Professional Documents
Culture Documents
PERPETUAL INNOVATION
Lenel OnGuard® 2013 OEM Device Configuration Guide, product version 6.6
This guide is item number DOC-603, revision 3.005, July 2012
Copyright © 1997-2012 Lenel Systems International, Inc. Information in this document is subject to change without
notice. No part of this document may be reproduced or transmitted in any form or by any means, electronic or
mechanical, for any purpose, without the express written permission of Lenel Systems International, Inc.
Non-English versions of Lenel documents are offered as a service to our global audiences. We have attempted to
provide an accurate translation of the text, but the official text is the English text, and any differences in the
translation are not binding and have no legal effect.
The software described in this document is furnished under a license agreement and may only be used in accordance
with the terms of that agreement. Lenel and OnGuard are registered trademarks of Lenel Systems International, Inc.
Microsoft, Windows, Windows Server, and Windows Vista are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries. Integral and FlashPoint are trademarks of Integral
Technologies, Inc. Crystal Reports for Windows is a trademark of Crystal Computer Services, Inc. Oracle is a
registered trademark of Oracle Corporation. Other product names mentioned in this User Guide may be trademarks or
registered trademarks of their respective companies and are hereby acknowledged.
Portions of this product were created using LEADTOOLS © 1991-2012 LEAD Technologies, Inc. ALL RIGHTS
RESERVED.
OnGuard includes ImageStream® Graphic Filters. Copyright © 1991-2012 Inso Corporation. All rights reserved.
ImageStream Graphic Filters and ImageStream are registered trademarks of Inso Corporation.
Warranty
Lenel warrants that the product is free from defects in material and workmanship under normal use and service with
proper maintenance for one year from the date of factory shipment. Lenel assumes no responsibility for products
damaged by improper handling, misuse, neglect, improper installation, over-voltages, repair, alteration, or accident.
This warranty is limited to the repair or replacement of the defective unit. In no event shall Lenel Systems
International be liable for loss of use or consequential damages of any kind, however occasioned.
There are no expressed warranties other than those set forth herein. Warranty expressly excludes third party additions,
deletions and/or upgrades to this product, including those contained herein. Lenel does not make, nor intends, nor
does it authorize any agent or representative to make any other warranties or implied warranties, and expressly
excludes and disclaims all implied warranties of merchantability or fitness for a particular purpose.
Returned units are repaired or replaced from a stock of reconditioned units. All returns must be accompanied by a
return authorization number (RMA) obtained from the Lenel customer service department prior to returning or
exchanging any product. The RMA number must appear on the outside of the shipping box and on the packing slip.
Any items returned without an RMA number will not be accepted and will be returned at the customer’s expense. All
returns must have transportation, insurance, and custom brokers’ fees prepaid.
Liability
It is expressly understood and agreed that the interface should only be used to control exits from areas where an
alternative method for exit is available. This product is not intended for, nor is rated for operation in life-critical
control applications. Lenel Systems International is not liable under any circumstances for loss or damage caused by
or partially caused by the misapplication or malfunction of the product. Lenel’s liability does not extend beyond the
purchase price of the product.
OEM Device Configuration Guide
Table of Contents
7. Receivers ............................................................................................. 41
7.1 Bosch D6500/D6600 Receiver ........................................................................... 41
7.2 Osborne-Hoffman OH-2000 ............................................................................... 44
7.3 AES-IntelliNet 7000 ............................................................................................ 44
7.4 Verex HSC-IP Receiver ...................................................................................... 45
revision 3 — 3
Table of Contents
4 — revision 3
OEM Device Configuration Guide
revision 3 — 5
Table of Contents
6 — revision 3
OEM DEVICES
OEM Device Configuration Guide
1 Destination Dispatch
OnGuard has the capability to integrate with the Otis Elevator Destination Dispatching System (DDS). The
DDS controls elevator cab routing and traffic flow within a building. Cardholders may use credentials that
are authorized for specific floors in their facility. Whenever a credential is presented for access, that
information is sent from OnGuard to the DDS.
OnGuard communicates with the Otis components via an Ethernet switch. The DDS consists of third-party
hardware. OnGuard only transmits information to the DDS, and is not responsible for the operation, setup,
or configuration of these third-party hardware devices. Nor does OnGuard receive feedback or events from
the DDS.
revision 1 — 9
Destination Dispatch
Communication between the Otis (left) components and OnGuard (right) components
The Otis components must be configured in OnGuard in order for the Destination Dispatching to work
properly. For detailed information, refer to “Elevator Dispatching Configuration” the System Administration
User Guide.
For the Communication Server workstation that is integrated with the Otis system, the following default
information must be assigned to the Network Interface Card (NIC):
• IP Address 192.168.50.250
10 — revision 1
OEM Device Configuration Guide
2 Fire Panels
Currently, these types of panels are supported: Pyrotronics (MXL series), Notifier, and Tateco.
Before continuing, verify that you have a license for OnGuard with fire panels enabled. The ability to use
fire panels is a count-based licensed feature.
Communication to the fire panel must be established through an RS-485 4-wire connection to a NIM-1R
module. Firmware version 10.24 is supported. The NIM-1W may also be used (with the same wiring and
firmware version).
Jumpers:
XW1B - Jumper-block must NOT be installed here (this would change mode to DTE Emulation).
Switches:
revision 1 — 11
Fire Panels
12 — revision 1
OEM Device Configuration Guide
S1
W17
Black Box IC108A
B C D E
W16
A
A B C D E
W8
A B C
A B C
W19
A B C
W15
A B C D E
W9
A B C
W5
BIAS TERM.
S3 S2
XW1B XW1A
Rx B+
Rx A -
Tx B +
Tx A -
Transformer
7 3 2
TB1
1 2 3 4
(max.
DO
NOT
50 feet)
NIM-1R
USE
RTS Rx Tx
SUPERVISED
MOM-4
5 2 3 7 3 2
1 2 3 4 5 6
E.O.L.R.
9 or 25 Pin Connector
120 OHM
NIM-1R
DO Workstation (PC)
NOT
USE
TB3
revision 1 — 13
Fire Panels
In order to investigate issues/events of fire panels from Alarm Monitoring, the following setting is required
in the ACS.INI file:
[Pyrotronics]
PyroDebug=1
The fire panel must be programmed in order to recognize downstream devices. This is the only way to
configure the panel to report events.
Downstream devices that are directly connected to the fire panel (such as loops and annunciators for the
AM2020 panel; loops, annunciators, bell circuits, and panel modules for the NFS-640) must be configured
in System Administration (Additional Hardware > Fire Panels > Fire Devices) with unique name and
addressing.
Loop modules and loop detectors (connected to the loops) must also be configured in System Administration
(Additional Hardware > Fire Panels > Fire Inputs/Outputs) with unique name and addressing.
The Notifier panel requires a serial interface board in order to function. The SIB-232 or SIB-2048A may be
used.
The serial interface board is used to connect to the printer serial port (pins 1, 2, and 4 on P3) on the fire
panel.
• Pin 1 is EIA-232 Reference.
• Pin 2 is Transmit to PRN.
• Pin 4 is Receive from PRN.
A DB-25 or DB-9 cable may also be used. Connect the pins as follows:
14 — revision 1
OEM Device Configuration Guide
The fire panel must be programmed in order to recognize downstream devices such as intelligent/
addressable detectors and modules, Panel Circuits, and Notification Appliance Circuits (NACs). Use the
keypad connected to the panel for programming. For more information, refer to the Notifier documentation.
The NFS-640 is a fire panel integrating a CPU, power supply (6 A), and battery charger, combined with a
mounting chassis and cabinet. It connects to the host via a standard serial cable.
The NFS-640 panel has been approved for use with firmware version 002.000.002B/002.001.009A.
revision 1 — 15
Fire Panels
Use a serial cable to connect the fire panel to the host. Wire the cable directly to the panel using terminal
TB14.
16 — revision 1
OEM Device Configuration Guide
RX 2 (Transmit) 3
REF 7 (Ground) 5
The fire panel must be programmed in order to recognize downstream devices such as intelligent/
addressable detectors and modules, Panel Circuits, and Notification Appliance Circuits (NACs). Use the
keypad connected to the panel for programming. For more information, refer to the Notifier documentation.
In order to investigate issues/events of fire panels from Alarm Monitoring, the following setting is required
in the ACS.INI file:
revision 1 — 17
Fire Panels
[Notifier]
NotifierDebug=1
OnGuard integrates with the Tateco fire panel using ESPA protocol. This protocol allows for the reporting of
alarms with the use of a data converter.
For a serial connection, use a null modem cable to connect the data converter to a workstation.
For a LAN connection, use a null modem cable to connect to a Lantronix device. Plug the null modem cable
into the 9-pin male connector labeled K5. Configure the Lantronix device as follows:
• access=remote
• parity=even
• stop bits=2
• byte size=7
• flow control=none
• baud rate=4800
2.3.2 Power
The data converter requires 24 VDC. On terminal block P1, connections 1 and 2 are for power: +24 VDC
connects to the terminal block P1, terminal 1 and 0 V connects to the terminal block P1, terminal 2.
18 — revision 1
OEM Device Configuration Guide
Jumper BY4 can be used to put the data converter into test mode. In test mode, messages will be sent out
roughly once per second.
To configure a device using the ESPA protocol, configure a fire panel and select the type as ESPA. If you are
also parsing the ESPA messages, you can optionally configure downstream devices for this panel.
If the ESPA device is capable of generating a heartbeat, it can be monitored. In the Options sub-tab,
configure this setting. If there is no support for a heartbeat signal on the device, set the heartbeat interval to
0 so that the heartbeat is not monitored.
Parsing Information
Fire devices and fire inputs/outputs can also be defined. This would be useful if you are planning on parsing
out the data in the ESPA messages. Doing so will cause a message, such as “BR062-08,” to be parsed into
event description BR, device 62, and input 8.
To parse out the Tateco messages, the following format settings can be specified in the ACS.INI file.
[ESPA]
EnableParsing=1
ParseSeparatorLocations=5
ParseSeparator=-
ParseEventTextStart=0
ParseEventTextEnd=1
ParseDeviceStart=2
ParseDeviceEnd=4
ParseInputStart=6
ParseInputEnd=7
Different parsing schemes can also be handled based on the panel ID. This is for cases in which you are
integrating to multiple ESPA devices and wish to parse in a different manner. In order to do this, the same
settings would be used but with the device ID specified in the settings. The settings listed above would be
the default settings, and then the settings that included the panel ID would be used to override the default
settings.
For example, if the panel ID is 6 and you want to parse out the device information, in the ACS.INI file, use
ParseDeviceStart_6
and
ParseDeviceEnd_6
revision 1 — 19
Fire Panels
20 — revision 1
OEM Device Configuration Guide
The HID EdgeReader is a device that houses both a controller and reader. The EdgePlus has the option of
connecting to an iCLASS reader/writer, LCD keypad, or biometric reader devices. Since it doesn’t require a
physical connection to a separate controller, the device can connect to the host on an IP network. With built-
in 802.3af Power over Ethernet (PoE), it does not require a separate power supply.
Use a CAT 5 cable to connect the reader to the network. For instructions for wiring the reader, inputs, and
outputs, refer to the manufacturer documentation.
After the reader is connected, use the Discovery Client to configure it. You may download the Discovery
Client from the HID website, www.hidcorp.com.
1. Install the Discovery Client and start the program, Discovery GUI. Any EdgeReader or EdgePlus
devices on the sub-network will be detected.
2. The MAC address of the controller is displayed in the window. The unit also has a label with the MAC
address on it. Go to the basic configuration web page by clicking Configure Unit.
3. Enter the Host IP Address or Host Name. This should be the host IP address or host name of the
OnGuard Communication Server.
4. Type in the Here I Am Interval (in seconds). The recommended time is 30 seconds.
5. Click [Submit]. A page will be displayed with a confirmation of the settings.
6. Verify that the settings are correct and then click [Save]. You may click [Cancel] to go back and adjust
the settings.
Basic setup of the EdgeReader/EdgePlus is complete. The device must be configured as an access panel in
OnGuard as well. For OnGuard configuration, refer to the System Administration User Guide.
revision 1 — 21
HID EdgeReader and EdgePlus
22 — revision 1
OEM Device Configuration Guide
4 Iris Recognition
The iris of every human eye exhibits a distinctive pattern. A captured image of the iris can be used to verify
identity.
With a device activated by proximity sensor, or by a card, a subject positioned 12 to 14 inches from the
Enrollment iCAM is guided by a mirrored, audio-assisted interface to allow a camera to take a digital video
of the iris (the colored ring around the pupil).
Individual images from the live video are taken, then the highest quality images from the multiple images
that have been captured are used. The algorithm of the iris recognition process analyzes the patterns in the
iris visible between the pupil and sclera and converts them into a digital template. This value can be stored
on the SmartCard and communicated to access control panels associated with portals where the subject has
access privileges.
The iCAM is activated by placing the SmartCard with stored iris template against the iCAM. The same
mirror-assisted, audio-prompted interface helps ensure proper positioning and quick recognition. The
camera unit uses a methodology to create, select, and digitize an image to be compared against the value
obtained at enrollment.
1. Wire the ICU4000 controller. If you are using an external smart card reader, establish a serial
connection between the reader and the iCAM4000.
2. Install the iris camera.
3. Wire the WIB4000 (Wiegand Interface Board inside the ICU4000 Wiegand OUT 1) and the LNL-1320
Dual Reader Interface Module.
4. Install the IrisICUAdmin4000 software provided by the manufacturer. This software is used to
configure the IrisAccess devices.
Connect the Iris ICU (part number ICU4000R-W) to the Ethernet network. Connect the WIB4000 (housed
in the ICU). For more information, refer to the IrisAccess ICU4000 Hardware Guide. This can be found in
the documentation accompanying the unit or on the manufacturer’s Web site: http://www.irisid.com/ss/
documentation.htm.
If the iCAM does not include a reader inside the unit, an external reader must be installed along with the
iCAM. Connect the reader to the Wiegand In and Smart Card ports of the iCAM. For wiring details, refer to
the IrisAccess Smart Card Integration documentation (included with the unit or on the manufacturer Web
site).
The iCAM 4xxx Series for iCLASS and DESFire are iris cameras supported by the OnGuard system.
However, PIN pad functionality is not supported. Each iCAM unit requires an Ethernet network connection
and 12 VDC @ 2.5A power.
revision 3 — 23
Iris Recognition
For more information about camera installation and configuring the following settings, refer to the
iCAM4000 Hardware Guide and the IrisAccess Web Configuration Interface Guide for iCAM Series.
Once the camera is connected, log into the camera and set the IP address, subnet mask, and default gateway
for the iCAM. Be sure to use IrisAccess EAC Software version 3.01. Each iCAM must be changed
individually. Do not connect more than one unconfigured iCAM to the network at any one time to avoid IP
address conflicts.
After a few seconds the web browser will resolve to the new IP address and open the login screen (only if the
iCAM IP address is on the same subnet as the computer).
Wiegand Settings
24 — revision 3
OEM Device Configuration Guide
2. Under Wiegand In, for the Interface Type, select General Wiegand.
3. Under Wiegand Out, for the Interface Type, select Disable (if applicable, based on iCAM software
version).
The following should be configured in System Administration on the Card Formats form.
Once the card format is configured, assign the smart card format application to the badge type. This can be
done in System Administration or ID CredentialCenter in the Badge Types Folder, on the Encoding Form.
For more information, refer to the System Administration or ID CredentialCenter User Guides.
1. The WIB4000 is used to control access to a facility door. Connect this to an LNL-1320 Dual Reader
Interface Module.
revision 3 — 25
Iris Recognition
TB8
GND DAT CLK BZA LED VO GND DAT CLK BZA LED VO
READER 1
D0 D1
READER 2
D0 D1
TB9
Dual Reader
Interface Module
TB10
C NC
RLY 1
GND
NO
Wiegand OUT 1
NC
RLY 2
NO C
TB11
C NC
RLY 3
NO
NC
RLY 4
NO C
C NC
RLY 5
NO
NC
RLY 6
NO C
TB12
Important: Verify that the wiring is done according to this drawing. Incorrect wiring might
cause hardware damage.
2. On the dual reader interface module, set J2 to Unregulated and set J3 to 2W.
3. Connect the WIB4000 to the ICU4000 according to the IrisAccess ICU4000 Hardware Guide.
26 — revision 3
OEM Device Configuration Guide
4.1.6 IrisICUAdmin4000
To use this software, establish a serial connection between the host workstation and the ICU4000. Using a
serial configuration cable, plug the connector (DB 9F) into serial port 1 (CH1) of the ICU. Set the DIP
switch next to CH1 to RS-232 mode.
1. Start the IrisICUAdmin4000 application. (IrisAccess EAC software should already be installed on the
computer with IrisICUAdmin4000 installed.)
2. Connect the ICU4000 to the network. Using the supplied ICU configuration cable, connect to channel
one in the ICU making sure the red pins to the right are in the RS-232 position. (By default, these pins
should already be in the correct position.) Connect the other end of the cable to the serial port of the
server, making sure to use the COM1 port.
a. Make sure the ICU is powered off.
b. Start the IrisICUAdmin4000 application on the server.
c. Select New Installation.
d. Follow the prompts and fill in data as needed, entering the correct IP address for the ICU. Enter the
correct server IP address. Additionally, enable all four channels by selecting them and providing
each with a unique security ID.
Note: Do not use 1111111111111111 as a security ID in the ICU as that security ID is often used for
the Iris Enroll application. Do not lose this information. Make note of the CH1-CH4 security
ID data. They will be needed later in the setup, for future setting changes, and for
troubleshooting or upgrading as needed.
e. When prompted, power the ICU On and press Start. After approximately 65-90 seconds the ICU
begins to update and then the process finishes. Continue following the prompts, and when asked to
configure the channels, make sure only the desired channels are selected.
3. Click [Configuration]. When prompted, enter the IP address and password (the default password for the
ICU4000 is iris4000).
4. Select the following check boxes (where “x” is the channel you are using):
• Channel x
• Use Access Panel x
5. Select the option for iCAM + SmartCard.
6. Click [Configure Channel x].
7. On the iCAM tab:
a. Enter the IP address of the iCAM.
b. For Eye Selection, choose the option Get from Card.
c. Select the check box Detect iCAM tamper on connect to iCAM if needed.
d. For External Hardware Interface, select DCU/WIB.
e. Enter the number of seconds for the Verification Timeout. When configuring iCAM devices with a
smart card reader, the timeout value should be higher than the default of 5 seconds.
8. On the SmartCard tab:
a. If using iCLASS (for iCAM units with SmartCard readers only):
i. For the Block Offset (hexidecimal), enter 13 (this is the default setting).
revision 3 — 27
Iris Recognition
ii. When encoding with the iCAM, set the Data format in Smart Card to GSC-IS Format. If you
are using a stand-alone encoder, select Lenel Format.
iii. For the Encryption Algorithm, select the same type (AES, DES, DES3, or None) as the
IrisAccess card format configured in the access control software.
iv. Click [Get Keys]. Select the key file. (This should have been generated using the access
control software and stored to a file.)
b. If you are using DESFire (for iCAM units with MIFARE/DESFire card readers only):
i. Make sure Use as Prox Card is not selected. The Book and Block Offset settings do not apply.
ii. When encoding with the iCAM, set the Data format in Smart Card to GSC-IS Format. If you
are using a stand-alone encoder, select Lenel Format.
iii. For the Encryption Algorithm, select None.
9. On the Access Panel tab:
a. Select The Access Control System checks user’s rights.
b. Make sure Wait for Access Panel Response is not selected.
c. Select Use Wiegand as output.
d. Click [Wiegand Settings].
e. Select Bypass the input signal through Wiegand IN into the output signal with no change.
f. Select Output the signal with Facility Code and Card ID for only Accept.
g. Select Lenel FASC-N Format.
h. Set Active State to Low.
i. Set Pulse Duration to 40 and the Bit Period to 2148.
j. Click [OK].
10. For the Access Door tab, configure the settings as desired.
11. For the GPO tab, configure the settings as desired.
12. When this configuration is completed, click [OK].
13. Under After Settings, click [Send to ICU]. This will send the configuration settings to the ICU4000
using its IP address and password. Enter the password when prompted. The new settings are in effect
after restarting.
Note: For more information on IrisICUAdmin4000 settings, refer to the IrisAccess Software
Installation Manual. This is installed along with the EAC software.
28 — revision 3
OEM Device Configuration Guide
GND DAT CLK BZA LED VO GND DAT CLK BZA LED VO
READER 1
D0 D1
READER 2
D0 D1
TB9
Reader Interface
Module
(LNL-1320
shown)
DATA 1
DATA 0
GND
Wiegand OUT
iCAM4000V
Important: Verify that the wiring is done according to this drawing. Incorrect wiring might
cause hardware damage.
The iCAM4000V is an iris camera supported by the OnGuard system. However, PIN pad functionality is not
supported. Each iCAM4000V unit requires an Ethernet network connection for iCAM configuration, and
12 VDC +/-10% @ 2.5 A maximum power.
For more information about camera installation and configuring the following settings, refer to the
iCAM4010V-H1 Hardware Guide and the IrisAccess Web Configuration Interface Guide for iCAM Series.
Once the iCAM is connected, log into the camera and set the IP address, subnet mask, and default gateway
for the iCAM. Each iCAM must be changed individually. Do not connect more than one unconfigured
iCAM to the network at any one time to avoid IP address conflicts.
revision 3 — 29
Iris Recognition
4. Open the web browser and go to http://192.168.5.100. The iCAM login screen appears.
5. Log in by entering:
• Username: iCAM4000 (case sensitive)
• Password: iris4000
6. Click [Network Settings].
7. Enter a new IP address for the iCAM (default = 192.168.5.100).
8. Enter the new Subnet Mask for the iCAM (default = 255.255.255.0).
9. Enter the new Default Gateway for the iCAM (default = 192.168.5.254).
10. Click [OK] to save changes and open the network settings verify screen.
After a few seconds the web browser will resolve to the new IP address and open the login screen (only if the
iCAM IP address is on the same subnet as the computer).
SmartCard Configuration
Note: The Encryption Algorithm and Encryption Key File settings must match the Card Format
settings. For more information, refer to Card Formats on page 31.
iCAM Configuration
Note: Customers might notice improved verification speed if Which Eye is set to Either Eye.
5. Set Countermeasure, Tamper Detection, and Auto Tilt as required by the site.
30 — revision 3
OEM Device Configuration Guide
Relay Configuration
Wiegand Settings
The following should be configured in System Administration on the Card Formats form.
1. Click [Modify].
2. Set the Application to IrisAccess (iCLASS).
Note: When encoding with the iCAM, the application key and memory configuration in OnGuard are
not used. Instead, the application key should be configured using the IrisAccess Web page.
Once the card format is configured, assign the SmartCard format to the badge type. This can be done in
System Administration or ID CredentialCenter in the Badge Types Folder, on the Encoding Form. For more
information, refer to the System Administration or ID CredentialCenter User Guides.
revision 3 — 31
Iris Recognition
The iCAM7000 can be configured to emulate either the iCAM4000 or the iCAM4000V.
Note: For OnGuard compatibility, the iCAM7000 requires firmware version 7.05.01 or later.
READER 1
D0 D1
READER 2
D0 D1
TB9
Dual Reader
Interface Module
TB10
C NC
RLY 1
GND
NO
Wiegand OUT 1
NC
RLY 2
NO C
TB11
C NC
RLY 3
NO
NC
RLY 4
NO C
WIB4000
C NC
RLY 5
NO
NC
RLY 6
NO C
TB12
32 — revision 3
OEM Device Configuration Guide
GND DAT CLK BZA LED VO GND DAT CLK BZA LED VO
READER 1
D0 D1
READER 2
D0 D1
TB9
Reader Interface
Module
(LNL-1320
shown)
DATA 1
DATA 0
GND
Wiegand OUT
iCAM7000
Important: Verify that the wiring is done according to this drawing. Incorrect wiring might
cause hardware damage.
The iCAM7000 is an iris camera supported by the OnGuard system. However, PIN pad functionality is not
supported. Each iCAM7000 unit requires an Ethernet network connection for iCAM configuration, and 12
to 24 VDC +/-10% @ 2.0 A maximum power.
For more information about camera installation and configuring the following settings, refer to the
iCAM7000 Hardware Guide and the IrisAccess Web Configuration Interface Guide for iCAM Series.
Once the iCAM is connected, log into the camera and set the IP address, subnet mask, and default gateway
for the iCAM. Each iCAM must be changed individually. Do not connect more than one unconfigured
iCAM to the network at any one time to avoid IP address conflicts.
revision 3 — 33
Iris Recognition
After a few seconds the web browser will resolve to the new IP address and open the login screen (only if the
iCAM IP address is on the same subnet as the computer).
Perform the following procedure to make the iCAM7000 emulate either an iCAM4000 or an iCAM4000V:
4.4 Enrollment
Note: Enrollment must be done with an iCAM4000, or an iCAM7000 configured for Option 1. You
cannot do enrollment with an iCAM4000V.
To use the iCAM for capturing iris data and enrolling, it should be connected to the network, but should not
be connected to an ICU. Use a workstation to access the iCAM for enrollment.
1. Open IrisICUAdmin4000.
2. Uncheck the channel to which the iCAM is connected.
3. Click [Send to ICU].
In addition to the configuration that was done through the IrisAccess Web interface, the iCAM unit must be
configured in the access control software:
1. On the Encoders/Scanners form, on the General tab, enter a name for the iCAM.
2. Select the workstation name.
3. For the Device type, select IrisAccess iCAM (iCLASS).
34 — revision 3
OEM Device Configuration Guide
Iris capture and verification can then be performed from Multimedia Capture, accessed on the Cardholders
form. For detailed information, refer to the System Administration User Guide or ID CredentialCenter User
Guide.
Note: Encode the card twice: once to encode the eyes on the card, and again to encode the cardholder
badge information.
Limitations
The current system architecture does not permit the use of a camera for both enrollment and verification
purposes. When connecting to an iris camera, connect only one workstation at a time.
4.5 Verification
In System Administration, configure IrisAccess biometric and HID (iCLASS) AccessControl smart card
formats for encoding cardholder data. The reader’s card format should be Wiegand. Set the Encryption
method to AES/DES/DES3 in the card format application.
Biometric and access control data must be encoded on the badge. Connect and configure an HID (iCLASS)
RW4000 Prog encoder. Assign the configured smart card formats to a badge type (for instance, to
Employee) for the encoding procedure. Choose a cardholder with a valid badge and iris biometric templates
and encode the cardholder's data to blank 16K/2 or 16K/16 Application Areas.
Verify the data encoded by presenting the encoded badge to the HID iCLASS reader inside the iCAM, or an
external reader wired to the iCAM.
The current system architecture does not permit the use of a camera for both enrollment and identification/
verification purposes.
Note: When presenting the card for verification, keep the card positioned on the reader after it beeps
and announces “Please center your eyes in the mirror.” Do not remove the card until instructed
to “look into the camera”.
Refer to the manufacturer documentation included with the device to upgrade the software for the ICU
(iCAM4000), or use the iCAM Web page to upgrade an iCAM4000V or iCAM7000. The upgrade procedure
might vary depending on your current version of the software, so use the appropriate documentation.
Firmware upgrades, if applicable, are performed to the iCAM4000V or iCAM7000 using the Web user
interface.
revision 3 — 35
Iris Recognition
36 — revision 3
OEM Device Configuration Guide
5 Onity Programmer
The Integra extended portable programmer (XPP) is used to transfer data to electronic locks. For
information about operation of the programmer, refer to the manufacturer documentation.
Setup of the programmer should be performed according to the manufacturer’s instruction. The device must
be configured in OnGuard as well. For OnGuard configuration, refer to the System Administration User
Guide.
To transfer data between the computer and the XPP, use a 9-pin null modem RS-232 cable (40 feet
maximum). The 9-pin RS-232 port is located at the top of the device. Connect this to the serial port of the
computer.
revision 1 — 37
Onity Programmer
38 — revision 1
OEM Device Configuration Guide
6 Personal Safety
Visonic SpiderAlert can be utilized with the OnGuard system. It is an emergency communication and
signaling system for personal security and property protection.
Before continuing, verify that you have a license for OnGuard with the personal safety feature enabled. The
ability to use personal safety controllers is a count-based licensed feature.
The SLC-5 (SpiderAlert Local Controller) is the main controller designed for the SpiderAlert 5 signaling
network.
The SLC-5 can have up to 255 downstream bus devices (Receivers and Input/Output units). The SLC-5 can
also have one input as well as two outputs.
A standard RS-232 cable can be used to connect the host computer to the SLC-5 via the SLC-TO-SSK
Adapter. A six-wire cable with RJ-11 connectors at both ends is used to connect the SLC-TO-SSK Adapter
to the SLC-5.
A connection can also be made via LAN using a Lantronix device. When using a Lantronix device, the
following settings must be configured.
• Baudrate = 9600
• I/F Mode = 4C
• Flow Control = 02
Type in the encryption key as it is in the Encryption Controller form in System Administration.
Note: The ID numbers for bus devices can be found printed on the circuit boards, the back of the
plastic housing, or on the packaging.
The SLC-5 has two DIP switches, SW1 and SW2. The correct settings for the DIP switches depends on the
action the SLC-5 is performing. The various DIP switch settings are:
• Programming the SLC-5 (SW1 and SW2 OFF)
• Single-Site Direct Connection to Computer (SW1 and SW2 ON)
• Multi-Site Connection via Short-Range Fast Modems (SW1 OFF, SW2 ON)
• Multi-Site Connection via Telephone-Line Modems (SW1 ON, SW2 OFF)
OnGuard currently supports the “Single-Site Direct Connection To Computer” operating mode. For this
mode, SW1 & SW2 DIP switches need to be set to the ON position on the SLC-5. When configuring a
Spiderbus Controller (SLC-5), the SW1 and SW2 DIP switches must be set to OFF. After programming of
the Spiderbus Controller (SLC-5) is complete, SW1 and SW2 must be set back to ON.
revision 1 — 39
Personal Safety
The configuration for this device is done in System Administration, on the Personal Safety Devices (PSD)
folder. For more information, refer to the System Administration User Guide.
40 — revision 1
OEM Device Configuration Guide
7 Receivers
Receivers expand the number of localized security and safety systems that can be monitored from an Alarm
Monitoring workstation. Follow the instructions for setting up receivers below. For additional information,
refer to the manufacturer documentation.
Supported Receivers:
• Bosch 6500
• Bosch 6600
• Osborne-Hoffman OH-2000
• AES-IntelliNet 7000
Alarm communications over a network are supported. Alarm panels can send full data messages via the
LAN to a receiver.
These receivers are configurable for the following output formats: SIA, 6500, Modem II/IIE/III a2, and
BFSK. Each of these modes handles the default and SIA event code templates stored in the database
differently. Therefore, an event that is generated in 6500 mode would be reported in Alarm Monitoring
differently than an event in SIA mode.
A NULL modem cable is required to connect a host computer to the D6500/D6600 receiver. The receiver is
programmed using the Bosch keypad. The receiver connects via COM 3 on the back of the unit. For more
information, refer to the manufacturer manual.
In order to work with OnGuard, the Bosch D6500 requires a minimum firmware, based on the Main
Processing Unit (MPU).
D6510 8.03
D6511 1.06
revision 3 — 41
Receivers
In order to determine the MPU number and firmware version, perform the following procedure:
D6500 receivers with a firmware that is lower than what is specified are not supported. If you attempt to
connect a receiver not meeting these specified requirements, the receiver will fail to come online in Alarm
Monitoring.
For the D6600 receiver to work with OnGuard, there is no minimum firmware requirement.
The following must be configured on the receiver in order for it to work properly.
Note: For more information, refer to the Program Entry Guide which is included with the receiver.
Output Mode
In order to configure the different output modes for the receiver, enter into the Automation Configuration
menu on the receiver. In order to do this you need to do the following:
42 — revision 3
OEM Device Configuration Guide
COM4 Network Adapter. If this value is not set to 2 then the receiver will not come online and
events will never be received by the Communication Server.
8. Log out of the system. To do this, press the [CAN] button until the standard screen with date and time is
displayed.
When in the Automation Configuration section of the receiver settings in this screen, you can modify the
Heartbeat Interval, Start Character (HEX) and End Character (HEX) as well as communication settings
(such as baud rate, byte size, parity, and stop bits). These items are listed in the receiver menu under
Automation Configuration as follows:
The Bosch receiver can be connected to a host computer and can communicate through OnGuard in one of
two ways:
• Direct connection of the host machine and the receiver using a null modem cable
• Connection of the receiver through a Lantronix box using a null modem cable
If a LAN connection will be used, configuration of the communication settings in the Lantronix box will
differ from configuration for use with Lenel hardware.
You can also gather debug information when connected to the Bosch panel in 6500 or SIA modes. These
debug files can be turned on by creating a new section in the acs.ini file. These settings are as follows:
[6500]
6500Debug=1
The file generated will be “6500Debug.txt” and will be located in the logs directory.
[SIA]
SIADebug=1
The file generated will be “SIADebug.txt” and will be located in the logs directory.
revision 3 — 43
Receivers
When connecting to the OH-2000, use a straight through 9-pin serial cable. Connect one end of this cable to
the computer automation port of the OH-2000. This port is located at the top left in the back of the receiver.
You may connect the other end of the cable either directly to an OnGuard server or to a Lantronix box,
configuring a connection to the panel over the network.
Many different types of downstream devices can be used to report into this receiver. The output format for
the OH-2000 receiver can be Bosch SIA 1, SIA 2, SIA 2000, Bosch Modem II, IIE, III a2, or Bosch BFSK.
OnGuard integrates to the AES-IntelliNet receiver when programmed to output using the Bosch 6500 output
format.
The AES-IntelliNet receiver can be connected to a host computer and can communicate through the
software. A direct connection can be made by making a serial connection between the host automation port
of the receiver and an available COM port on the host computer. For direct connections, the flow control
cannot be configured. This is hard-coded in the software.
For builds later than 5.10.309, the following changes are NOT needed. For build 5.10.309 and earlier, if you
are using a direct connection, a change must be made to the ACS.INI file. Make the following modification
to this file:
[Radionics6500]
DtrControl=1
Note: With this setting in the ACS.INI file, a Bosch D6600 receiver cannot be used with the 6500
output mode.
The AES-IntelliNet receiver must be configured for Bosch 6500 output mode. Also note that since the AES
receiver does not have a start character, zero (0) should be used. The end character must be 0x0014. For
more detailed instructions, refer to the AES-IntelliNet manual.
A LAN connection can also be made by using a 9-pin to 25-pin connector and connecting this to the
Lantronix unit. For more information, refer to IP Support.
It is possible to integrate with the AES IntelliNet receiver model 7750-UL and subscriber transceiver unit
model 7450 RF or model 7750-F.
A LAN connection can be also encrypted by using a Lantronix device SDS1100 or SDS1101; the encryption
connection settings should be configured as follows:
• Baud rate = 1200
• I/F Mode = D8
• Flow = 02
44 — revision 3
OEM Device Configuration Guide
For more wiring information, refer to the AES IntelliNet 7000 Series Receiver Installation and Operation
Manual.
2 Transmit data O 2 3
3 Receive data I 3 2
5 Signal ground - 5 7
OnGuard integrates to the Verex HSC-IP receiver when the receiver is configured as follows using HSC-IP
Setup.
Note: OnGuard 6.5 and later contains an IP account number field for areas other than the Default
Area. This field is located on the Access Control > Areas > Intrusion Detection tab. If an IP
account number is configured here, then this account number/serial number combination must
be configured in HSC-IP Setup.
revision 3 — 45
Receivers
46 — revision 3
OEM Device Configuration Guide
8 Cypress Timer
CYPRESS
Computer Systems, Inc.
• Adds time of day displays to Access Control and Time & Attendance Systems
• Low profile facilities mounting at reader location
• Can be used indoor or outdoor
• Standard or Military Time Formats
• FCC Part 15
revision 1 — 47
Cypress Timer
RS-485
power
ISC
RS-485
12 VDC 12 VDC 12 VDC
RS-485
Power Supply
ISC
48 — revision 1
OEM Device Configuration Guide
Front of unit
5.3
3.5
1.3 1.0
3.25
3.4
GND
BLACK
+ +
GREEN
TR1+
YELLOW
TR1-
R1 +
R1 -
GND
DIP switches are used to control the protocol. OnGuard uses Mercury Protocol 2. This means that DIP
switches 1 and 2 should be in the ON position. DIP switches 3, 4, 5, 6, and 7 should be off.
revision 1 — 49
Cypress Timer
DIP switch 8 is used for the time mode. Turn DIP switch 8 ON for 24-hour mode; off for 12-hour mode.
1 2 3 4 5 6 7 8
The clocks are used to display the time from the ISC. When the ISC sends a time stamp to the clock, the
clock’s internal time base is updated; however, the clock’s time stamp is not used. The time stamp that
comes directly from the ISC is still used. In other words, the clock's internal time base is updated but is not
used unless nothing is received from the ISC or there is a loss of clock information. In order to use DST
(Daylight Savings Time), this option must be turned on in the software application for that panel.
ISC
RS-485
If there is a communication loss between the ISC and the clock, the clock uses its internal time base to
update the clocks. A loss of communication is defined as 1 minute and 10 seconds without receiving a valid
time stamp from the ISC. In normal operation, the colons “:” blink at 1 second intervals. This indicates that
the clock is communicating with its Clock Driver. If the colons are steady, this indicates a communication
failure.
50 — revision 1
OEM Device Configuration Guide
Base plate
5.164
4.264 .45
1.45
0.50
0.16 0.16
2.90
3.114
0.80
0.50
revision 1 — 51
Cypress Timer
Cover
5.3
.55
3.5
3.25
1.4
52 — revision 1
OEM Device Configuration Guide
harness
CCK-1201
Top View
wall
revision 1 — 53
Cypress Timer
54 — revision 1
OEM Device Configuration Guide
The Multiple Register Text Inserter is designed to communicate with up to 10 register interfaces. It
superimposes transaction information onto corresponding video of the cashier on a one register per channel
basis. The text inserter is installed between the cameras and the video processor, may be used with analog or
digital recorders, multiplexers, quads, etc. The composite image with the text overlay can be viewed live or
reviewed later from a video recorder. Questionable transactions such as VOID and NO SALE can be
reviewed easily by using the flashing text alarm features. In addition, both the single and multiple interface
text inserters are compatible with the CYA Management Software Package.
9.1 Firmware
Two types of firmware have been tested so far: version 5I and version 13.
Version 13 firmware allows you to connect the TVC-2104 to a TVC-1030A unit. A standard serial cable can
be used for receiving transactions; however, a different cable must be used initially. In order to start
receiving the transactions, you need to send the unit a request for the version information using a different
cable. Once this is done, the standard cable can be used.
The TVC-2104 communicates with a workstation via serial or LAN connection. Use the connectors on the
back of the unit.
• COMPUTER Used to connect the unit to a host computer. It is required in order to connect to the
Communication Server.
• ALARMS Can be used to provide an alarm output per channel. The outputs are open-collector outputs
that simulate a normally open dry contact relay. These connectors are not required for OnGuard integration.
• VIDEO OUT There are four NTSC video outputs (one per channel). This video from these connectors
is a result of input video with text inserted over it.
revision 1 — 55
TVS TVC-2100 Series Video Text Inserter
• VIDEO IN There are four NTSC video input connections (one per channel). For a video out signal, a
camera must be connected!
• TERMINAL STRIP This is the terminal strip that is located above the ALARMS connector. Connect
the 2100 Series Text Inserter with the register interfaces here.
Use a standard serial cable to connect the TVC-2104 and the host. (If you are using version 5I firmware you
will need to use a special cable.) The back of the TVC-2104 has a 25-pin female connector labeled
COMPUTER, so you will need a cable that has a 25-pin male end and most likely will require that the other
end has a 9-pin female connector to plug into the serial port of the computer.
Cable pinouts
DB-9 female DB-25 male
2 3 (Receive)
3 2 (Transmit)
5 7 (Ground)
If version 5I firmware is being used, a special cable is required. This cable has two connections on one end,
one of which will be labeled “DVR/1036A.” Use this cable to connect to the host PC running the
Communication Server.
Cable pinouts
DB-9 female DB-25 male
2 19 (Receive)
3 20 (Transmit)
5 7 (Ground)
The TVC-2100 Series units can communicate with the Communication Server via LAN with the use of a
Lantronix device.
A serial cable is required, but you will need a different connector to plug into the Lantronix box.
You will also need to configure the Lantronix box with the appropriate settings:
• Baud rate: 9600
• Flow control: CTS/RTS
• Byte size: 8
• Stop bits: 1
• Parity: none
56 — revision 1
OEM Device Configuration Guide
Before powering up the TVC-2104, make sure all the register interfaces are powered up. Otherwise, the
TVC-2104 may not recognize all the register interfaces.
The message, “Interfaces Attached,” will appear on the monitor after the TVC-2104 has completed
initialization (this will take approximately 10 seconds). Make sure the number of interfaces is correct. If
there are too few, a register interface may not be responding.
The message, “No Interfaces Attached,” indicates that when the TVC-2104 powered up, it did not receive a
response from any of the register interfaces.
• PROGRAM Plug in a touch-tone telephone for programming the device here. The normal
programming that is specified in the TVC-2100 Series Video Text Inserter Operation and Installation
Manual is not available when the unit has version 5I firmware installed.
• LINE LED Flashes when the unit is communicating with the register interface.
revision 1 — 57
TVS TVC-2100 Series Video Text Inserter
58 — revision 1
OEM Device Configuration Guide
10 Corex CardScan
These instructions are for installing and configuring either the Corex CardScan 300 or the Corex CardScan
600c.
1. Install the CardScan software on your PC. This must be done before connecting your scanner. To install
the scanner, refer to the Corex documentation.
2. Connect the AC adapter to the scanner. Plug the AC adapter into a power outlet.
3. Using the included USB cable, connect the scanner to the USB port on your PC.
4. Start the CardScan software and make sure that the business card scanner is functional. Note that after
the CardScan software has been run initially, it does not need to be running in order for the business
card scanner to work with the OnGuard software.
5. Calibrate the business card scanner. Refer to the Corex documentation on how to calibrate the scanner.
6. In FormsDesigner, assign the vCard value to user-defined fields (UDF).
7. Use the business card scanner in the Cardholders folder in System Administration, ID CredentialCenter,
Digital Video, or Visitor Management.
revision 1 — 59
Corex CardScan
1. Start and log into FormsDesigner. When prompted, open the Cardholder or Visitor form, depending on
which you wish to map fields for. For more information, please refer to the Introduction chapter in the
FormsDesigner™ User Guide.
2. The scanner will only recognize fields that are currently assigned the vCard value. The vCard value is
assigned by simply double-clicking on a field and selecting the field’s name in the vCard drop-down
list.
3. The following vCard fields are currently mapped to the Corex CardScan scanner fields:
If a vCard property is not assigned to any field on a FormsDesigner form by default (i.e., Name Prefix,
Name Suffix, Work Country, Fax, and Organization Name), a field can be added and assigned that
particular vCard property.
You can import data using the Corex CardScan whenever you are asked to manually enter cardholder or
visitor information. This includes adding, modifying, or searching for cardholder or visitor records. You can
also import in the Visits folder when you are searching for a visitor or cardholder. This example describes
how to import data when adding a cardholder.
60 — revision 1
OEM Device Configuration Guide
b. Click [OK].
3. In the Person type field, select whether the record will be cardholder or a visitor record.
• If “Cardholder” is selected, the Cardholder form is displayed.
• If “Visitor” is selected, the Visitor form is displayed.
4. Place a business card, face down, in the business card scanner.
5. Click [Import].
6. The Select Import Source window opens. Select “Corex CardScan scanner,” then click [OK].
7. The scanner will scan the business card, and the fields on the Cardholder or Visitor form will be
populated with whatever information can be determined.
8. Make sure that the information is correct, then click [OK]. The record will then be added.
revision 1 — 61
Corex CardScan
62 — revision 1
OEM Device Configuration Guide
11 RFIDeas Readers
Before performing the configuration steps described in the following sections, connect the device to the PC
and wait for Windows to indicate that the installation was successful. No additional software or drivers are
required.
These readers authenticate with the secret HID key, and then read Book 0, Page 0, and app1. They then read
the data encoded into the HID iCLASS Access Control Application.
When reset to factory defaults, these readers do not send the badge ID when a badge is swiped. To configure
the reader for the typical 26-bit badge card format:
revision 3 — 63
RFIDeas Readers
1. Open Notepad.
2. Swipe an iCLASS badge from the lot of encoded cards.
The badge ID that was encoded on the card should now appear in Notepad. If so, the reader is ready for
operation with OnGuard System Administration and ID Credential Center.
3. Open the Cardholder form and swipe a badge at the reader. OnGuard should automatically open a
Wedge Reader dialog filled with the badge ID, and then a search is started. If 0 of 0 cardholders is
presented then no cardholder has that badge. If there is a match then that cardholder is shown.
When working with a non-26 bit card, you might need to use pcProxConfig to configure the Leading Parity
or Trailing Parity to mask out the bits that are not part of the Badge ID, and also modify the Bit count of ID
portion only.
This reader reads the Wiegand Data load of a HID Prox/Prox2 badge.
When set to factory default, this reader will output the badge ID of the typical 26-bit card format with the
following parameters:
• Even parity bit = bit 0 (there is one parity bit at the beginning)
• Facility Code start bit = 1
• Facility Code number of bits = 8
• Badge ID start bit = 9
• Badge ID number of bits = 16
• Issue Code start bit = 0
• Issue Code number of bits = 0
64 — revision 3
OEM Device Configuration Guide
If you need to configure the reader for another Wiegand bit format, use the pcProxConfig and AIR ID Enroll
software:
Note: pcProxConfig version 4.4.6 has a defect. On the Set Keystroke Data tab, the Bit count of ID
portion only field is not editable until the Send ID Code check box is unchecked and then re-
checked.
When working with a non-26 bit card, you might need to set the Leading Parity or Trailing Parity to mask
the bits that are not part of the badge ID.
revision 3 — 65
RFIDeas Readers
When reset to factory defaults, this reader does not send the badge ID when a badge is swiped. To configure
the reader for the typical 26-bit badge card format:
This reader reads from Tracks 1, 2, and 3. By default, OnGuard uses Track 2 for access control data. By
default, the reader outputs all data from tracks 1and 2 with a carriage return (<Enter>) between each track of
data.
• The default Mag card format in OnGuard is a 12-character Mag format.
• The format starts with five digits of facility code data, followed by six digits of badge data.
66 — revision 3
OEM Device Configuration Guide
If you want to capture Badge ID data from Track 2, configure the device as follows:
revision 3 — 67
RFIDeas Readers
68 — revision 3
OEM Device Configuration Guide
12 Cypress Wedge
The wedge reader can be used to aid the enrollment process. It automatically adds Wiegand data to badging
or enrolling workstations. It converts badge information into keystrokes.
Connect the terminal, keyboard, and reader to the wedge. For detailed information, refer to the Cypress
documentation.
When a badge is swiped, the five digit facility code and five digit badge number are converted to equivalent
keystrokes. When enrolling a cardholder (after clicking [Add]), the cursor should be placed in the correct
revision 1 — 69
Cypress Wedge
field for the data to be populated. If this is not done prior to swiping a badge, a Search dialog will open,
allowing for a search on the badge ID.
In order for the wedge reader to function properly, a change must be made in the ACS.INI file. Under the
section [WEDGESCAN], specify the value for StartByte.
The Cypress Wedge WDG-5912 uses a USB keyboard interface. Connect it to the PC using the USB port. If
you are programming, an additional connection to the COM port on the PC is also needed.
To USB Port on PC
Reader
Connections
LED (Brown )
Data 1 (W hite)
D ata 0 (Green )
+5 VDC (Red )
GND (Black)
N/C
Power
Readers requiring more than 100 mA for current or more than 5 VDC for power will require an external
power supply. When using an external power supply, there must be a common ground between the wedge
and reader.
70 — revision 1
OEM Device Configuration Guide
There are no drivers to install in order to use this device. The WDG-5912 is installed as a USB Human
Interface Device, which already has a driver available in Windows.
J4 J5
revision 1 — 71
Cypress Wedge
72 — revision 1
OEM Device Configuration Guide
13 DigiOn24 Encoder
The DigiOn24 (D24) encoder is available as a standlaone or inline contactless encoder commonly used in
direct card printers. It can support iCLASS, MIFARE, or DESFire technology.
13.1 Installation
If you are using the inline encoder, it is located inside the card printer. The printer must be installed first.
After installation, the printer will then be selectable when configuring an inline encoder.
If you are using the standalone encoder, it connects to the computer via USB and you will need to install the
USB to Serial driver. For more details, refer to the manufacturer documentation.
1. Obtain the driver either from the Supplemental disc or by downloading it from http://
www.ftdichip.com/Drivers/VCP.htm and extracting it on the computer where the encoder will be
installed.
2. Connect the encoder to the computer.
3. When prompted, specify the location of the driver on the computer (this may have to be performed
twice). Once it is installed successfully, it will show up as a serial device named “USB Serial Port”
under the Ports section of the Device Manager.
4. In the Device Manager, under Ports, right-click on the device and select Properties.
5. On the Port Settings tab, click [Advanced].
6. Select a COM port number that is available. Click [OK]. (This COM port number will be used in the
OnGuard configuration of the encoder.)
Note: Firmware version 4.92 or later is required for encoding the DESFire TWIC application.
revision 1 — 73
DigiOn24 Encoder
a. For standalone encoders, select the radio button indicating This is a standalone device.
b. For inline encoders, select the radio button indicating This is an inline device that resides within
a card printer. From the drop-down list, select the card printer in which the DigiOn24 encoder is
installed, and/or the encoder station.
5. On the Communucations sub-tab, select the COM port to which the unit is connected and use the
default settings. The default communication settings are as follows:
• Baud rate: 9600
• Data bits: 8 bit
• Parity: Even
• Stop bits: 2
6. Click [OK].
After this is done, configure a card format for the smart card application. This can be done in System
Administration or ID CredentialCenter in the Card Formats folder.
Once the card format is configured, assign the smart card format application to the badge type. This can be
done in the Badge Types folder, on the Encoding Form.
For more information, refer to the System Administration or ID CredentialCenter User Guides.
Encoding while the device is connected via a RocketPort PCI card sometimes produces a communication
error.
74 — revision 1
OEM Device Configuration Guide
14 ActivIdentity ActivEntry
Integration of the ActivEntry solution with OnGuard allows organizations to upgrade existing OnGuard
access control systems to compliance with the functionality defined in FIPS 201, National Institute of
Standards and Technology (NIST) Special Publications (SP) 800-116, and the TWIC Reader Hardware and
Card Application Specification. It supports verification of the PIV, PIV-I, TWIC, and CAC End Point (EP)
cards without requiring the replacement or significant modification of the existing system.
The ActivEntry module, installed between an access panel and a supported reader, validates the badge,
extracts the badge ID, and passes it along to the panel for an access decision which is controlled in OnGuard.
The ActivEntry Manager provides centralized control of assurance level settings and distribution of
validation data.
The ActivEntry module is installed between the door controller/reader interface module and the access
reader. The following modules are supported:
• LNL-1300
• LNL-1320
• LNL-2220
• LNL-1300-U
• LNL-1320-U
• NGP-1320
• NGP-2220
• NGP-3320
revision 1 — 75
ActivIdentity ActivEntry
The ActivEntry module should not be powered from the panel. Connect the ActivEntry module to an
external power supply. Once the ActivEntry module is wired, configure it using the documentation provided.
Currently, the Veridt MultiMode and Veridt GuardDog II readers are supported.
When wiring the readers to the ActivEntry module, Reader 1 corresponds to Wiegand 1 and Reader 2
corresponds to Wiegand 2. For detailed information, refer to the ActivEntry documentation.
Note: For detailed descriptions of the authentication modes, refer to the ActivEntry documentation.
76 — revision 1
OEM Device Configuration Guide
OnGuard should already be installed and configured. For detailed information on installing and configuring
the ActivEntry solution, refer to the ActivEntry documentation.
Before enrollment into OnGuard, the badge ID import settings must be configured to match the Badge ID
Rules defined in the ActivEntry Management Station.
The badge ID derivation rules configure in ActivEntry must match the OnGuard setting configured in
FormsDesigner.
FASC-N ID with Issue Code (This is only For the badge ID, set FASC-N to AC + SC + CN. For the issue
supported using a PC/SC reader.) code, set FASC-N to Individual Credential Issue # (ICI).
DoD CAC with Issue Code (This is only For the badge ID, set FASC-N to AC + SC + CN + CS. For the
supported using a PC/SC reader.) issue code, set FASC-N to Individual Credential Issue #
(ICI).
UUID (7-bytes) For the badge ID, set PIV-I to GUID (7-Byte).
For more information on badge ID derivation rules, refer to the ActivEntry documentation.
revision 1 — 77
ActivIdentity ActivEntry
If you want to configure both PIV and PIV-I cards at the same time, for the badge ID, set FASC-N to the
desired value and set PIV-I to GUID (7-Byte).
Before enrollment, the badge number length must be increased to at least 16 digits to accommodate the card
data.
The badge ID must be configured for manual entry. This configuration can be done in Cardholder Options.
The badge ID must be configured for manual entry. This configuration can also be done in Badge Types.
1. From the Administration menu in System Administration or ID CredentialCenter, select Badge Types.
2. On the Badge ID Allocation tab, select a badge type.
3. On the ID Allocation sub-tab, configure the badge type for manual entry.
a. If the system setting is already configured for manual entry, you may select Use system settings
for badge ID allocation (the system setting is displayed in parentheses).
b. Otherwise, select Use different settings for badge ID allocation of this badge type.
c. For Generate badge ID, choose Manual Entry.
4. Click [OK] to save the changes.
1. Add a cardholder in OnGuard. It may be helpful to enter “Invalid Card” for the name.
78 — revision 1
OEM Device Configuration Guide
2. Enter the number for the badge ID to be used to represent an invalid card. This badge ID should match
the preconfigured invalid badge ID in the ActivEntry software.
3. Make sure that the badge has no assigned access levels.
When an invalid badge is presented to the reader, this configuration will ensure that access is denied.
The card format must be configured in OnGuard to match the Wiegand format configured in the ActivEntry
Management Station (see Badge ID and Card Format Example).
The following examples are based on using FASC-N with Issue Code for the badge ID derivation rule (the FASC-N
Identifier is used as the badge ID, and the ICI is used as the Issue Code).
Badge ID Configuration
In FormsDesigner, configure the badge ID and issue code to match the badge ID derivation rule configured
in ActivEntry. For the badge ID, set FASC-N to AC + SC + CN. For the issue code, set FASC-N to Individual
Credential Issue # (ICI).
The following is an example of settings when configuring the Wiegand card format for a PIV or TWIC card
in the OnGuard software to match ActivEntry.
• Facility Code: 0
• Badge Offset Number: 0
• Total Number of Bits On Card: 52
• Facility Code Starting Bit: 0, Facility Code Number of Bits: 0
• Card Number Starting Bit: 0, Card Number Number of Bits: 48
• Issue Code Starting Bit: 48, Issue Code Number of Bits: 4
• Number of Event Parity Bits: 0
• Number of Odd Parity Bits: 0
revision 1 — 79
ActivIdentity ActivEntry
14.8 Enrollment
The badge must be enrolled in both the ActivEntry software and in OnGuard. The following sections
describe how to configure and enroll badges into OnGuard. For ActivEntry enrollment, refer to the
manufacturer documentation.
The following devices are supported for enrolling the badge in OnGuard:
• OmniKey 3121 PC/SC reader — supports PIV, PIV-I, TWIC, and CAC EP cards.
• RFIDeas AIR ID Enroll FIPS201 (RDR-7P71AKU) reader — supports PIV, TWIC, and CAC EP cards.
Connect the reader to an OnGuard client workstation and install the drivers according to the manufacturer
documentation.
Note: The reader can communicate with only one of the systems at a time. If you have finished
enrolling into one system, be sure to close the application before using the other to connect to
the reader. Failure to do so may cause communication errors.
The device must be attached to the workstation. If you are using the PC/SC reader, you must configure it as
an encoder in the OnGuard software (the RFIDeas reader emulates a keyboard and does not need to be
configured in OnGuard). To configure an encoder:
80 — revision 1
OEM Device Configuration Guide
6. Enter the correct PIN and click [Import]. The badge ID will be imported as specified in FormsDesigner.
If you have forgotten your PIN, you may still import the badge ID. Select the Forgot PIN check box.
The badge ID will be imported without the cardholder name and photo.
7. Once the import is complete, click [OK].
8. Select the badge type for the cardholder.
Note: The badge deactivate date and issue code are based on badge type configuration. Since data
was imported from a badge, you will be asked if you want to overwrite the imported
information with the default data configured for the badge type.
When the enrollment has been completed, verify that the cardholder information has been imported
correctly.
1. Using the workstation connected to the RFIDeas AIR ID Enroll reader, browse the contents of the
Supplemental DVD Revision 12. Open the Credential Center Device Drivers\RFIDeas\ directory.
2. Copy the pcProxConfig 5.0.4f.exe file to the hard drive, and then launch the file.
3. Connect to the reader using the USB connection type.
4. Using the pxProxConfig documentation (also included on the Supplemental DVD), configure the ID of
the reader’s outputs by modifying the fields on the CHUID tab.
Note: Confirm that all fields are listed together without any return or separator characters.
revision 1 — 81
ActivIdentity ActivEntry
82 — revision 1
OEM Device Configuration Guide
The Cross Match ID 500 is a fingerprint scanner. It has the capability to capture slap fingerprints, which are
are taken by simultaneously pressing the four fingers of one hand onto the scanner. They are also know as
multiple-finger simultaneous plain impressions. This device provides real-time feedback for such factors as
finger alignment, ridgelines, rotation, and pressure. It can capture all ten fingerprints in three basic slaps: the
four right hand fingers, four left hand fingers, and both thumbs.
A FireWire (IEEE 1394) card and cable, and a power supply are included with the Cross Match ID 500
scanner, as well as the driver.
1. Copy the file vhpd1394.inf from the OnGuard Supplemental disc to C:\WINDOWS\inf.
2. Copy the file vhpd1394.sys from the OnGuard Supplemental disc to C:\WINDOWS\System32\drivers.
3. Create a temporary directory. Copy the files CMReset.inf, CMReset.sys, CMResetInstall.exe, and
CMResetTest.exe from the OnGuard Supplemental disc into that temporary directory.
4. Run the CMResetInstall.exe file from within the temporary directory.
5. Determine if your system has the .NET runtime environment version 1.1.
• To do this, go to Start > Control Panel > Add or Remove Programs for “Microsoft .NET
Framework 1.1.” If the .NET Framework is not installed, install the .NET Framework version 1.1,
which can be found on the Microsoft web site.
6. Run the Cross Match SDK 3.7.0 installation program located on the OnGuard Supplemental disc,
“LiveScan 3.7.0 setup.msi.”
a. Install to C:\Program Files\Cross Match Technologies.
b. Install the SDK for everybody who uses the computer.
7. Install the FireWire card in the computer.
8. Connect the Cross Match ID 500 to the workstation’s FireWire card using the FireWire cable.
9. Plug the power supply into the back of the Cross Match ID 500. Plug the power cable into a power strip
with surge suppression capabilities, and connect that to an electrical outlet.
10. Once the computer detects the scanner, have the computer add drivers for the new device automatically.
11. If System Administration was running, you may need to restart System Administration for the scanner
to work.
Upon using this scanner for the first time, the capture software will automatically calibrate it. In order for
this to occur, the platen cover needs to be installed. Once calibration is complete, you may use the scanner.
revision 3 — 83
Fingerprint Enrollment and Verification
OnGuard Enrollment
Once the driver is installed, the Cross Match ID 500 is ready for use.
The Cross Match Verifier 300 is a fingerprint scanner. This device provides real-time feedback for such
factors as finger alignment, ridgelines, rotation, and pressure. It is capable of scanning a single, flat
fingerprint.
Up to two fingerprints may be stored per person. Captured images are stored in bitmap format so that they
may be displayed more easily. They are also converted to ANSI-INCITS 378 minutiae format for storage in
the database.
Only one Verifier 300 unit may be connected at a time. Connect the scanner to the host workstation using a
USB cable. It must be connected to a USB 2.0 port. Additional configuration of communication settings is
not needed.
OnGuard Enrollment
Note: Minimum requirements: the fingerprint size must be at least 175 pixels wide by 250 pixels
high on the platen. There must be a minimum of 15 horizontal ridges present and a minimum
of 15 vertical ridges present.
84 — revision 3
OEM Device Configuration Guide
The MSO fingerprint scanner has the capability to capture a high-resolution (500 dpi) image of a fingerprint
and allow viewing of a low-resolution bitmap image. It can also be used for verification.
The following models are supported by OnGuard: MSO 300, MSO 350, MSO 350 PIV, MSO 1300, and
MSO 1350.
Install the device driver. This can be found on the Supplemental Disc. Connect the MSO scanner to the USB
port of the host computer. The device will be automatically detected. It is not necessary to configure
communication settings. Only one scanner may be connected to the computer.
revision 3 — 85
Fingerprint Enrollment and Verification
86 — revision 3
OEM Device Configuration Guide
This unit is a contactless reader, uses an RS-232 connection, and is compatible with ISO14443 A and Mifare
cards.
Connect the GemPlus EasyAccess 332 encoder to the PC’s serial port.
To Com Port on PC
White to Pin 2
Green to Pin 3
Blue to Pin 5
To +12VDC
To Ground 12 VDC
revision 1 — 87
GemPlus EasyAccess 332 Encoder
In order to use this encoder, it must be added to the Workstations folder in System Administration.
88 — revision 1
OEM Device Configuration Guide
17 iClass Programmer
The HID iClass RW400Prgm encoder supports the following smart card applications:
• Credential Agent
• GSC (iClass)
• HID Access Control (iClass)
• IrisAccess (iClass)
• V-Smart (iClass)
To use the encoder, wire and connect the device to a workstation COM port. Then create the smart card
format application. Assign these smart card format applications to the badge types for encoding.
This programmer (RW400Prgm/6121AKN0000PRGM) operates at 10-16 VDC. The average current draw
is 80-260 mA. When communication to the unit is successful, the LED remains solid green.
Due to timing issues with the encoder, this unit cannot be connected to a multiport serial adapter.
PIN 2
PIN 3
PIN 5
To DB9 Serial
Communication
Port on PC HID
revision 1 — 89
iClass Programmer
Create a card format for one of the smart card applications mentioned earlier in this chapter. The following
procedures are for configuring a Wiegand card format and a Smart Card format for the iClass programmer.
For more details, refer to the System Administration or ID CredentialCenter User Guides.
Wiegand Format
90 — revision 1
OEM Device Configuration Guide
2. Click [Add].
3. In the dialog box that appears, choose Wiegand and click [OK].
4. Type in a unique name for the Wiegand card format
5. Enter the required information.
6. Click [OK].
revision 1 — 91
iClass Programmer
Once the card format is configured, assign the smart card format application to the badge type. This can be
done in System Administration or ID CredentialCenter in the Badge Types Folder, on the Encoding Form.
For more information, refer to the System Administration or ID CredentialCenter User Guides.
92 — revision 1
OEM Device Configuration Guide
18 Integrated Engineering
OnGuard supports the Integrated Engineering (IE) SmartID, SmartPro, and SmartLOGON™.
18.1 SmartID/SmartPro/SmartLOGON
The SmartID/SmartPro/SmartLOGON™ ISO 14443 encoder supports DESFire card applications. The
device communicates with the workstation via USB port and requires the FTD2XX driver.
18.1.1 Configuration
Configuration of the device is accomplished in System Administration, in the Workstations folder, on the
Encoders/Scanners form.
For configuration of card formats, refer to the System Administration User Guide.
revision 1 — 93
Integrated Engineering
94 — revision 1
OEM Device Configuration Guide
19 Intelli-Check ID-Check
The information on a driver’s license, military ID, or passport can be imported using an ID-Check IDC1400
terminal. ID-Check can read, analyze, and verify the information encoded in the bar codes and magnetic
stripes on state and provincial driver licenses, identification cards, military and government IDs including
those that conform to the standards of the American Association of Motor Vehicle Administrators
(AAMVA), American National Standards Institute (ANSI) and International Organization for
Standardization.
Once the unit is connected and powered, the terminal will immediately display “ID-CHECK SETUP
REQUIRED.” To access the setup menu, press SETUP [F6]. Key in your four-digit master password and
press [Enter].
Once you access the Setup menu, selections can be made by pressing [Enter]. Use the up and down buttons
to scroll through options. Use any of the arrow keys to toggle settings.
Configure the IDC1400 to send transaction results through the printer port.
1. In the SETUP [F6] menu use the UP and DOWN arrows to scroll through the options. Select
FEATURES by pressing [Enter], then scroll through and select PRINTER. Press [Enter]. Set the
following attributes as follows:
a. MODE: Enabled (to enable the printer)
b. BUSY CHECK: Disabled
c. PRE LINES = 00 (number of line feeds to send before each transaction result)
d. POST LINES = 03 (# of line feeds to send after each transaction result)
e. PRINT TEXT = LEFT MARGIN (parser friendly format for applications)
2. In the SETUP [F6] menu, under FEATURES > PRINTER > HOST PORT, set BAUD RATE,
PARITY, WORD LENGTH, and FLOW CONTROL to the appropriate values to match your OnGuard
communication settings.
3. In the SETUP[F6] menu, under SYSTEM, set PROCESS MODE to COMPLETE ID.
4. In the SETUP[F6] menu, under SYSTEM > TRANSACTIONS > SHOW FLAGS, set PRINTER to
FULL CONTROL. Then for all other sub-menu settings, such as DL/ID, DOB, NAME, ADDRESS,
revision 1 — 95
Intelli-Check ID-Check
CITY, POSTAL CODE, AGE, EXP, DRIVER CLASS, SOCIAL SEC#, ISSUE DATE, WEIGHT,
HEIGHT, JURISDICTIO, EYE COLOR, HAIR COLOR,GENDER, set to ENABLED.
5. In the SETUP[F6] menu, under FEATURES, set NAME FORMAT to F M L. Set HEIGHT FORMAT
to FEET/INCHES and WEIGHT FORMAT to POUNDS for US ID/DL.
Note: For access to the menu, enter the password (by default, 1234).
If the results do not need to be displayed on the terminal, disable this option to speed up the transaction time.
When a license is swiped or scanned, the IDC1400 will beep (if enabled) and transfer the data (if the printer
is enabled) and return back to the idle screen.
1. In the SETUP [F6] menu use the UP and DOWN arrows to scroll through the options. Select
FEATURES by pressing [Enter].
2. Scroll through and select DISPLAY TIME.
3. Set the DISPLAY TIME = 00.
Before continuing, verify that you have a license for OnGuard with ID-Check Terminals enabled. The ability
to use ID-Check Terminals is a licensed feature. The ID-Check Terminals license is count-based; you are
licensed to have a certain number of ID-Check Terminals. The number of terminals you are licensed to use is
displayed in the “Maximum Number of ID-Check Terminals” setting in the ID CredentialCenter section of
the license.
The ID-Check scanner must also be added in the OnGuard software. This is done in System Administration
or ID CredentialCenter on the Encoders/Scanners form in the Workstations folder. The encoder/scanner that
is added must have a Device Type of “ID-Check Terminal.”
Use FormsDesigner to map the proper DMV values to the data fields for enrollment.
The settings for the software must match the communication parameters configured on the IDC1400 unit.
Configure the communication parameters in System Administration as follows:
• BAUD RATE: 38400
• DATA BITS: 8 bit
• PARITY: None
• STOP BITS: 1
• FLOW CONTROL: None
You can import data using the ID-Check Scanner whenever you are asked to manually enter cardholder or
visitor information. This includes adding, modifying, or searching for cardholder or visitor records. You can
96 — revision 1
OEM Device Configuration Guide
also import in the Visits folder when you are searching for a visitor or cardholder. This example describes
how to import data when adding a cardholder.
revision 1 — 97
Intelli-Check ID-Check
98 — revision 1
OEM Device Configuration Guide
The OMNIKEY 5125 PC/SC smart card proximity reader is used for automatic visitor sign in/sign out. It
automatically adds Wiegand data to badging workstations.
20.1 Installation
The OMNIKEY 5125 reader uses a USB keyboard interface. Connect the reader to the workstation using the
supplied USB cable. When the reader is connected, you will be prompted to install the required device
driver.
Obtain the device driver from the HID Web site, http://www.hidglobal.com/
driverDownloads.php?techCat=19.
For more information, refer to the Third Party Encoders Compatibility Chart, which can be accessed at:
http://www.lenel.com/support/downloads/onguard#compatibility-charts. (You will need your Lenel login to
gain access to this site.)
The OMNIKEY 5125 unit sends transaction results through the USB port. The device driver is used to
configure the connection of this device. There is no setup reuired.
The 5125 reader uses an optical sensor for automatic card detection (it automatically detects when material
is being present for scanning). Although it looks like an LED, it is NOT an indicator of any status for the
device.
revision 1 — 99
OMNIKEY 5125 Wedge
100 — revision 1
OEM Device Configuration Guide
21 ScanShell 800/1000
The information on a business card, driver’s license, or military ID can be imported using the ScanShell 800.
Passports can also be read by the ScanShell 1000. ScanShell can read the information using OCR to extract
data.
The CSS1000 scanner is no longer available and has been replaced by the CSS1000-A scanner which
requires version 9.42.0 of the ScanShell SDK to be installed.
The CSS800 scanner is no longer available and has been replaced by the CSS800-R scanner. The CSS800-R
scanner supports USB 2.0 which allows faster response.
Install the device driver located on the OnGuard Supplemental disc. Connect the ScanShell to the
workstation using the supplied USB cable.
The ScanShell unit sends transaction results through the USB port. The device driver is used to configure the
connection of this device. There is no setup required.
The scanner should be properly calibrated. Refer to the manufacturer documentation. In order to calibrate
the scanner, the domain user should be made a member of the Administrators group.
The ScanShell 800-R uses an optical sensor for automatic card detection (it automatically detects when
material is being present for scanning). Although it looks like an LED, it is NOT an indicator of any status
for the device.
By default, FormsDesigner should have the proper DMV values mapped to the data fields for enrollment.
For more information, refer to the FormsDesigner User Guide.
Before continuing, verify that you have a license for OnGuard with ScanShell scanners enabled. The ability
to use ScanShell scanners is a licensed feature. The license is count-based; you are licensed to have a certain
number of scanners. The number of scanners you are licensed to use is displayed in the “Maximum number
of Card Scanning Solutions ID Scanners” setting in the ID CredentialCenter section of the license.
revision 1 — 101
ScanShell 800/1000
You can import data using the ScanShell scanner whenever you are asked to manually enter cardholder or
visitor information. This includes adding, modifying, or searching for cardholder or visitor records. You can
also import in the Visits folder when you are searching for a visitor or cardholder. This example describes
how to import data when adding a cardholder.
102 — revision 1
OEM Device Configuration Guide
The Topaz SignatureGem™ hardware is used to electronically capture cardholder signatures and connects
directly to a multimedia capture workstation via a USB or serial port.
These installation instructions and driver information are for the Topaz 1 x 5 SignatureGem USB (Z-TS261-
USB/Z-TS261-HSB) and serial kit (Z-TS261-B).
The Topaz SignatureGem pen tablet can be installed on any multimedia capture workstation running
Windows 2003 or XP. It is also compatible with Citrix.
Note: Do NOT connect the signature tablet to the serial or USB port until prompted to do so.
The Wintab driver information for the pen tablet is located in the Topaz SignatureGem Pen Template
Driver folder on the OnGuard Supplemental disc. You can also download the driver information from the
Topaz website, located at http://www.topazsystems.com/Software/index.htm#6.
1. Run the Wintab15.exe file located in the Topaz SignatureGem Pen Template Driver folder on the
OnGuard Supplemental disc.
2. The welcome screen for the Topaz 1x5 Tablet Win Tab Driver v2.12 Setup program window displays.
Click [Next].
revision 1 — 103
Topaz SignatureGem Pen Tablet
3. The Topaz Wintab Installation window displays. Select the port for the signature tablet: serial, USB, or
HSB. If necessary, check the back of the device for the model number to determine whether it is USB or
HSB.
Note: If you are asked to specify the driver location you can download the latest driver from http://
www.topazsystems.com/Software/index.htm#6.
1. After the driver is installed, the PC will reboot. Connect the SignatureGem pen tablet to the correct port.
2. The Found New Hardware wizard should automatically start. If it does not, manually start the wizard by
selecting Start > Settings > Control Panel > Add Hardware.
3. Complete all the steps in the Found New Hardware wizard.
4. The SignatureGem pen tablet can now be used with the Multimedia Capture module.
1. When the PC reboots, the Found New Hardware Wizard automatically displays. Select the Install the
software automatically (Recommended) radio button and click [Next].
104 — revision 1
OEM Device Configuration Guide
Note: If Found New Hardware wizard does not automatically start you can manually start it by
selecting Start > Settings > Control Panel > Add Hardware.
2. You may receive a message stating the hardware has not passed Windows Logo testing. Click [Continue
Anyway] if you are installing the hardware on a machine that uses the Windows 2003 or XP operating
system.
3. Click [Finish] when the wizard has finished installing the software.
revision 1 — 105
Topaz SignatureGem Pen Tablet
106 — revision 1
IP SUPPORT
OEM Device Configuration Guide
This procedure can also be used for the MSS-VIA network adapter.
This Ethernet controller is a network device, and not a part of the UL certification. This device must have
transient protection.
1. With the power OFF to the ETHLAN devices, establish a serial connection from the ETHLAN to the
PC’s Serial Communication Port, for example, using the HyperTerminal. (A Null Modem cable is
required).
2. Start HyperTerminal.
3. Change the Communication settings to 9600 Baud, 8 data bits, 1 stop bit, and Parity None.
4. Plug in power to the ETHLAN. The following messages should appear in the terminal window.
5. At this point, press the <Enter> key. (It may take a few seconds to complete booting).
• Power should be cycled to the device while connected to it in order to see the “Load Completed...”
message.
• If it appears that nothing changes after pressing the <Enter> key, it is possible that the Lantronix
MSS1 or MSS100 device was already configured once. If this occurs, you need to press the
revision 3 — 109
LNL-ETHLAN (MSS1/MSS100 Ethernet Controller)
<Enter> key before the phrase, “Load Completed-Boot in Progress” appears. If this still does not
allow you to enter into the command mode, you may also telnet into the Lantronix device.
• If the device was configured previously, it may be best to do a hard reset and configure it from
scratch. To do this:
a. Using the end of a paper clip, or a similar small object, hold down the reset button.
b. Cycle power to the device.
• A prompt that says Local_1> should appear. If the prompt says Boot>, then the Ethernet
Address has not been defined and you must enter one.
a. At the Boot> prompt, type:
change hardware n
where n represents the last three digits of the Ethernet Address located on the bottom of the
Lantronix box (Example: change hardware 21-01-65).
b. Reboot for the change to take effect.
c. Wait for it to finish loading. Once it’s done, you should see a screen resembling the picture on
the previous page.
6. You will be prompted for a user name. Enter any name.
110 — revision 3
OEM Device Configuration Guide
Any additional changes specific to the hardware that the Lantronix box is connecting to should be made
now. These may include, but are not limited to, baud rate, parity, stop bit, byte size, and flow control.
1. Make sure the device is powered, completely booted, and connected to the network. Start
HyperTerminal.
2. You will be prompted for a session name. Enter a name of your choice.
3. Connect to the device using the IP address, port address of 7000.
revision 3 — 111
LNL-ETHLAN (MSS1/MSS100 Ethernet Controller)
At this point, the Lantronix box should be ready to act as a gateway between a LAN and a serial device. It is
also necessary to wire and configure each individual device.
For wiring between the hardware and the Lantronix box, a straight through RS-232 cable is used. Also, a 25-
pin/9-pin adapter may be required for certain hardware. The Lantronix box is equipped with a 25 pin male
connector.
112 — revision 3
OEM Device Configuration Guide
Note: Be sure to match the baud rate setting with the baud rate for which the hardware is configured.
revision 3 — 113
Security Settings (SDS1100)
In the Change Setup menu, there is a menu option that can be used to configure an encrypted connection
when using the SDS1100. Note that there are other options under this menu. Refer to the appropriate
Lantronix User Guide for more information regarding these options.
You can change security settings by means of telnet or serial connection only. The Web Manager cannot be
used for this. We recommend that you set security over the dedicated network or over the serial setup. If you
set parameters over the network (telnet 9999), someone else could capture these settings.
Enable Encryption. Rijndael is the block cipher algorithm chosen by the National Institute of Science and
Technology (NIST) as the Advanced Encryption Standard (AES) to be used by the US government. The
SDS supports 128-, 192-, and 256-bit encryption key lengths. Currently only 128-bit encryption is supported
for communications with our third party hardware devices.
Note: This configuration should be done through a local connection to the serial port of the device, or
via a secured network connection. Initial configuration information including the encryption
key are sent in clear text over the network.
The following controller types support communication over an encrypted connection via the SDS1100.
Configuration Information
Controller Type Baud Rate I/F Mode Flow Control
114 — revision 3
OEM Device Configuration Guide
Configuration Information
Controller Type Baud Rate I/F Mode Flow Control
(Intrusion) Galaxy 8, 18, 60, 128, 500, 1200, 2400, 4800, 9600, 4C 00
504 and 512 19200, 38400
revision 3 — 115
IP Cameras
25 IP Cameras
116 — revision 3
OEM Device Configuration Guide
Index
A sagem morpho.............................................. 85
ActivEntry Fire panels........................................................... 11
access readers............................................... 76
authentication methods ................................ 76 G
badge id........................................................ 77 Galaxy panel ..................................................... 113
badge id derivation rules.............................. 77 GemPlus.............................................................. 87
card format................................................... 79
enrollment .................................................... 80 H
invalid credentials........................................ 78 HID EdgeReader................................................. 21
module ......................................................... 75
ActivIdentity ....................................................... 75 I
AES intellinet receiver...................................... 112
iCAM .................................................................. 23
B ID-check.............................................................. 95
Install
Biotouch.............................................................. 83 Topaz software .......................................... 104
Bosch D6600/D6500......................................... 112 Integrated Engineering........................................ 93
Bosch D7412/D9412......................................... 112 Intelli-check ........................................................ 95
Bosch receiver..................................................... 41 Intrusion detection panel DS7400Xi................. 112
Invalid credentials............................................... 78
C Iris recognition.................................................... 23
CardScan ............................................................. 59 IrisAccess............................................................ 23
Corex................................................................... 59
Cross match......................................................... 83 M
Cypress......................................................... 63, 69 MOM-4 ............................................................... 11
Cypress timer ...................................................... 47
N
D
Notifier
D6500.................................................................. 41 AM2020....................................................... 14
D6600.................................................................. 41 NFS-640....................................................... 15
Destination dispatch.............................................. 9 panel connection .......................................... 14
DigiOn24 ............................................................ 73 programming ............................................... 17
DS7400Xi ......................................................... 112 Notifier panel .................................................... 113
E O
EasyAccess ......................................................... 87 OEM devices......................................................... 7
EdgePlus ............................................................. 21 OEM devices supported over IP ....................... 107
EdgeReader ......................................................... 21 OMNIKEY 5125 Wedge .................................... 99
Elevator dispatch................................................... 9 Onity programmer............................................... 37
Enrollment .......................................................... 80 Osborne-Hoffman oh-2000 receiver ................. 113
ESPA (Tateco) .................................................. 112
ESPA protocol .................................................... 18 P
ETHLAN (MSS1/MSS100 ethernet controller) 109
Parsing information............................................. 19
F Personal safety .................................................... 39
Point of sales....................................................... 55
Fingerprint Pyrotronics ................................................. 11, 113
biotouch ....................................................... 83 Pyrotronics Fire Panel......................................... 11
cross match .................................................. 83
enrollment .................................................... 83
revision 3 — 117
Index
R
Receivers............................................................. 41
S
Sagem morpho .................................................... 85
ScanShell .......................................................... 101
Security settings ................................................ 114
SignatureGem pen tablet
installation checklist .................................. 103
SmartID readers .................................................. 93
T
Tateco
connection.................................................... 18
data converter power.................................... 18
fire panel ...................................................... 18
test mode...................................................... 19
Topaz signaturegem .......................................... 103
TVC-2100 ........................................................... 55
TVS ..................................................................... 55
V
Video text inserter............................................... 55
Visonic .............................................................. 113
Visonic SpiderAlert ............................................ 39
W
Wedge reader ............................................... 63, 69
118 — revision 3
Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, New York 14534 USA
Tel 585.248.9720 Fax 585.248.9185
www.lenel.com
docfeedback@lenel.com