines the number of byte
definition drop-down lists provided below.
7. Check the card manufacturer's documentation for the facility code of the card
batch you are using. Enter this number in the Facility Code field.
Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.
8. Enter in the following four fields the correct start byte and byte length values
for the format you are creating:
 Facility Code Start: The first byte of the facility code number.
 Facility Code Length: The number of bytes used to indicate the
facility code.
 Encoded # Start: The first byte of the card ID number.

 Encoded # Length: The number of bytes used to indicate the card ID

number.
Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility
Code Start, and Facility Code Length.
9. Select the Hot Stamp and encoded numbers default identical

check box if the number printed on the card is the same as the encoded
number. If this box is checked, whenever you enroll a card using a reader or
manually enter a number in the Hot Stamp # field, the system populates both
Hot Stamp # and Encoded # fields with the same value.
10. To ensure that the new card format will be recognized by remote locksets with
magnetic stripe card readers, select the Magnetic Stripe Remote
Lockset supported check box.
11. Byte definitions in card format: These drop-down lists will fill in automatically
when you complete step 7 above. The number of byte drop-down lists will
match the number you entered in the Length box at step 5.
 F is for a facility code byte.
 N is for a card number byte.
 ? is for an unmatched number.
 SS is a Start Sentinel byte with the ASCII value “";".
 ES is an End Sentinel byte with the ASCII value “?”.
 LRC is a checksum character.
12. Click Save.
Adding People to the System

Before you can issue credentials and assign access levels to people, you must add
them to the system. To add a person, you create a person record.
You can issue credentials and assign access levels to a person as you are creating
his or her person record. You can also edit the person record later to add, modify, and
remove credentials and access levels.
When a credential is added to a person record, it is downloaded to S2 nodes in the
system, based on the person’s access levels and the readers or reader groups
assigned to those access levels.

Note:
An access level that is not assigned to a person record is stored in the database of the
S2 NetBox Online instance and is not downloaded to S2 nodes.
To add a person to the system:

1. Select Administration : People : Add.
A person record form appears.
2. Fill in the fields at the top of the form:
 The Last Name and Activation Date/Time fields are required

entries. Click the calendar icon to displays a calendar you can use to
select the activation date.
 Enter an Expiration Date/Time if you want the person's access to
expire automatically at a particular date and time.
 If your organization issues ID numbers, enter the person's ID number in
the ID# text box.
Note:
Although the ID# is not required, supplying a unique Person ID for each
person record allows the records to be reliably retrieved, modified, and
deleted via the API.

3. To issue a credential, click Add New Credential on the Access Control tab
to display the fields shown below:
4. Enter the Hot Stamp # and Encoded #, and select the Credential
Format you created earlier. The Status for the credential should remain
Active.
Note:
You can also add a credential by presenting it at the system’s enrollment
reader, as described in the next procedure.
5. To assign an access level, scroll down to the Access Levels section:
6. Select the access level you created from the Available list, and click the right
arrow button to move it to the Selected list.
7. Click Save.
To issue a credential using a reader:

1. Click the Add New Credential button on the Access Control tab of a
person record.
2. Enter the hot stamp number printed on the credential into the Hot stamp #
box.
3. Select the format you created earlier from the Credential Format
drop-down list.

4. Click the Read button to read the credential.

5. In the Issue Credential Using Reader dialog box, check to make sure the
enrollment reader you are using is selected in the drop-down, and then click
Go.
6. Present the credential to the reader. The encoded credential number appears
in the Encoded # box.
7. Click Save.
Testing Your Configuration

Once you have completed the procedures in this section, you can test your portal
access control configuration.
To test your configuration:

1. Have a cardholder present his or her credentials at any portal’s reader/keypad
at a valid access time (as defined by the time spec assigned to his or her
access level).
2. Select to Monitor : Activity Log.
3. Ensure that an Access granted entry similar to the one shown below was
added to the Activity Log.
10:28:10 AM Access granted for Jonathan Moore at Front
Entrance

Index
A P
access control, setting up for portals 12 password changing for S2 node 4
access levels, creating 20 person records, creating 25
adding people to the system 25 portal access control configuration, testing 28
portal access control, setting up 12
B portal definitions, creating 17
basic portal access control configuration, setting up portals, configuring resources for 13
12 power cycling an S2 node 10
blade diagrams, using to configure resources 13 problems with an S2 node, diagnosing 10
C R
certificate, SSL 8 reader groups, creating 19
communications between S2 nodes and the S2 Net- readers/keypads, setting up 14
Box Online instance, securing 7 requirements for S2 NetBox Online 1
credential formats, creating 21, 24 resetting an S2 node 10
resetting S2 node factory defaults 11
D
resources, configuring for portals 13
default S2 node password, changing 4 reverting an S2 node 10
diagnosing S2 node problems 10
digital certificate, selecting for an S2 node 8 S
S2 nodes
F
changing default password 4
factory defaults, resetting for S2 nodes changing security settings 4
using the hardware 11 configuring resources for 12
using the software 10 diagnosing problems 10
firmware, updating for S2 nodes 5 enabling secure communications 7
resetting 10
I
reverting to factory defaults 10, 11
inputs, setting up 14 updating firmware 5
secure communications, enabling for S2 nodes 7
K
setting up
keypads, setting up 14 access levels 20
credential formats 21
M
inputs 14
M1-3200 blade Reset button 11 outputs 16
magnetic stripe credential format, creating 24 person records 25
portal access control 12
O
portals 17
outputs, setting up 16 reader groups 19
reader/keypads 14

S2 NetBox Online Setup Guide Index
S2 nodes 3
time specs 18
SSL certificate, selecting for an S2 node 8
T
testing a portal access control configuration 28
time specs, creating 18
W
Wiegand credential format, creating 22

S2 NetBox Online Setup 01

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

S2 NetBox Online Setup 01

Hochgeladen von

Copyright:

Verfügbare Formate

S2 NetBox® Online

The following are trademarks or registered trademarks of S2 Security Corporation:

S2 Security Corporation iii January 2018

S2 Security Corporation 1 January 2018

Where to Go for More Information

S2 Security Corporation 2 January 2018

Obtaining the Network Configuration

S2 Security Corporation 3 January 2018

Changing the Default Password

To log into the S2 node and change the default password:

S2 Security Corporation 4 January 2018

Updating the S2 Node Firmware

To update the node firmware:

S2 Security Corporation 5 January 2018

S2 Security Corporation 6 January 2018

Establishing a Full and Secure Connection

To establish a full and secure connection:

S2 Security Corporation 7 January 2018

4. Under Node Secure Communications, select Enable.

To enable the S2 node and verify the S2 NetBox Online connection:

S2 Security Corporation 8 January 2018

Table 1. Activity Log Messages for Secure Node Configuration Errors

Error Message Meaning

Viewing Additional Node Information

S2 Security Corporation 9 January 2018

The page shows the following information:

Using the Debug Utilities

To use the debug utilities:

S2 Security Corporation 10 January 2018

When the node reconnects to the S2 NetBox Online instance, it upgrades to

S2 Security Corporation 11 January 2018

S2 Security Corporation 12 January 2018

Configuring Portal Resources

To view an S2 node’s access control blade diagram:

S2 Security Corporation 13 January 2018

S2 Security Corporation 14 January 2018

The Inputs configuration page appears:

The Expansion Slot and Position fields will be filled in automatically

S2 Security Corporation 15 January 2018

For more specific information on these wiring configurations and resistance

2. Enter a descriptive Name for the output.

S2 Security Corporation 16 January 2018

Creating Portal Definitions

To create a portal definition:

S2 Security Corporation 17 January 2018

Creating a Time Spec

To create a time spec:

2. Click add under the Name drop-down list.

S2 Security Corporation 18 January 2018

Creating a Reader Group

To set up a reader group:

S2 Security Corporation 19 January 2018

The Reader Groups configuration page appears:

2. Enter a descriptive Name for the reader group.

Creating an Access Level

To create an access level:

S2 Security Corporation 20 January 2018

The Access Levels configuration page appears:

Creating a Credential Format

S2 Security Corporation 21 January 2018

To create a new Wiegand card/keypad format:

2. Click add under the Name drop-down list.

S2 Security Corporation 22 January 2018

6. From the Data Format drop-down list, select Wiegand.