0% found this document useful (0 votes)

33 views104 pages

Ebi r610.1 Identipointacs

Uploaded by

carlos salazar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

33 views104 pages

Ebi r610.1 Identipointacs

Uploaded by

carlos salazar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 104

IdentIPoint Access Control Configuration

Guide
July 2019
Issue 2
DISCLAIMER
This document contains Honeywell proprietary information. Information
contained herein is to be used solely for the purpose submitted, and no part of
this document or its contents shall be reproduced, published, or disclosed to a
third party without the express permission of Honeywell International Sàrl.
While this information is presented in good faith and believed to be accurate,
Honeywell disclaims the implied warranties of merchantability and fitness for
a purpose and makes no express warranties except as may be stated in its
written agreement with and for its customer.
In no event is Honeywell liable to anyone for any direct, special, or
consequential damages. The information and specifications in this document
are subject to change without notice.
Copyright 2019 - Honeywell International Sàrl

2
Contents

CONTENTS
Contents 3
Chapter 1 - About this guide 7
Introduction 7
Scope 7
Before reading this guide 7
Assumptions and prerequisites skills 7
Other related documents 7

Chapter 2 - Commissioning a connected reader 9

Prerequisites for commissioning a connected reader 11
Basic reader configuration tasks 11
Enabling wireless on the card reader 12
Connecting to the reader network 12
Reconfiguring the IOM 12
Configuring the basic reader settings 14
Testing the reader 17
Disabling wireless mode on the card reader 17
Configuring EBI to communicate with the readers 18
Configuring the IdentIPoint point server 18
Configuring reader security settings 18
Adding card reader subnets to EBI 20
Configuring time periods 21
Configuring date and time on readers 22
Configuring the backlight on the reader 22
Configuring validations 23
Configuring reader actions 24
Configuring event triggers 26
Assigning event triggers 28

3
Contents

Configuring templates 29
Discovering card readers 29
Specifying a card reader for cardholder enrollment 30
Building reader points 30
Applying templates to readers 31
Uploading firmware from Station 31
Downloading firmware to the readers 32

Chapter 3 - Commissioning a standalone reader 33

Installing the Honeywell IdentIPoint Sync tool 35
Creating a project in the Honeywell IdentIPoint Sync tool 35
Creating standalone readers in EBI 36
Configuring the IdentIPoint point server 36
Creating a standalone reader in EBI 37
Configuring time periods 37
Configuring time on readers 38
Configuring validations 38
Configuring event triggers 40
Configuring reader actions 41
Assigning event triggers 43
Configuring templates 44
Configuring reader security settings 45
Building reader points 47
Applying templates to readers 47
Transferring reader details to the Honeywell IdentIPoint Sync tool 48
Transferring the reader details to the physical reader 48
Enabling wireless on the card reader 48
Connecting to the reader network 49
Reconfiguring the IOM 49
Configuring the reader name 50
Transferring configuration details for standalone readers created in EBI 51

4
Contents

Chapter 4 - Reference information 55

Door Definition tab reference 55
Event Configuration tab reference 59
Trigger assignment tab reference 60
IO Configuration tab reference 61
Timing diagrams for lock types 62
IdentIPoint point parameters 65
Chapter 5 - Configuring access control for IdentIPoint readers 75
Configuring PIN and fingerprint settings 75
Configuring a PIN duress scheme 76
About PIN duress schemes 76
Checklist for configuring access levels 77
Configuring zone parameters 77
Configuring threat level 78
Configuring access levels 79
Configuring holiday definition 80
Configuring dual door readers 80
About dual door readers 81
Configuring the cardholder database for IdentIPoint controllers 82
Configuring fields 82
Cardholder database field properties 83
Defining a new field 84
New cardholder database field properties 85
Configuring cardholder preferences for IdentIPoint controllers 85
Cardholder preferences properties 86
Defining a cardholder template 89
Defining a cardholder management profile 89
Sending a door command from Station 90

5
Contents

Chapter 6 - Administration tasks for IdentIPoint 91

Changing the admin password 91
Restoring reader communication keys 91
Changing the card security key 91
Creating a maintenance card 92
Changing the behavior of a reader 93
Modifying an access level 94
Deleting a zone 94
Deleting an access level 95
Deleting a location that has IdentIPoint readers assigned 95
Chapter 7 - Maintenance tasks for IdentIPoint 97
Responding to a tampered reader alarm 97
Recovering a tampered reader 97
Checklist for replacing a faulty connected reader 98
Configuring the basic settings for a replacement connected reader 99
Replacing a faulty connected reader in Station 101

Chapter 8 - Interacting with Honeywell Digital Video Manager 103

Notices 104

6
CHAPTER

1 ABOUT THIS GUIDE

This guide is for use by anyone responsible for commissioning and

configuring IdentIPoint card readers.

Introduction
This section discusses the scope and prerequisites required before reading
this guide.

Scope
This document intends to:

n Help you commission and configure IdentIPoint.

n Familiarize you with the terms and concepts used in the IdentIPoint
system.

Before reading this guide

Before you begin procedures documented in this guide, it is useful to have
documented the building or site layout.

Assumptions and prerequisites skills

This guide assumes that you have basic hardware knowledge of computers,
printers, network parameters and that you are familiar with Microsoft
Windows operating systems.
It also assumes that:

n All card readers are installed properly by the installation engineer.

n You are familiar with Enterprise Buildings Integrator.

n EBI Configuration and Administration Guide. Describes how to configure

aspects of your system that are not directly related to access control and
security, such as Stations and reports. It also describes administrative
tasks, such as archiving.

7
Chapter 1 - About this guide

n EBI Operator's Guide. Describes how to use EBI , how to add

cardholders to EBI, and how to enroll cardholders to use IdentIPoint card
readers.
n IdentIPoint Security and Key Management Guide.

8
CHAPTER

2 COMMISSIONING A CONNECTED
READER
Commissioning is a process of installing, configuring, and testing the readers.
It involves:
Setting reader parameters (basic network parameters, name, and location,
for example), which enable the EBI server to communicate with the reader
and vice-versa.
Downloading firmware and other information to the reader.

NOTE: Print or photocopy this checklist so that it is easier to keep track

of where you are in the commissioning process.

Table 2-1: Checklist for commissioning a connected reader

Task Go to: Done?

Specify basic configuration settings

Enable wireless mode on the card "Enabling wireless on

reader. the card reader" on
page 12

Connect to the reader network. "Connecting to the

reader network" on
page 12

If you have an IOM, reconfigure the "Reconfiguring the

IOM. IOM" on page 12

Configure the basic reader settings, "Configuring the basic

such as the reader name and IP reader settings" on
address. page 14

Test the reader. "Testing the reader" on

page 17

Disable wireless mode on the card "Disabling wireless

reader. mode on the card
reader" on page 17

9
Chapter 2 - Commissioning a connected reader

Task Go to: Done?

Configure EBI to communicate with the reader

Configure the IdentIPoint point "Configuring the

server. IdentIPoint point
server" on page 18

Configure security settings. "Configuring reader

security settings" on
page 18

If the card readers and the EBI "Adding card reader

server are on different subnets, add subnets to EBI" on
the card reader subnets to EBI. page 20

Configure time periods. "Configuring time

periods" on page 21

Configure date and time on the "Configuring date and

reader. time on readers" on
page 22

Configure the backlight on the "Configuring the

reader. backlight on the reader"
on page 22

Configure validations. "Configuring

validations" on page 38

Configure reader actions. "Configuring reader

actions" on page 41

Configure event triggers. "Configuring event

triggers" on page 40

If you want specific actions for the "Configuring reader

reader, configure the actions. actions" on page 41

Assign event triggers. "Assigning event

triggers" on page 43

Configure the templates. "Configuring templates"

on page 29

Discover the readers. "Discovering card

readers" on page 29

10
Chapter 2 - Commissioning a connected reader

Task Go to: Done?

Specify the card readers that are to "Specifying a card

be used for enrollments. reader for cardholder
enrollment" on page 30

Build the readers points. "Building reader points"

on page 30

Apply templates to the readers. "Applying templates to

readers" on page 31

Upload firmware from Station to the "Uploading firmware

server. from Station" on
page 31

Download the latest firmware to the "Downloading firmware

readers. to the readers" on
page 32

Prerequisites for commissioning a connected

reader
To successfully commission a connected reader, make sure you have the
following items available before you begin:

n A blank MIFARE Classic or DESFire card

Some commissioning tasks require you to put the reader into wireless
mode; this is achieved by presenting a blank card at the reader.

TIP: DESFire EV1 cards do not work for enabling the Wifi of a
factory reader.

n A laptop computer with wireless network capability

You need to complete some of the tasks in close proximity to the reader.

Basic reader configuration tasks

This section describes how to configure basic information about the physical
reader. These tasks do not require EBI to be installed.
You should not complete any of these tasks unless instructed to do so by one
of the commissioning checklists.

11
Chapter 2 - Commissioning a connected reader

Enabling wireless on the card reader

To be able to perform initial commissioning steps from your computer, you
need to enable the wireless option on the reader so that you can connect to it.

To enable wireless on a card reader

n Present a blank card to the card reader. A message stating that wireless
is enabled is displayed on the LCD and the LED blinks in amber.

ATTENTION: If the reader does not have a display, a beep is heard on

enabling the wireless mode.

Connecting to the reader network

When commissioning a reader, you need to ensure the computer you are
using is on the same network as the card reader.

To connect to the reader network

1. On the computer you are using to commission the reader, open Windows
Network Connections.
2. Right-click Wireless Network Connections and choose Properties.
3. In the This connection uses the following items list, locate Internet
Protocol (TCP/IP) and click Properties.
4. On the General tab, click the Use the following IP address option button.
5. In the IP address box, type 192.168.0.nnn where nnn is any number
other than 200.
6. Click OK to close the Internet Protocol Properties.
7. Click OK to close the Wireless Network Connection Properties.
8. Open the Wireless utility and search for iPAC10 on the wireless
network.
9. Connect to iPAC10 .

Reconfiguring the IOM

The IOM is configured every time when connecting an IOM to a reader. You
can reconfigure the IOM if required.

12
Chapter 2 - Commissioning a connected reader

ATTENTION: To ensure that the IOM operates as expected, the DIP

switches must be configured correctly. For details, refer to the
Honeywell IdentIPoint Intelligent Smartcard System Installation
Instructions.

To configure IOM
1. In your browser, type http://192.168.0.200.
2. Locate the reader you are commissioning, click the reader, and then click
View Web Page .
In your browser the reader page opens.
3. Type your user name and password, and then click Login .
The default user name is admin and the default password is
password.

ATTENTION: The user name is case-sensitive.

When EBI is installed and operational, you must change this password.
For information about changing the password, see the topic “Changing
the admin password” in the section “Administration tasks for IdentIPoint”
in this guide.
4. Click Reconfigure IO under Diagnostic Tools.
5. Click OK to restart the reader.
6. Look at the reader and see that the reader is restarted.
7. Enable wireless mode by swiping a blank card.
8. In your browser, refresh the reader web page and log on again.
9. Click Configure IOM under Diagnostic Tools. The Configure IOM page is
displayed.
10. Click the Start Configuration button. The IOM configuration setup is
initiated.
11. On the IOM hardware, turn the dip switch to Installation mode.
12. When the Data LED on the IOM blinks amber, click the Installation Mode
button. This displays the connected IOM status.
13. On the IOM hardware, turn the dip switch to Normal mode.
14. Wait until the Data LED on the IOM blinks red, and then click the Normal
Mode button; this displays the connected IOM status. The reader reboots
automatically.
15. Click the Logout link at the top-right corner and return to the Honeywell
IdentIPoint Sync application.

13
Chapter 2 - Commissioning a connected reader

16. If you are continuing with the other commissioning tasks, you need to
enable wireless mode on the card reader by presenting a blank card to the
reader.

Configuring the basic reader settings

You need to configure basic settings for the reader such as the reader name
and IP settings. The procedure for configuring these settings differs slightly,
depending on whether you use an ethernet connection or a wireless
connection for a connected reader, or whether you are configuring a
standalone reader. Choose the appropriate procedure in this topic:

n For an ethernet connected reader, go to To configure basic reader

settings for an ethernet connected reader
n For a wireless connected reader, go to To configure basic reader settings
for a wirelessly connected reader

Prerequisites
n The reader has wireless mode enabled.

To configure basic reader settings for an ethernet

connected reader
1. In your browser, type http://192.168.0.200.
This is the default IP address of the reader.
The Reader Logon Page opens.
2. Type the user name and password.

ATTENTION: The user name is case-sensitive.

The default user name is admin and the default password is password.
When EBI is installed and operational, you must change this password.
For information about changing the password, see the topic “Changing
the admin password” in the section “Administration tasks for IdentIPoint”
in this guide.
3. On the reader web page, click Reader Information under Reader Profile
on the left pane. The reader information page is displayed.
4. In the Name box, type the name of the reader.

14
Chapter 2 - Commissioning a connected reader

The reader name must be unique. This name is used as the default reader
point name on the EBI server when the reader is discovered. It can be
changed when you build the reader point.
5. In the Description box, type a brief description for the reader.
6. Click Save .
7. Click Ethernet under Basic Configuration on the left pane.
The Ethernet Connection Details page is displayed.
8. Under Connection Mode click the Connected option button.
9. Under Ethernet IP Address Management, click the appropriate option:
l If the network has a DHCP server, click Obtain an IP address

automatically.
l If the network does not have a DHCP server, or if you want to use a

specific IP address, click Use the following IP address under Ethernet

IP Address Management.
10. If you are using a specific IP address, type the IP address, subnet mask,
default gateway, and DNS server.
11. Click Save .
If you have a reader with an LCD, the IP address and the firmware
version is shown on the LCD until the reader is fully commissioned.

To configure basic reader settings for a wirelessly

ATTENTION: The user name is case-sensitive.

When EBI is installed and operational, you must change this password.
For information about changing the password, see the topic “Changing
the admin password” n the section “Administration tasks for IdentIPoint” in
this guide.
3. On the reader web page, click Reader Information under Reader Profile
on the left pane. The reader information page is displayed.

15
Chapter 2 - Commissioning a connected reader

4. In the Name box, type the name of the reader.

The reader name must be unique. This name is used as the default reader
point name on the EBI server when the reader is discovered. It can be
changed when you build the reader point.
5. In the Description box, type a brief description for the reader.
6. Click Save .
7. Click Wireless under Basic Configuration on the left pane. The Wireless
Connection Details page is displayed.
8. Under Wireless Module Settings, click On .
You can modify the following options only if the Status is set to On .
9. Under the Wireless IP Address Management option , select the
appropriate option:
l If the network has a DHCP server, click Obtain an IP address

automatically.
l If the network does not have a DHCP server, or if you want to use a

specific IP address, click Use the following IP address under Ethernet

IP Address Management.
10. If you are using a specific IP address, type the IP address, subnet mask,
default gateway, and DNS server.
11. Under Wireless Module Settings, select the appropriate Mode: Adhoc
mode supports Open and WEP authentication; Infrastructure
mode supports Open, WEP and WPA authentication.
12. In the SSID box, type a name to identify this wireless network.
13. In the Channel Number box, type the appropriate channel number.
The channel number associates to a particular frequency.
14. From the Network Authentication list, click the appropriate authentication
type.
l Open : The communication with the reader is in open mode without any

security key.
l WEP: The security key entered must be the same as the key in the

router access point.

l WPA: The security key entered must be the same as the router access

point.
15. Click Save .
If you have a reader with an LCD, the IP address and the firmware
version is shown on the LCD until the reader is fully commissioned.

16
Chapter 2 - Commissioning a connected reader

Testing the reader

After you have completed the basic configuration settings of the reader, it is a
good idea to test the wiring of the door lock and the door IO, to check the IP
address of the reader, and to ensure the reader can communicate with the
network using the parameters that have been configured.

To perform the IO test

1. Click IO Test from the Diagnostics and Tools list. The IO Test page is
displayed.
2. For testing the output points select an output point from the Output Point
list.
a. Select a state from the State list.
b. Click Command to set the command. The device connected to the
respective output point is set to the appropriate selected state.
3. To test the input points, select an input point from the Input Point list.
a. Click Read to read the input channel status.
b. The state of the device that is connected to the input point is displayed
in the Current State box.
4. Click Exit. The window closes.

To check the IP
1. Click Ping from the Diagnostics and Tools list on the Ethernet or Wireless
page. The Ping page is displayed.
2. Type the IP to be searched in the IP address to ping box.
3. Click Ping . The result is displayed on the Ping result window.
4. Click Exit. The window closes.

Disabling wireless mode on the card reader

After you have completed setting the reader parameters, you must disable the
wireless mode on the card reader.

To disable wireless on the card reader

n Present a blank card to the card reader. The message Wireless is
disabled is displayed and an audible alert indicates that wireless mode is
disabled.

17
Chapter 2 - Commissioning a connected reader

Configuring EBI to communicate with the readers

This section describes how to configure EBI to communicate with the physical
readers.
You should only complete these tasks if instructed to do so by one of the
commissioning checklists.

Configuring the IdentIPoint point server

Before you can perform any of the tasks required to configure EBI to
communicate with the IdentIPoint card readers, you need to configure the
IdentIPoint point server.

ATTENTION: You only need to configure one point server per site. If
the point server has already been configured, skip this task.

Prerequisites
n You need to be logged on to Station with a security level of Mngr.

To configure the IdentIPoint point server

1. In Station choose Configure > System Hardware > Controller Interfaces >
Point Servers.
2. In an empty row in the Type list, click IRPS and click the alias.
The Point Server Configuration display opens.
3. In the Network Name box, type localhost .
4. Leave the Alias as IRPS.

Configuring reader security settings

To ensure secure communications between cards, readers, and the server,
you need to:

n Generate a Master key, which is used for communication between the

card reader and the card.
n Generate Reader communication keys, which are used for
communication between the server and the card reader.

TIP: It is recommended that you change the communications key

periodically as a security precaution.

18
Chapter 2 - Commissioning a connected reader

n Specify a card certificate expiry.

When you issue a card and perform a download, a certificate is also
downloaded. You can specify an expiry for the certificates. If a cardholder
presents a card that has an expired certificate, the card is invalid and the
cardholder is not granted access
When card certificates are due to expire, a new certificate is generated
and downloaded. When cards are presented to a connected reader, the
new certificate is written to the card. If the download is not successful, any
cards that are presented to a reader that have an expired certificate are
considered invalid, and the cardholder is not granted access.
If the site has standalone readers, cardholders must present their card to
a connected reader to receive the updated certificate, otherwise they are
denied access when they present their card to a standalone reader.

Prerequisites
n Log on to Station with a security level of Mngr.

To generate a master key

1. In Station, choose Configure > Access Control > IdentIPoint >
Security/System Parameters.
2. In the Card Security Key box, type a sixteen ASCII character or thirty-two
hexadecimal character key.
The key can contain digits from A–Z and 0–9. The key is masked as you
type it.

ATTENTION: If you have DSA servers, the key must be common

across all DSA servers on which the same card is used.

3. Click Save .
The key is generated and a file is created.
4. In the File Download dialog box, click Open and check the key you typed in
step 2.
5. Save the file to a secure location for future reference.

ATTENTION: If the EBI server fails and the key is not known, the
cards cannot be used with the system.

19
Chapter 2 - Commissioning a connected reader

To generate reader communication keys

1. In Station, choose Configure > Access Control > IdentIPoint >
Security/System Parameters.
2. Click Generate Keys.
New keys are generated.

ATTENTION: Reader communication keys are specific to only one

EBI server.

3. In the File Download dialog box, click Save and choose a secure location
to save the files.
You must save this file to a location other than the EBI server. You will
need this information if you have to recover the EBI server. Without these
keys the readers cannot communicate with EBI.

To specify a certificate expiry

1. In Station, choose Configure > Access Control > IdentIPoint >
Security/System Parameters.
2. In the Expire card certificates after box, type the number of days a
certificate is valid for.
If you specify 0, certificates do not expire.

Adding card reader subnets to EBI

If the EBI server is on a different subnet to the card readers, you need to add
the subnet the card readers use to the EBI server.

To add the card reader subnets to EBI

1. In Station, choose Configure > Access Control > IdentIPoint > Subnets.
The Subnets to be searched display opens.
2. Click Add .
3. In the Selected Subnet box, type the required subnet.

TIP: You need to enter the subnets of both the server and the
reader. For example, if the server is on 192.168.1.0 subnet and
the reader is on 192.168.2.0 subnet, both subnets must be
added.

20
Chapter 2 - Commissioning a connected reader

TIP: Do not remove the localhost entry from the IdentIPoint

subnets list: if the list has only one entry, the timeout waiting for
discovery responses is reduced and may result in discovery
responses being missed. Instead, leave the localhost entry in
the subnet list and add new subnet entries as required.

4. Click Save .

Configuring time periods

Time periods are used to specify how a door should behave during certain
times of the day. Time periods are also used with zones and threat levels to
create access levels, which are assigned to cardholders.

To configure the time period

1. In Station, choose Configure > Access Control > Time Periods.
The Time Periods display shows the existing time periods. You can
create a new time period or modify an existing one.
2. Click a new row under Time Period to create a new time period. The Time
Period Definition page is displayed.
3. Type a Name and Description for the time period.
4. Select an appropriate Location by selecting the ellipsis button.
5. In the Details for list, click NexSentry+/IdentIPoint.
6. In the Name and Description boxes, type the name and description for the
time period.
7. In the Location box, browse and select the location to which the time
period belongs.
8. For the first row in the Time Periods Details section:
a. In the Start and Stop Time boxes, type the start and stop times.

ATTENTION: The Start and Stop Time must be in HH:MM

format.

a. Select the appropriate Valid Days check boxes.

9. If appropriate, repeat the previous step for one or more of the remaining
rows.
10. Click Save .

21
Chapter 2 - Commissioning a connected reader

Configuring date and time on readers

You can configure the date and time format used on the reader display.
When a reader is added to the system, the default date and time format
applied to the reader is the format defined on the System Parameters page.
After that time, the format used for a particular reader can be modified only via
the reader's configuration page. Displaying a date and time on readers is
optional.

To define the default date and time format applied to

new readers
1. In Station, choose Cardholder Management > Security/System
Parameters.
2. From the Default reader date and time format list, select a date and time
format.
The Example reader date and time preview shows how the selected date
and time format will look on the reader.
3. Click Save .

To modify date and time on a specific reader

1. Navigate to the Reader Definition tab of the reader's configuration page.
2. From the Date and time format list, select a date and time format.
The Example date and time preview shows how the selected date and
time format will look on the reader.
3. Click Save .

Configuring the backlight on the reader

You can configure the reader backlight to turn off when the reader is idle. The
backlight turns back on for 30 seconds if a card or fingerprint is presented to
the reader, if a button on the reader keypad is pressed, or if the reader is
prompted by the system.

Prerequisites
n You have configured time periods.

22
Chapter 2 - Commissioning a connected reader

To configure the reader backlight

1. In the Station command zone, type the name of the reader point and then
press F12 .
The reader point detail display opens.
2. At the bottom of the display, click the Door, Reader, Alarm Configuration
link.
3. Click the Door Definition tab.
4. From the LCD Backlight On list, select a time period:
l <blank> - Backlight is off.

l TP1 - Backlight is always on (default).

Configuring validations
Optionally, you can define validations to associate with event triggers.
Validations determine whether a reader action associated with an event
trigger should be executed. Validations constrain the execution of reader
actions to specific, targeted circumstances.
A validation can consist of one or more individual logical tests; if it has multiple
tests, all tests must be successful for the validation to be considered
successful.
For example, a validation might test that the counter in the reader has
reached a certain value, or it might check to see if a threat level currently
exists. If the validation tests are successful, the associated reader action can
be performed; if not, the reader action will not be performed.
If you delete a validation, the system first verifies no readers are using the
validation.
Use the Validations page to add, modify, or delete validations.

TIP: The IdentIPoint Readers Details section on the Card Details tab
contains user-defined flags (User defined A–F) you can use in
conjunction with validations. You can define a validation to check if the
card presented has one or more of these flags set before the system
proceeds with the assigned action. Using these flags allows you to
restrict assigned actions to a subset of cards.

23
Chapter 2 - Commissioning a connected reader

To add validations
1. Log on to Station with a security level of MNGR.
2. Choose Configure > Access Control > IdentIPoint > Validations.
3. Click Add .
4. Enter a Name and Description .
5. Click Add in the lower portion of the page.
6. Select a Test Entity.

Option Description

Anti-Passback Select a comparison value and a state (None, Soft, Hard).

Card Option Select a card option (for example, Escort Required), comparison
value, and a state (Active, Inactive).

Counter Specify a value for the counter from 1–10.

IOM Select an IOM type, and then specify a value.

Maintenance The reader must be in maintenance mode.

Reader Select a feature on the reader. If you select SAI, you must specify a
value.

Threat Level Select a threat level situation.

Time Period Select a time period defined in the system.

Timer Specify a time from 1–10 seconds.

Zone Select either Count or State.

7. Select a Comparison , a State , and a Value as required, depending upon

the test entity selected.
8. Click Save .

Configuring reader actions

24
Chapter 2 - Commissioning a connected reader

If you delete a reader action, the system verifies the action is not in use before
deleting it from the system.
Use the Actions page to add, modify, or delete reader actions.

To configure reader actions

1. Log on to Station with a security level of MNGR.
2. Choose Configure > Access Control > IdentIPoint > Actions.
3. Click Add .
4. Enter a Name and Description .
5. Click Add .
A new row appears in the action list.
6. Select a Reader type.
By default Local Reader is displayed in the Reader column, indicating
the action will execute on the reader to which the action is downloaded. If
a particular reader is specified, an action can be remotely executed.
You can select whether the reader type is a Master or Slave .
7. Select a Control Entity.

Option Description

Counter Performs counter-related actions, such as incrementing or

decrementing a counter value. Select the counter to use in the action (1–
10).

TIP: Counters are initialized to zero (0) automatically.

Do NOT Prevents events raised by the reader action from being sent to the local
send to server.
host

IOM Specifies an IO module should perform the action. Select an IO module

from 1–4.

Reader Select the physical feature on the reader to perform the action:

l Buzzer
l Digital output
l Door lock
l Relay

25
Chapter 2 - Commissioning a connected reader

Option Description

Restart Causes the reader to reboot.

Timer Performs time-related actions, such as starting or stopping a timer.

Select the timer to use in the action (1–10).

Zone Sets a zone to a specified state.

8. Specify a State . (State options vary according to the control entity type
selected.)

Option Description

Increment, These settings apply to the Counter control entity:

Decrement,
Clear l Increment – increments the specified counter.
l Decrement – decrements the specified counter.
l Clear – initializes the specified counter to zero (0).
Latched Off, These settings apply to the Reader control entity. Controls the
Latched On specified reader to the selected state.

Start, Stop These settings apply to the Timer control entity. Starts or stops the
specified timer.

Armed, Semi- These settings apply to the Zone control entity:

Armed,
Disarmed l Armed – arms the zone associated with the specified reader.
l Semi-Armed – disables auto-unlock and shunts any active alarms in the
zone. This setting allows an associated zone to be partially armed.
l Disarmed - disarms the zone associated with the specified reader.

9. Type a Value if required for the control entity.

10. Click Save .

Configuring event triggers

Event triggers are changes that occur to a reader, such as a specific type of
access event, a counter changing value, and so on. When the event trigger
occurs, the action associated with the event trigger is executed.

TIP: If a specific number is required for a counter, a validation must be

used.

26
Chapter 2 - Commissioning a connected reader

Optionally, an event trigger can have a validation, which tests whether certain
conditions apply. If an event trigger has a validation, the validation must be
successful before the associated reader action will execute.
Use the Event Triggers page to associate validations and reader actions to
events.

Prerequisites
n Configure the required validations (optional).
n Configure the required reader actions.

To configure event triggers

1. Log on to Station with a security level of MNGR.
2. Choose Configure > Access Control > IdentIPoint > Event Triggers.
3. Click Add .
4. Enter a Name and Description .
5. Select a Trigger Entity.

Option Description

Access Event Select a type of access event as the trigger.

Counter Specify a value for the counter from 1–10.

IOM Select an IOM and type. This option is used for triggering off IOM
inputs and outputs as indicated with the Reader option.

Maintenance A maintenance change (enabled or disabled) in the reader is the

trigger.

Reader Select a feature on the reader. If you select SAI, you must specify a
value.

System Select a system situation as the trigger.

Threat level Select a threat level situation as the trigger.

Time Period Select a time period defined in the system.

Timer Specify a time from 1–10 seconds.

Zone Select either Count or State.

27
Chapter 2 - Commissioning a connected reader

6. Select a Validation (optional).

7. From the Actions list, select an action to assign to the event trigger.

Assigning event triggers

Use the Trigger Assignment page to assign event triggers. Event triggers
can be assigned either to a template or to a specific reader.

Prerequisites
n Configure the required event triggers.

To assign event triggers to a template

1. Log on to Station with a security level of MNGR.
2. Choose Configure > Access Control > IdentIPoint > Add/Edit Reader
Template s.
3. Click the template you want to assign the event triggers to.
4. Click the Trigger Assignment tab.
The Available Triggers list shows the triggers defined in the system.
5. Select a trigger in the Available Triggers list, and then click Assign .
The selected trigger moves to the Assigned Trigger list.

TIP: To remove an event trigger, select an entry in the Assigned

Triggers list and then click Unassign .

6. Click Save .

To assign event triggers to a specific reader

1. In the Station command zone, type the name of the reader point and
press F12 .
2. Click Door, Reader & Alarm Configuration link.
3. Click the Trigger Assignment tab.
4. Assign triggers as described in the procedure above.
5. Click Save .

28
Chapter 2 - Commissioning a connected reader

Configuring templates
You can use templates to apply common configuration settings to multiple
readers.

Prerequisites
n You have configured time periods.

To configure a new template

1. In Station, choose Configure > Access Control > IdentIPoint > Add/Edit
Reader Templates.
The Add Intelligent Reader Template display opens.
2. In the Name box, type a name for the template, and then click Add .
A new template display opens.
3. Type a Description of the template.
4. In the Time Zone list, click the appropriate time zone.
5. Click the Door Definition tab and configure the behavior of the doors as
appropriate for your site.
6. Click the Event Configuration tab.
7. In the Event Name list, click the event you want to define
priority/subpriority for.
8. In the Priority list, click a priority for the event.
9. In the Sub priority list, click a subpriority for the event.
10. Click Save .

Discovering card readers

After you have configured basic settings on the physical reader, you need to
discover those readers in EBI.

ATTENTION: Complete this task for connected readers only.

To discover readers in EBI

1. In Station choose Configure > Access Control > Intelligent Reader >
Manage Readers.
2. In the Show list, click All Readers.

29
Chapter 2 - Commissioning a connected reader

3. Click Discover .
The physical readers on the same network are discovered.

Specifying a card reader for cardholder enrollment

To be able to enroll cardholders, at least one of the connected readers must
be designated as a card reader for enrollment.

To specify a card reader for enrollment

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
2. In the Show list, click All Readers.
3. In the list of readers, locate the reader you want to use for cardholder
enrollment.
4. Select the Allow enrollment requests check box.

Building reader points

A reader point on the EBI server represents the details of the physical reader.

To build reader points

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.

TIP: Click Select All to select all readers in the list. Click Select
None to clear the selection of the readers.

ATTENTION: If the reader is not working then you must replace it

with a new reader. Click Replace Reader . The reader name and
description is retained but the MAC address and IP address are
changed.

2. If the EBI server has a Facility Model, in the Facility box, enter the
appropriate location in the Facility Model to which this reader should be
assigned.
3. In the Entry To Zone box, type the name of the zone a cardholder enters
after presenting a card to this reader.
4. In Exit from Zone box, type the name of the zone to which a cardholder
exits after presenting a card to this reader.

30
Chapter 2 - Commissioning a connected reader

TIP: This is not a required field and will generate an error if the
ExitZone has not been defined by an EntryZone.

5. Click Build Points.

A reader point for the selected readers are created and the status is
specified under the Status field on the same page.

Applying templates to readers

After you have configured the templates, you need to apply the template to
the reader.

To apply templates to readers

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
The Manage Readers display opens.
2. In the Show list, click All Readers.
3. In the list of readers, locate the readers to which you want to apply the
template.
4. From the Apply template list, click the template you want to apply.
A message appears in the Station Message Zone.
5. Click Yes in the Message Zone to apply the template.
For connected readers, the configuration details applied by the template
are automatically downloaded to the reader. For standalone readers, a
download required alarm is raised.

Uploading firmware from Station

You can upload firmware from Station to the host server if required.

To upload firmware from Station

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
2. Click Browse and navigate to the IdentIPoint.cab file that you want
to upload to the host server.
The name of the file selected is displayed in the Load new firmware box.
3. Click Upload .

31
Chapter 2 - Commissioning a connected reader

The firmware is uploaded to the server and extracted to the appropriate

location.

Downloading firmware to the readers

ATTENTION: Complete this task only for connected readers.

To download the firmware to the readers

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
2. Select the readers from the list of readers to which you want to download
the firmware.
3. Select the version of firmware you want to download to the readers.
4. Click Update Readers.
The firmware is downloaded to the selected readers. On completion of the
firmware download, the status is updated.

32
CHAPTER

3 COMMISSIONING A STANDALONE
READER
This section describes all of the tasks required to successfully commission a
standalone reader when EBI is operational.

TIP: Print or photocopy this checklist so that it is easier to keep track of

where you are in the commissioning process.

Table 3-1: Checklist for commissioning a standalone reader

Task Go to: Done?

Install the Honeywell IdentIPoint Sync "Installing the

tool Honeywell
IdentIPoint Sync tool"
on page 35

Create readers in EBI

Configure the IdentIPoint point server. "Configuring the

IdentIPoint point
server " on page 36

Create the standalone readers in EBI. "Creating a

standalone reader in
EBI" on page 37

Configure time periods. "Configuring time

periods" on page 37

Configure time on readers. "Configuring time on

readers" on page 38

Configure validations. "Configuring

validations" on
page 38

Configure event triggers. "Configuring event

triggers" on page 40

If you want specific actions for the "Configuring reader

33
Chapter 3 - Commissioning a standalone reader

Task Go to: Done?

reader, configure the actions. actions" on page 41

Assign event triggers. "Assigning event

triggers" on page 43

If you want to use templates, configure "Configuring

the templates templates" on
page 44

Configure security settings. "Configuring reader

security settings" on
page 45

Build the reader points. "Building reader

points" on page 47

Apply the templates to the readers. "Applying templates

to readers" on
page 47

Transfer the reader configuration to "Transferring reader

the Honeywell IdentIPoint Sync tool. details to the
Honeywell
IdentIPoint Sync tool"
on page 48

Load the reader configuration on the reader

Enable wireless mode on the card "Enabling wireless on

reader. the card reader" on
page 48

Connect to the reader network. "Connecting to the

reader network" on
page 49

If required, reconfigure the IOM

module.

Specify reader name. "Configuring the

reader name" on
page 50

Discover the physical reader, link the "Transferring

34
Chapter 3 - Commissioning a standalone reader

Task Go to: Done?

reader created in EBI with the physical configuration details

reader and transfer the configuration for standalone
details and firmware to the reader. readers created in
EBI" on page 51

Installing the Honeywell IdentIPoint Sync tool

To transfer firmware and configuration information from the EBI server to a
standalone reader, you need to install the Honeywell IdentIPoint Sync tool on
a laptop computer or PDA.

Prerequisites
n You have installed Microsoft .NET Framework

To install the Honeywell IdentIPoint Sync tool on a

laptop computer
1. Insert the EBI Auxiliary DVD.
2. Locate and double-click the IdentIPointSync.cab file.
3. Extract and run the file IdentIPointSync.msi.
4. Follow the prompts to perform the installation.

To install the Honeywell IdentIPoint Sync tool on a

PDA
1. Connect your PDA to a computer that has a DVD drive.
2. Insert the EBI Auxiliary DVD.
3. Locate and double-click the IdentIPointSync.cab file.
4. Extract the file IdentIPointSyncSetup.cab to your PDA.
5. On the PDA, click IdentIPointSyncSetup.cab to install the tool.

Creating a project in the Honeywell IdentIPoint Sync

tool
A project contains the information that is transferred between the EBI server
and the standalone readers. You typically create one project per EBI server.

35
Chapter 3 - Commissioning a standalone reader

To create a project
1. Choose Start > Programs > IdentIPoint Sync > IdentIPoint Sync.
The Honeywell IdentIPoint Sync tool starts.
2. Choose File > New.
3. In the Name box, type a name for this project.
4. In the Server base name box, type the computer name of the EBI server.
If you have redundant servers, type the base name of the servers. For
example, if your redundant servers are called hscserva and
hscservb, you type hscserv as the base name.
5. If you have redundant servers, select the Redundant servers check box.
6. Click OK.

Creating standalone readers in EBI

This section contains all of the tasks required to create a standalone reader
for sites where EBI is already installed.

Configuring the IdentIPoint point server

Before you can perform any of the tasks required to configure EBIto
communicate with the IdentIPoint card readers, you need to configure the
IdentIPoint point server.

ATTENTION: You only need to configure one point server per site. If
the point server has already been configured, skip this task.

Prerequisites
n You need to be logged on to Station with a security level of Mngr.

To configure the IdentIPoint point server

1. In Station choose Configure > System Hardware > Controller Interfaces >
Point Servers.
2. In an empty row in the Type list click IRPS and click the alias.
The Point Server Configuration display opens.
3. In the Network Name box, type localhost .
4. Leave the Alias as IRPS.

36
Chapter 3 - Commissioning a standalone reader

Creating a standalone reader in EBI

You would manually create a definition for standalone readers in EBI for a site
where EBI is already installed and operational and you are adding new
readers to the existing site.
Only complete this task if you have been instructed to do so by one of the
commissioning checklists.

To create a standalone reader in EBI

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
The Manage Readers display opens.
2. Click the Create Reader button.
A new card reader is added with all reader fields blank.
3. In the Name box, type the name of the reader.
4. In the Description box, type a brief description of the reader.
5. Select Stand-alone Reader .
The reader is selected as a standalone reader.
6. In the Entry To Zone box, type the name of the zone the cardholder enters
after presenting their card to this reader.
7. In the Exit from Zone box, type the name of the zone the cardholder exits
after presenting their card to this reader.
8. Select the version of firmware you want to transfer to the reader.

Configuring time periods

Time periods are used to specify the behavior of a door during certain times of
the day as well as used in conjunction with zones and threat levels to create
access levels, which are assigned to cardholders.

To configure the time period

1. In Station, choose Configure > Access Control > Time Periods.
The Time Periods display opens showing a list of existing time periods.
You can create a new time period or modify an existing one
2. Click a new row under Time Period to create a new time period.
The Time Period Definition page is displayed.
3. Type a Name and Description for the time period.

37
Chapter 3 - Commissioning a standalone reader

4. Select an appropriate Location by selecting the ellipsis button.

5. In the Details for list, click NexSentry+/IdentIPoint.
6. For the first row in the Time Periods Details section:
a. In the Start and Stop Time boxes, type the start and stop times using a
HH:MM format.
b. Select the appropriate Valid Days check boxes.
7. If appropriate, repeat the previous step for one or more of the remaining
rows.
8. Click Save .

Configuring time on readers

Time needs to be configured on a reader if it is to be used as an access control
reader. The time can be configured using either the configuration web page or
the keypad on the reader itself.

To configure time using the web page

1. In your browser type http://192.168.0.200 .
This is the default wireless IP address of the reader.
2. Enter your user credentials.
3. On the reader web page, click Date and Time under Basic Configuration
on the left pane.
The Date and Time page is displayed.
4. Edit the Date and Time as required (in local time), and then click Save .

38
Chapter 3 - Commissioning a standalone reader

If you delete a validation, the system first verifies no readers are using the
validation.
Use the Validations page to add, modify, or delete validations.

Option Description

Anti-Passback Select a comparison value and a state (None, Soft, Hard).

Card Option Select a card option (for example, Escort Required), comparison
value, and a state (Active, Inactive).

Counter Specify a value for the counter from 1–10.

IOM Select an IOM type, and then specify a value.

Maintenance The reader must be in maintenance mode.

Reader Select a feature on the reader. If you select SAI, you must specify a
value.

Threat Level Select a threat level situation.

Time Period Select a time period defined in the system.

Timer Specify a time from 1–10 seconds.

Zone Select either Count or State.

39
Chapter 3 - Commissioning a standalone reader

7. Select a Comparison , a State , and a Value as required, depending upon

the test entity selected.
8. Click Save .

Configuring event triggers

TIP: If a specific number is required for a counter, a validation must be

used.

Prerequisites
n Configure the required validations (optional).
n Configure the required reader actions.

To configure event triggers

1. Log on to Station with a security level of MNGR.
2. Choose Configure > Access Control > IdentIPoint > Event Triggers.
3. Click Add .
4. Enter a Name and Description .
5. Select a Trigger Entity.

Option Description

Access Event Select a type of access event as the trigger.

Counter Specify a value for the counter from 1–10.

IOM Select an IOM and type. This option is used for triggering off IOM
inputs and outputs as indicated with the Reader option.

Maintenance A maintenance change (enabled or disabled) in the reader is the

40
Chapter 3 - Commissioning a standalone reader

Option Description

trigger.

Reader Select a feature on the reader. If you select SAI, you must specify a
value.

System Select a system situation as the trigger.

Threat level Select a threat level situation as the trigger.

Time Period Select a time period defined in the system.

Timer Specify a time from 1–10 seconds.

Zone Select either Count or State.

6. Select a Validation (optional).

7. From the Actions list, select an action to assign to the event trigger.

Configuring reader actions

You can configure actions that the IdentIPoint reader should perform when a
specific event occurs.
A reader action consists of one or more individual controls. When the trigger
event occurs—and if any validation associated with the event trigger is
successful—all controls within the reader action are executed.
If you delete a reader action, the system verifies the action is not in use before
deleting it from the system.
Use the Actions page to add, modify, or delete reader actions.

To configure reader actions

41
Chapter 3 - Commissioning a standalone reader

By default Local Reader is displayed in the Reader column, indicating

the action will execute on the reader to which the action is downloaded. If
a particular reader is specified, an action can be remotely executed.
You can select whether the reader type is a Master or Slave .
7. Select a Control Entity.

Option Description

Counter Performs counter-related actions, such as incrementing or

decrementing a counter value. Select the counter to use in the action (1–
10).

TIP: Counters are initialized to zero (0) automatically.

Do NOT Prevents events raised by the reader action from being sent to the local
send to server.
host

IOM Specifies an IO module should perform the action. Select an IO module

from 1–4.

Reader Select the physical feature on the reader to perform the action:

l Buzzer
l Digital output
l Door lock
l Relay
Restart Causes the reader to reboot.

Timer Performs time-related actions, such as starting or stopping a timer.

Select the timer to use in the action (1–10).

Zone Sets a zone to a specified state.

8. Specify a State . (State options vary according to the control entity type
selected.)

Option Description

Increment, These settings apply to the Counter control entity:

Decrement,
Clear l Increment – increments the specified counter.
l Decrement – decrements the specified counter.

42
Chapter 3 - Commissioning a standalone reader

Option Description

l Clear – initializes the specified counter to zero (0).

Latched Off, These settings apply to the Reader control entity. Controls the
Latched On specified reader to the selected state.

Start, Stop These settings apply to the Timer control entity. Starts or stops the
specified timer.

Armed, Semi- These settings apply to the Zone control entity:

9. Type a Value if required for the control entity.

10. Click Save .

Assigning event triggers

Use the Trigger Assignment page to assign event triggers. Event triggers
can be assigned either to a template or to a specific reader.

Prerequisites
n Configure the required event triggers.

To assign event triggers to a template

43
Chapter 3 - Commissioning a standalone reader

TIP: To remove an event trigger, select an entry in the Assigned

Triggers list and then click Unassign .

6. Click Save .

To assign event triggers to a specific reader

Configuring templates
Using templates is an efficient way of applying common configuration settings
to multiple readers.

Prerequisites
n You have configured time periods.
To configure a new template

44
Chapter 3 - Commissioning a standalone reader

Configuring reader security settings

ATTENTION: You only need to configure these settings once per site.
If you have already configured these settings for connected readers,
skip this task.

To ensure secure communications between cards, readers, and the server,

you need to:

n Generate a Master key, which is used for communication between the

card reader and the card.
n Generate Reader communication keys, which are used for
communication between the server and the card reader.

TIP: It is recommended that you change the communications key

periodically as a security precaution.

n Specify a card certificate expiry.

Prerequisites
n Log on to Station with a security level of Mngr.

To generate a master key

1. In Station, choose Configure > Access Control > IdentIPoint >
Security/System Parameters.
2. In the Card Security Key box, type a sixteen ASCII character or thirty-two
hexadecimal character key.

45
Chapter 3 - Commissioning a standalone reader

The key can contain digits from A–Z and 0–9. The key is masked as you
type it.

ATTENTION: If you have DSA servers, the key must be common

across all DSA servers on which the same card is used.

3. Click Save .
The key is generated and a file is created.
4. In the File Download dialog box, click Open and check the key you typed
in step 2.
5. Save the file to a secure location for future reference.

ATTENTION: If the EBI server fails and the key is not known, the
cards cannot be used with the system.

To generate reader communication keys

1. In Station, choose Configure > Access Control > IdentIPoint >
Security/System Parameters.
2. Click Generate Keys.
New keys are generated.

ATTENTION: Reader communication keys are specific to only one

EBI server.

To specify a certificate expiry

46
Chapter 3 - Commissioning a standalone reader

Building reader points

A reader point on the EBI server represents the details of the physical reader.

To build reader points

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.

TIP: Click Select All to select all readers in the list. Click Select
None to clear the selection of the readers.

ATTENTION: If the reader is not working then you must replace it

with a new reader. Click Replace Reader . The reader name and
description is retained but the MAC address and IP address can be
changed.

Applying templates to readers

After you have configured the templates, you need to apply the template to
the reader.

To apply templates to readers

47
Chapter 3 - Commissioning a standalone reader

4. From the Apply template list, click the template you want to apply.
A message appears in the Station Message Zone.
5. Click Yes in the Message Zone to apply the template.
For connected readers, the configuration details applied by the template
are automatically downloaded to the reader. For standalone readers, a
download required alarm is raised.

Transferring reader details to the Honeywell

IdentIPoint Sync tool
After you have created the reader in EBI, you need to transfer this information
to the physical reader using the Honeywell IdentIPoint Sync tool.

To transfer reader details

1. Choose Start > Programs > Honeywell IdentIPoint Sync.
The Honeywell IdentIPoint Sync tool starts.
2. Click Synchronize Now. If you are using a PDA, click Server >
Synchronize Now.
The reader details that you configured in EBI are now transferred to the
Sync tool.

Transferring the reader details to the physical

reader
This section contains the tasks required to transfer details of each reader that
you configured in EBI to the physical reader.

Enabling wireless on the card reader

To be able to perform the initial commissioning steps from your computer, you
need to be enable the wireless option on the reader so that you can connect to
the reader.

To enable wireless on a card reader

n Present a blank card to the card reader. A message stating that wireless
is enabled is displayed on the LCD and the LED blinks in amber.

48
Chapter 3 - Commissioning a standalone reader

ATTENTION: If the reader does not have a display, a beep is heard on

enabling the wireless mode.

Connecting to the reader network

When you are commissioning a reader, you need to ensure the computer you
are using is on the same network as the card reader.

To connect to the reader network

1. On the computer you are using to commission the reader, open Windows
Network Connections.
2. Right-click Wireless Network Connections and choose Properties.
3. In the This connection uses the following items list, locate Internet
Protocol (TCP/IP) and click Properties.
4. On the General tab, click the Use the following IP address option button.
5. In the IP address box, type 192.168.0. nnn where nnn is any
number other than 200.
6. Click OK to close the Internet Protocol Properties.
7. Click OK to close the Wireless Network Connection Properties.
8. Open the Wireless utility and search for iPAC10 on the wireless
network.
9. Connect to iPAC10 .

Reconfiguring the IOM

The IOM is configured every time when connecting a IOM to a reader. You
can reconfigure the IOM if required.

ATTENTION: To ensure that the IOM operates as expected, the DIP

switches must be configured correctly. For details, refer to the
Honeywell IdentIPoint Intelligent Smartcard System Installation
Instructions.

To configure IOM
1. In your browser type http://192.168.0.200 .
2. Locate the reader you are commissioning and click the reader and click
View Web Page .
In your browser the reader page opens.

49
Chapter 3 - Commissioning a standalone reader

3. Type your user name and password and click Login .

ATTENTION: The user name is case-sensitive.

The default user name is admin and the default password is

password.
When EBI is installed and operational, you must change this password.
For information on how to change the password, see the topic, 'Changing
the admin password' in the 'Administration tasks for IdentIPoint' section of
this guide.
4. Click Reconfigure IO under Diagnostic Tools.
5. Click OK to restart the reader.
6. Look at the reader and see that the reader is restarted.
7. Enable wireless mode by swiping a blank card.
8. In your browser, refresh the reader web page and log on again.
9. Click Configure IOM under Diagnostic Tools. The Configure IOM page is
displayed.
10. Click the Start Configuration button. The IOM configuration setup is
initiated.
11. On the IOM hardware, turn the dip switch to Installation mode.
12. When the Data LED on the IOM blinks amber, click the Installation Mode
button. This displays the connected IOM status.
13. On the IOM hardware, turn the dip switch to Normal mode.
14. Wait until the Data LED on the IOM blinks red and then click the Normal
Mode button. This displays the connected IOM status. The reader reboots
automatically.
15. Click the Logout link at the top right corner and return to the Honeywell
IdentIPoint Sync application.
16. If you are continuing with the other commissioning tasks, you need to
enable wireless mode on the card reader by presenting a blank card to the
reader.

Configuring the reader name

Prerequisites
n The reader has wireless mode enabled.

50
Chapter 3 - Commissioning a standalone reader

To configure the reader name for a standalone reader

1. In your browser, type http://192.168.0.200 .
This is the default IP address of the reader.
The Reader Logon Page opens.
2. On the reader web page, click Reader Information under Reader Profile
on the left pane. The reader information page is displayed.
3. In the Name box, type a name to help you identify this reader.
This name is overwritten by the name you specified for the reader on the
EBI server.
4. In the Description box, type a brief description for the reader.
5. Click Save to save the information.
6. Under Basic Configuration on the left pane, click Ethernet.
7. Click the Standalone option button.
8. For diagnostic purposes, specify an IP address. Click the Use the
following IP address option button and type an IP address and subnet
mask.
9. Click Save .

Transferring configuration details for standalone

readers created in EBI
After you have created a standalone reader in EBI, you need to transfer the
configuration details and firmware from EBI to the physical reader.

Prerequisites
n Wireless mode is enabled on the physical card reader.
n You have connected to the same network as the card reader.
n You have created a maintenance card.

To transfer card reader details using a laptop

computer
1. Choose Start > Programs > Honeywell IdentIPoint Sync.
The Honeywell IdentIPoint Sync application starts.
The physical readers are discovered.
2. In the Readers Assigned to EBI list, click the reader you are configuring.

51
Chapter 3 - Commissioning a standalone reader

The status of the reader is Needs to be linked with a

physical reader.
3. From the Link to list, click the name of the physical reader and click Link.
The reader configuration details and firmware are transferred to the
reader.
The status of this reader changes to Server update required.
(This update sends a confirmation to the EBI server that the transfer of
configuration details and firmware was successful.)

4. Repeat steps 3 and 4 for each standalone reader that you created in EBI.
When the configuration information is transferred to the reader, the
reader is automatically rebooted.
The status of the reader changes to Awaiting confirmation.

5. When the reader has restarted, enable wireless mode on the reader by
presenting a maintenance card to the reader.
The status of the reader changes to Server update required.
(This update sends a confirmation to the EBI server that the transfer of
configuration details and firmware was successful.)

6. Present the maintenance card to the reader to return the reader to

operational mode.
7. Reconnect to the EBI server network.
The confirmation is transferred to the EBI server.
The reader status in the Sync tool changes to Synchronized and the
download alarm is removed from the Alarm Summary.

To transfer card reader details using a PDA

1. Choose Start > Programs > Honeywell IdentIPoint Sync.
The Honeywell IdentIPoint Sync application starts.
The physical readers are discovered. If the readers are not automatically
discovered, click Reader > Discovery.
2. From the Display list, click Assigned .
A list of readers configured in EBI appears.
3. Click the name of the of the reader you are configuring and click Link to .
A list of physical readers the PDA has discovered appears.
4. Click the name of the physical reader you are configuring.
The reader configuration details and firmware are transferred to the
reader.

52
Chapter 3 - Commissioning a standalone reader

The status of this reader changes to Server update required.

(This update sends a confirmation to the EBI server that the transfer of
configuration details and firmware was successful.)
5. Repeat steps 3 and 4 for each standalone reader that you created in EBI.
When the configuration information is transferred to the reader, the
reader is automatically rebooted.
The status of the reader changes to Awaiting confirmation.
6. When the reader has restarted, enable wireless mode on the reader by
presenting a maintenance card to the reader.
The status of the reader changes to Server update required.
(This update sends a confirmation to the EBI server that the transfer of
configuration details and firmware was successful.)
7. Reconnect to the EBI server network.
8. Click Server > Synchronize Now.
The confirmation is transferred to the EBI server. The reader status in the
Sync tool changes to Synchronized and the download alarm is
removed from the Alarm Summary.

53
Chapter 3 - Commissioning a standalone reader

54
CHAPTER

4 REFERENCE INFORMATION

This section contains reference information for door configuration and event
configuration.

Door Definition tab reference

Use the Door Definition tab to define the door properties.

Property Description

Door and Lock Options

Lock type The type of lock on the door that the reader controls. Selecting
a lock type displays the associated lock timing diagram at the
bottom of the tab.

Read credential Reads the credential while transit is in progress.

while door open

Enable Duress PIN If specified, enables duress facility. If a cardholder is made to

open a door under duress, the cardholder can enter their
duress PIN. This causes an alarm to be raised in EBI to alert
the operator to the cardholder's situation.

Unlock the door Unlocks the door when there is a request to exit.
when a REX is
detected

Door is unlocked Select this option if you are using a magnetic lock.
when relay is closed

Allow privileged A cardholder with certain privileges can hold a door open
cardholder to open indefinitely without an OPEN TOO LONG alarm being raised.
door indefinitely

Maintenance Door The operating state of the door when its reader is in
State maintenance mode.

Tuning Parameters These settings apply per reader.

55
Chapter 4 - Reference information

Property Description

Grace period The time allowed for a user before an action is required; for
example, after a user enters a PIN, there is a timeout before the
card is required to be presented to the reader. This setting
applies for all grace periods.

Deferred timeout The time allowed by the reader to get a response from the
server when a card is presented when the certificate store is
full and if the card presented is not in the certificate store.

TIP: The certificate store can hold more than 10000

certificates so it is unlikely this setting will be used.

Connection timeout The initial timeout used when a reader attempts to connect to
the server. If the reader cannot connect to the server, the
timeout for subsequent connection attempts is increased
using the following algorithm:

l Connection attempt 1, 2, or 3: time between connection attempts =

connection timeout
l Connection attempt 4, 5, or 6: time between connection attempts =
connection timeout * 2.
l Connection attempt 7, 8, or 9: time between connection attempts =
connection timeout * 6.
l Connection attempt 10 or more: time between connection
attempts = connection timeout * 12.
Keepalive timeout The reader constantly sends messages to the server to tell the
server it is still there. The keepalive timeout defines the time
between each message (assuming no other events are being
sent).

TIP: Keepalives are sent only when no other messages

are sent.

Enrollment retries For each enrollment request from the server to a reader, the
user can attempt to enroll again if they press # when
prompted; for example, if a fingerprint read is bad or an invalid
PIN is entered. This setting controls the number of times
enrollment can be retried.

56
Chapter 4 - Reference information

Property Description

Enrollment timeout The period of time in which a card must be enrolled

successfully before being timed out.

Fail limit When a reader cannot communicate with the server, the reader
increments an internal count up to the specified fail limit; the
reader then gives up on the existing session and tries to
connect.

The fail limit is determined by using the following counts:

l For a successful keepalive message, the count is decremented by

4 down to a minimum of 0.
l For all other successful messages, the count is decremented by 1
down to a minimum of 0.
l For all errors, the count is incremented by 2 up to the fail limit.
Enable APB Enables auto-forgive for anti-passback violations for the card
violation forgive (or cards) last presented as long as no other cards have been
swipe presented at the same reader.

TIP: The card anti-passback setting is written to the card

when access is granted. If the door is not opened (or the
user does not go through the door), the zone
information on their card will be incorrect. If they
present their card again, the reader will respond
DENIED – Antipassback. The Enable APB violation
forgive swipe option handles this scenario. Because the
card being denied was the last card presented, it will be
“forgiven.” If a different card was presented after the
first access was granted, the second presentation of the
card that did not go through the door will fail.
If a no-lone zone is in use, when the occupancy count is
0, two cards must be presented to enter the zone. If they
are granted access and do not go through the door and
this setting is enabled, both cards will be forgiven. The
order in which the cards are presented does not matter
as long as they were the last ones shown. If the no-lone
zone requires a minimum of three cards, all three would
be forgiven, and so on.

57
Chapter 4 - Reference information

Property Description

Scheduled Door Functionality

Auto-unlock The period of time in which the door is unlocked. Cardholders

Enabled do not need to present any credentials to gain access.

Finger Print The period of time in which cardholders are required to scan
Enabled their finger to gain access.

PIN Enable The period of time in which cardholders are required to enter a
PIN to gain access.

REX Enabled The period of time during which cardholders are required to
press the REX button to exit. Applicable only if the reader is
connected to a REX switch.

Event Timing

Door Lock Timeout The standard and extended times after which the door is re-
locked after a valid access/exit. If the door is not opened within
this time, the door is locked and the cardholder must present
their card again. If the Long Access option is enabled for the
card being read, the extended time is used; otherwise the
standard time is used.

Door Open Timeout The standard and long access times the door can remain open
after a valid access/exit before an OPEN TOO LONG alarm is
generated.

If the Long Access option for the card being read is enabled,
the extended time is used; otherwise the standard time is used.

Door Pre-alert The period of time the door may be open before the readers
Timeout on alert will sound to warn users they will generate an OPEN
TOO LONG alarm if the door is not reclosed.

Dead Bolt Timeout The period of time the door will remain open until it is locked.

Magnetic Lock The period of time the door will remain open until it is locked.
Timeout

Maintenance The period of time the reader stays idle in maintenance mode
Timeout before returning automatically to access control. The default
duration is two minutes. Maintenance timeout is reader-
specific.

58
Chapter 4 - Reference information

Event Configuration tab reference

Use the Event Configuration tab to define the event properties.

Property Description

Event name The name of the event you selected from the list of events.

Point The IO address generating the event.

address

Priority The priority of notification you want raised when this event occurs.

Sub priority The sub-priority of the notification you want raised when this event
occurs.

Event types

Event type Description

Granted Access granted.

Granted – Duress PIN Access granted to the card after the duress PIN entering the
duress PIN.

Granted – Soft Anti- Access granted to the card with a soft anti-passback
Passback Violation . violation.

Granted – Anti- Access granted to the card because of an anti-passback

Passback Exempt exemption.

Denied – Invalid PIN Access denied due to an incorrect PIN being entered.

Denied – Invalid Access denied because the fingerprint was not validated with
Fingerprint the fingerprint stored on the card.

Denied – Certificate Access denied because the card's certificate period has
Too Old exceeded the configured certificate renewal duration.

Denied – Card Access denied because the card is disabled.

Disabled

Denied – Card Not Access denied due to the card's commencement date has
Commenced not yet occurred.

59
Chapter 4 - Reference information

Event type Description

Denied – Card Access denied because the card has expired.

Expired

Denied – Invalid Access denied because the card does not have access to this
Reader reader.

Denied – Invalid Access denied because the card does not have access to this
Threat Level reader at the currently active threat level.

Denied – Invalid Time Access denied because the card does not have access to the
Period reader during this time period.

Denied – Anti- Access denied due to a hard anti-passback violation.

Passback Violation

Denied – Escort Access denied because the card requires escort.

Required

Denied – Card Access denied because a card was not presented within the
Timeout allowed time after entering a PIN or fingerprint.

Denied – PIN Access denied because a PIN was only partially entered.
Timeout

Denied – Fingerprint Access denied because a PIN was possibly entered, but no
Timeout fingerprint was presented as required.

Denied – Card Read Access denied because the card could not be read.
Error

Denied – Card Write Access denied because the card could not be written.
Error

No Transition The cardholder did not proceed through the door after
access was granted.

Trigger assignment tab reference

Use the Trigger Assignment tab to specify the event triggers that are assigned
to the current template.

60
Chapter 4 - Reference information

Property Description

Assigned Event triggers currently assigned to the template.

triggers

Available Event triggers available to be assigned.

triggers

Assign Moves the selected event trigger from the Available Triggers list to the
Assigned Triggers list.

Unassign Moves the selected event trigger from the Assigned Triggers list to the
Available Triggers list.

IO Configuration tab reference

Property Description

Door I/O Assignment

Door Sensor The door sensor input.

Door Relay The output connected to the door relay.

Dual Reader Configuration

Interlock Input The input used to connect the reader to the IOM. This is
applicable if you have a single door with two readers, one
reader for entry and one reader for exit. The interlock input
and output is required to establish communication between
the two readers to avoid alarm conditions when the door
opens.

TIP: The preferred way to create a dual door is using a

Master/Slave door via the network. This property has
only been left for legacy systems.

Interlock Output The output used to connect the reader to the IOM. This is
applicable if you have a single door with two readers, one
reader for entry and one reader for exit. The interlock input
and output is required to establish communication between
the two readers to avoid alarm conditions when the door
opens.

61
Chapter 4 - Reference information

Property Description

IO Configuration

The IO configuration table displays the IO points and point values. For enhanced
readability, aliases are provided for points and point values. The system uses these
aliases when generating event descriptions.

Normally Open Select this option to indicate that the IO address currently
selected is normally open. If this option is not selected, the IO
address is normally closed.

2-State input Select this option to indicate that the IO address in the table is
2-state input. (Configuring a digital input as 2-state has no
effect.)

If a 4-state input is configured as a 2-state, open and cut is

interpreted as open; and close and short is interpreted as
close.

Zone shunting Select this option to inhibit the raising of alarms in a security
zone when the zone is not armed; for example, inhibiting
alarms from a motion detector in a busy warehouse during
regular business hours.

REX Switch Select this option to indicate that the selected input is a REX.
Multiple inputs can be configured as REX.

Timing diagrams for lock types

This topic shows the behavior of the lock types supported by IdentIPoint
readers.

Door strike lock type

The following diagram shows the behavior of the lock for a valid access
granted event for a door strike lock type.

62
Chapter 4 - Reference information

After valid access is granted, the digital output for the lock drives the lock to
open and drives the lock to closed just after the door sense shows that the
door has been opened. If the door is not opened the lock remains open for the
amount of time configured in the door lock timeout setting for the door.

Magnetic lock type

The following diagram shows the behavior of the lock for a valid access
granted event for a magnetic lock type.

63
Chapter 4 - Reference information

After access is granted, the digital output drives the lock to open. The lock is
driven to closed two seconds after the door is physically opened. If the door is
not opened, the lock remains open for the amount of time configured in the
door lock timeout setting for the door.

Drop bolt lock type

The following diagram shows the behavior for the lock for a valid access
granted event for a drop bolt lock type.

64
Chapter 4 - Reference information

After access is granted, the digital output drives the lock to open. The digital
output drives the lock to closed two seconds after the door sense shows the
door is closed.

IdentIPoint point parameters

This topic lists the parameters associated with the IdentIPoint card readers.
This information is useful to know when you are creating custom display or
creating scripts.

Controller parameters
EBI Parameter Name Description Possible values

Name Reader name.

Description Reader description.

Area Location tag name of the reader.

IPAddress IP address of the reader.

SerialNumber Serial number of the reader.

65
Chapter 4 - Reference information

EBI Parameter Name Description Possible values

Status Status of the reader. 0 = OK

1 = Marginal
2 = Failed
3 = Disabled

FirmwareVersion Displays the current Firmware

version of the reader.

NoOfEIOsModules Indicates the total number of IO

Modules present.

ReaderType Indicates the associated Reader

Type.

CredentialType Indicates the associated

credential type for a Reader.

AlarmInstructionDisplay Displays the associated alarm

instruction display page.

AlarmStatus Displays the current Alarm Status. 0 - Undefined

ControlConfirmRequired Indicates whether control 0 = Not required

confirmation is required. 1 = Required

Reader parameters

EBI Parameter Name Description Possible values

DoorState The current status of the door 0 = Short

sensor. 1 = Closed
2 = Open
3 = Cut

AccessEventsShuntState Allows the user to change this in 0 = Normal

Shunt State. 1 = Shunt

LockState Allows the user to Lock and 0 = Unlocked

Unlock the door. 1 = Locked

OperationalState Allows the user to change the 0 = Running

66
Chapter 4 - Reference information

EBI Parameter Name Description Possible values

operational state of reader. 1 = Maintenance

CommandMode Allows the user to change the 0 = Auto

command mode. 1 = Manual

REXState Displays the current REX state. 0 = Short

1 = Closed
2 = Open
3 = Cut

LastAccessDate Displays the Last Access date for a

particular reader.

LastAccessTime Displays the Last Access time for a

particular reader.

LastAccessReason Displays the Last Access reason

for a particular reader.

LastAccessCardNo Displays the Last Access card

number for a particular reader.

MACAddress Displays the MAC address of the

reader.

SerialNumber Displays the Serial Number of the

Reader.

IPAddress Displays the IP address of the

Reader.

PointDetailDisplay Shows the name of the display EBI Specific -

associated with the point, as String
defined at configuration level.

AssociatedDisplay Shows the name of the display EBI Specific -

associated with the object, as String
defined at configuration level.

AlarmInstructionDisplay Displays the instructions display EBI Specific -

name which is used to manage the String
object's related alarms.

67
Chapter 4 - Reference information

EBI Parameter Name Description Possible values

LCDDisplayPresent Displays the presence of LCD 0 = Disabled

Screen. 1 = Enabled

FPModulePresent Displays the presence of FP 0 = Disabled

Module. 1 = Enabled

KeypadPresent Displays the presence of Keypad. 0 = Disabled

1 = Enabled

BarometerValue Indicates the current state of the 0 - 1000

controller.

MarginalLimit Indicates the current state of the 0-1000

controller as Marginal.

FailedLimit Indicates the current state of the 0-1000

controller as Failed.

IsServiceEnabled Indicates if the Service is enabled

or not

TotalNoOfMessages Displays all the request messages

that have been sent to the
controller

TotalErrorMessages Displays all the error messages

that have been sent to the
controller

PercentageError Displays the Number of errors for

the total number of requests sent
to the controller

SAI0_State Displays the state of SAI - 0 0 = Short

1 = Closed
2 = Open
3 = Cut

SAI1_State Displays the state of SAI - 1 0 = Short

1 = Closed
2 = Open
3 = Cut

68
Chapter 4 - Reference information

EBI Parameter Name Description Possible values

SAI2_State Displays the state of SAI - 2 0 = Short

1 = Closed
2 = Open
3 = Cut

IOM1_State Displays the online / Offline status 0 = Offline

of IOM - 1 1 = Online

IOM2_State Displays the online / Offline status 0 = Offline

of IOM - 2 1 = Online

IOM4_State Displays the online / Offline status 0 = Offline

of IOM - 4 1 = Online

IOM4_State Displays the online / Offline status 0 = Offline

of IOM - 4 1 = Online

DO0_State Allows to command the state of 0 = High

Digital Output, DO - 0 1 = Low

Relay0_State Allows to command the state of 0 = High

Relay 1 = Low

Extended I/O Module 1 parameters

EBI Parameter Possible
Description
Name values

IOM1_DI0_State Displays the status of the IOM - 1 Digital Input, DI 0 = High

-0 1 = Low

IOM1_DI1_State Displays the status of the IOM - 1 Digital Input, DI 0 = High

-1 1 = Low

IOM1_DO0_State Allows to command the state of IOM - 1 Digital 0 = High

Output, DO - 0 1 = Low

IOM1_DO1_State Allows to command the state of IOM - 1 Digital 0 = High

Output, DO - 1 1 = Low

69
Chapter 4 - Reference information

EBI Parameter Possible

Description
Name values

IOM1_SAI0_State Displays the state of IOM - 1 Supervised Analog 0 = Short

Input, SAI - 0 1 = Closed
2 = Open
3 = Cut

IOM1_SAI1_State Displays the state of IOM - 1 Supervised Analog 0 = Short

Input, SAI - 1 1 = Closed
2 = Open
3 = Cut

IOM1_SAI2_State Displays the state of IOM - 1 Supervised Analog 0 = Short

Input, SAI - 2 1 = Closed
2 = Open
3 = Cut

IOM1_SAI3_State Displays the state of IOM - 1 Supervised Analog 0 = Short

Input, SAI - 3 1 = Closed
2 = Open
3 = Cut

IOM1_Relay0_State Allows to command the state of IOM - 1 Relay - 0 0 = High

1 = Low

IOM1_Relay1_State Allows to command the state of IOM - 1 Relay - 1 0 = High

1 = Low

Extended I/O Module 2 parameters

EBI Parameter Possible
Description
Name values

IOM2_DI0_ Displays the status of the IOM - 2 Digital Input, DI - 0 0 = High

State 1 = Low

IOM2_DI1_ Displays the status of the IOM - 2 Digital Input, DI - 1 0 = High

State 1 = Low

IOM2_DO0_ Allows to command the state of IOM - 2 Digital Output, 0 = High

State DO - 0 1 = Low

70
Chapter 4 - Reference information

EBI Parameter Possible

Description
Name values

IOM2_DO1_ Allows to command the state of IOM - 2 Digital Output, 0 = High

State DO - 1 1 = Low

IOM2_SAI0_ Displays the state of IOM - 2 Supervised Analog Input, 0 = Short

State SAI - 0 1=
Closed
2 = Open
3 = Cut

IOM2_SAI1_ IOM2_SAI1_State Displays the state of IOM - 2 0 = Short

State Supervised Analog Input, SAI - 1 1=
Closed
2 = Open
3 = Cut

IOM2_SAI2_ IOM2_SAI2_State Displays the state of IOM - 2 0 = Short

State Supervised Analog Input, SAI - 2 1=
Closed
2 = Open
3 = Cut

IOM2_SAI3_ Displays the state of IOM - 2 Supervised Analog Input, 0 = Short

State SAI - 3 1=
Closed
2 = Open
3 = Cut

IOM2_Relay0_ Allows to command the state of IOM - 2 Relay - 0 0 = High

State 1 = Low

IOM2_Relay1_ Allows to command the state of IOM - 2 Relay - 1 0 = High

State 1 = Low

71
Chapter 4 - Reference information

Extended I/O Module 3 parameters

EBI Parameter Possible
Description
Name values

IOM3_DI0_ Displays the status of the IOM - 3 Digital Input, DI - 0 0 = High

State 1 = Low

IOM3_DI1_ Displays the status of the IOM - 3 Digital Input, DI - 1 0 = High

State 1 = Low

IOM3_DO0_ Allows to command the state of IOM - 3 Digital Output, 0 = High

State DO - 0 1 = Low

IOM3_DO1_ Allows to command the state of IOM - 3 Digital Output, 0 = High

State DO - 1 1 = Low

IOM3_SAI0_ Displays the state of IOM - 3 Supervised Analog Input, 0 = Short

State SAI - 0 1=
Closed
2 = Open
3 = Cut

IOM3_SAI1_ IOM2_SAI1_State Displays the state of IOM - 3 0 = Short

State Supervised Analog Input, SAI - 1 1=
Closed
2 = Open
3 = Cut

IOM3_SAI2_ IOM2_SAI2_State Displays the state of IOM - 3 0 = Short

State Supervised Analog Input, SAI - 2 1=
Closed
2 = Open
3 = Cut

IOM3_SAI3_ Displays the state of IOM - 3 Supervised Analog Input, 0 = Short

State SAI - 3 1=
Closed
2 = Open
3 = Cut

IOM3_Relay0_ Allows to command the state of IOM - 3 Relay - 0 0 = High

State 1 = Low

72
Chapter 4 - Reference information

EBI Parameter Possible

Description
Name values

IOM3_Relay1_ Allows to command the state of IOM - 3 Relay - 1 0 = High

State 1 = Low

Extended I/O Module 4 parameters

EBI Parameter Possible
Description
Name values

IOM4_DI0_ Displays the status of the IOM - 4 Digital Input, DI - 0 0 = High

State 1 = Low

IOM4_DI1_ Displays the status of the IOM - 4 Digital Input, DI - 1 0 = High

State 1 = Low

IOM4_DO0_ Allows to command the state of IOM - 4 Digital Output, 0 = High

State DO - 0 1 = Low

IOM4_DO1_ Allows to command the state of IOM - 4 Digital Output, 0 = High

State DO - 1 1 = Low

IOM4_SAI0_ Displays the state of IOM - 4 Supervised Analog Input, 0 = Short

State SAI - 0 1=
Closed
2 = Open
3 = Cut

IOM4_SAI1_ IOM2_SAI1_State Displays the state of IOM - 4 0 = Short

State Supervised Analog Input, SAI - 1 1=
Closed
2 = Open
3 = Cut

IOM4_SAI2_ IOM2_SAI2_State Displays the state of IOM - 4 0 = Short

State Supervised Analog Input, SAI - 2 1=
Closed
2 = Open
3 = Cut

73
Chapter 4 - Reference information

EBI Parameter Possible

Description
Name values

IOM4_SAI3_ Displays the state of IOM - 4 Supervised Analog Input, 0 = Short

State SAI - 3 1=
Closed
2 = Open
3 = Cut

IOM4_Relay0_ Allows to command the state of IOM - 4 Relay - 0 0 = High

State 1 = Low

IOM4_Relay1_ Allows to command the state of IOM - 4 Relay - 1 0 = High

State 1 = Low

74
CHAPTER

5 CONFIGURING ACCESS CONTROL

FOR IDENTIPOINT READERS
After you have successfully commissioned the card readers, there are other
configuration tasks that need to be completed before you can begin to enroll
cardholders.
In addition, this chapter describes how to send a door command from Station;
see Sending a door command from Station.

Task Go to: Done?

Configure PIN and "Configuring PIN and fingerprint settings"

fingerprint settings below

Configure PIN duress "Configuring a PIN duress scheme" on the next

scheme page

Configure access levels "Checklist for configuring access levels" on

page 77

Configure the "Configuring the cardholder database for

cardholder database IdentIPoint controllers" on page 82

Configure cardholder "Configuring cardholder preferences for

preferences IdentIPoint controllers" on page 85

Create cardholder "Defining a cardholder template" on page 89

templates

Create a cardholder "Defining a cardholder management profile" on

management profile page 89

Configuring PIN and fingerprint settings

If your card readers have a keypad or finger pad, you can configure settings
that determine how many times a cardholder can attempt to gain access if
they enter the wrong PIN, or if the finger scan is not successful on the first
attempt.

75
Chapter 5 - Configuring access control for IdentIPoint readers

To configure PIN and fingerprint settings

1. In the Station command zone, type the name of the reader point and
press F12.
The reader point detail display opens.
2. At the bottom of the display, click the Door, Reader & Alarm Configuration
link.
3. Click the Door Definition tab.
4. Under Tuning Parameters type the appropriate values:
l Grace period: The maximum time allowed for the cardholder to
enter the PIN or present their finger to the reader.
l Enrollment timeout: The maximum time allowed for the user to

enroll the card, enter a PIN, or enroll their finger.

5. Click Save .

Configuring a PIN duress scheme

You must configure a PIN duress scheme to use for the readers in the
system.

To configure a PIN duress scheme

1. In Station, choose Configure > Access Control > IdentIPoint >
Security/System Parameters.
2. From the Duress Scheme list box, select a duress scheme to apply to the
readers.

About PIN duress schemes

The table below describes the duress schemes available and their
characteristics.

Duress
Description
scheme

PCSC Increment the first and second digits by one. For example, if the
regular PIN is 3219, the duress pin would be 4319. Invalid PINs
include 0000, 0911, and 9811.

SE The first digit of the PIN is moved to the end. For example, if the
regular PIN is 12345, the duress PIN would be 23451. Invalid PINs
include 00000, 22222, and so on.

76
Chapter 5 - Configuring access control for IdentIPoint readers

Duress
Description
scheme

TEMA If the last digit is an even number, enter the next highest odd number.
For example, if the regular PIN is 6666, the duress code would be
6667.If the last digit is an odd number, enter the next lowest even
number. For example if the regular PIN is 9999, the duress code
would be 9998.

IdentIPoint Reverse the PIN. For example, if the regular PIN is 1234, the duress
code would be 4321. Invalid PINs include any symetrical PINs. For
example, 0000, 1221, and so on.

Checklist for configuring access levels

Table 5-1: Checklist for configuring access levels

Task Go to: Done?

Configure zone parameters "Configuring zone parameters" below

Configure threat levels "Configuring threat level" on the next page

Configure access levels "Configuring access levels" on page 79

Configure holiday definition "Configuring holiday definition" on page 80

Configuring zone parameters

To configure zone parameters

1. In Station choose Configure > Access Control > Zones.
2. Click the zone you want to configure.
3. Click the Zone Parameters tab.
The Zone Parameters display opens.
4. Select the appropriate severity settings from the Severity list.
l None : Anti-passback is not configured for the zone. This is the default

option.

77
Chapter 5 - Configuring access control for IdentIPoint readers

l Soft: If there is an anti-passback violation, this option allows the

cardholder to enter or exit a zone and the violation is reported to the
EBI server.
l Hard : If there is an anti-passback violation, this option restricts

cardholders from entering or exiting a zone and the violation is

reported to the EBI server.
5. In the Type list, click the appropriate anti-passback type.
l Single Zone anti-passback : access to the zone is denied when the

cardholder is already present in the zone.

l Multi zone anti-passback : access to the zone is denied is not in a zone

that provides direct entry to the zone.

6. Select the time period at which the anti passback violation is forgiven from
the Auto forgive passback violation during time period list.
7. In the Anti-Passback enabled list, click the time period during which anti-
passback is enabled.
8. From the Escort Required list, select the time period during which
cardholder escort requirements should be enforced.
This will apply only to cardholders whose cards have been configured
using the Escort Required option.
9. If zone occupancy must be monitored and/or controlled, type a Minimum
and/or Maximum occupancy.
The Minimum and Maximum occupancy boxes appear only if IdentIPoint
Advanced Security Options is licensed.

TIP: The system checks the zone occupancy for compliance with
the specified settings; non-compliance causes an alarm to be
raised. Typing a non-zero value in the Minimum box or Maximum
box causes the Zone Count box to appear on the point detail
display for the master reader assigned to the zone.

10. Click Save.

Configuring threat level

There may be times when incidents occur and you need to change the lock
states of all doors and change the authentication process that cardholders
use to proceed through the doors on the site. This can be done using threat
levels.

78
Chapter 5 - Configuring access control for IdentIPoint readers

To configure threat level

1. In Station choose Configure > Access Control > Site Threat Level.
The Site Threat Level display opens showing the available threat levels.
2. In the Current Threat level list, click a threat level.
The Threat Level Definition displays the Name and Description of the
threat level.
3. Under System Behavior , in the Change state of all doors to list, click the
appropriate door state that is used when this threat level is activated.
l No Change : The state of the doors does not change, that is, if a door is

lock, it remains locked.

l Locked : All the door states are set to lock mode.

4. In the Change authentication level of readers to list, click the appropriate

authentication level that is used when this threat level is activated.
l Card only : Doors are configured to consider only the card to be

presented for authentication.

l Card+PIN only : Doors are configured to consider card and PIN to be

presented for authentication.

l Card+Finger print only: Doors are configured to consider card and
fingerprint to be presented for authentication.
l Card+PIN+Finger print only : Doors are configured to consider card,

PIN, and fingerprint to be presented for authentication.

5. Click Save to save the defined threat level configuration.
6. Repeat steps 2 to 5 for all threat levels.

Configuring access levels

To configure access level definitions

1. In Station choose Configure > Access Control > Access Levels.
The Access Levels display opens.
2. Click a new row under Access Level to create a new access level.
3. To modify an existing one, click the access level that you want to modify.
4. Type a Name and Description for the access level.
5. In the Location box, browse and select the location to which the access
level belongs.
6. In the first row of the Zone/Time Period/Threat Level list, choose a zone
and associate a time period and threat level.

79
Chapter 5 - Configuring access control for IdentIPoint readers

Cardholders assigned this access level will have access to this zone
during this time period whenever the system threat level is set to this
threat level, or a lower threat level. If you want to add other zone/time
period/threat level combinations, repeat step 5.
7. Click Save to save the configuration.

Configuring holiday definition

To configure holiday definitions

1. In Station choose Configure > Schedules > Holidays.
2. Click the Holidays tab.
3. Select the appropriate calendar from the Select calendars that derive
Holidays for this Server list.
4. Click Download to download the holiday configuration.

Configuring dual door readers

You can configure readers in a dual door configuration to monitor and control
occupancy in a security zone.
Use the Manage Readers page to configure dual door readers. Dual door
readers are defined in the system as peers in a master/slave relationship.

Prerequisites
The readers to be configured as dual door readers have been added to the
system.

ATTENTION: Dual door readers can be configured only if IdentIPoint

Advanced Security Options is licensed.

ATTENTION: For dual door readers, the entry zone specified for the
first reader must be identical to the exit zone specified for the second
reader and vice versa. In order for the occupancy count for the zone to
be accurate, zone enforcement and hard anti-passback must be
enabled.

80
Chapter 5 - Configuring access control for IdentIPoint readers

To configure dual door readers

1. Log on to Station with a security level of MNGR.
2. Choose Configure > Access Control > IdentIPoint > Manage Readers.
3. Click Discover .
4. In the list of readers, select two readers to be dual door readers.
5. Click Build Points.
A prompt asks if you want to build a master/slave pair.
6. Click Yes.
A prompt asks if you want to use the suggested reader as master.
7. Click Yes to use the suggested reader as master, or click No to use the
other reader as master.
8. The Peer column shows the readers are now peers. The Master column
identifies the master reader (TRUE) and the slave reader (FALSE).
9. Click Save .

About dual door readers

When configuring entrances and exits for secure zones where occupancy
must be strictly monitored and controlled—for example, in no-lone zones—dual
door readers must be used.

ATTENTION: Dual door readers are only applicable for connected

readers. To ensure the accuracy of the zone occupancy count, hard
anti-pass back should be enabled.

The dual door readers are configured on opposite sides of the same door in a
“master/slave” arrangement. The entry zone for the master reader must be
the same as the slave reader’s exit zone, and vice versa. The master reader
controls access to the security zone.
Neither reader can be paired with another reader in the system.

NOTE: If a cardholder tries to access the door of a security zone while

the IP network connection is lost between the readers, the reader
detects the network failure and rejects card access within the configured
time limit.

81
Chapter 5 - Configuring access control for IdentIPoint readers

Configuring the cardholder database for

IdentIPoint controllers
You can configure the cardholder database to suit your requirements. For
example, you can:

n Change field labels so that they reflect your terminology. For example,
you could change the label of the LastName field from 'Last Name' to
'Family Name'.
n Define new fields to store specialized data (if the predefined user fields do
not meet your requirements).

Configuring fields
You can configure fields so that they meet your requirements. For example,
you could change the label of the LastName field from 'Last Name' to 'Family
Name'.

NOTE: If you have a redundant or DSA system, you must perform this
task on the primary/publishing server—that is, the primary server of a
redundant server pair—and the publishing server in a Cardholder DSA
system.

Prerequisites
You have backed up your database. See 'Backing up EBI Server data using
fullbkup' in the Backup and Restore Guide.

To configure fields
1. If you have redundant or DSA servers, on the primary/publishing server:
a. Open a Command Prompt window.
b. Type stoprepl all uninstall and press ENTER.
c. Close the Command Prompt window.
d. If the command is successful, you will receive feedback that all
replication has been stopped.
2. Log on to Station with a security level of MNGR and choose Configure >
Cardholder Management > Cardholder Database to call up the
Cardholder Database display.
3. Click the tab of the cardholder type you want to view and configure.
4. If you only want to view the vehicle fields, for example, click the Vehicle
tab.

82
Chapter 5 - Configuring access control for IdentIPoint readers

5. Click the field you want to modify.

The field's properties appear below in the Selected Field definition section.

6. Change the properties listed in the following table, as appropriate.

Note that the properties you can change vary from field to field.
7. For many system fields (inbuilt fields which have predefined uses), you
can only change the Label property.
8. Repeat steps 4 and 5 for other fields you want to configure.
9. If you have redundant servers, resynchronize them.
10. If you have a DSA system, resynchronize with the other servers.

Cardholder database field properties

Property Description

Searchable If selected, the field is included in the Advanced Search display. Note
that if the number of fields enabled for searching is large, the time
that searches take to complete can increase. Do not set unnecessary
fields to be searchable.

Required If selected, the field is mandatory, that is, it must be filled in when
adding a cardholder. In displays, mandatory fields are marked with an
asterisk (*).

Tool tip The tool tip can only be set to one field. The contents of the specified
field are displayed as a tool tip when the mouse pointer hovers over
the cardholders in the search results listed in the Navigation pane.

Visible If selected, the field is displayed.

Label The label that appears next to the field in displays.

Data Type The type of data that is stored in the field.

CAUTION: Do not change the data type because it may have

unpredictable affects on your system. If the data type is not
suited to your needs, define a new field with the required data
type.

Default The default value given to the field when adding a cardholder. Note
Value that, in general, you use cardholder templates to define default values.

83
Chapter 5 - Configuring access control for IdentIPoint readers

Defining a new field

You can define new fields to store specialized information.

NOTE: You only need to create a new field if the predefined user fields,
for example U1 to U50, do not meet your requirements.

The number of user fields is limited depending on whether you are using
redundancy or DSA. The maximum number of user fields if you are using
redundancy is 253. The maximum number of user fields if you are using DSA
is 244.

Prerequisites
You have backed up your database. See 'Backing up EBI Server data using
fullbkup' in the Backup and Restore Guide.

To define a new field

1. If you have redundant or DSA servers, on the primary/publishing server:
a. Open a Command Prompt window.
b. Type stoprepl all uninstall and press ENTER.
c. Close the Command Prompt window.
If the command is successful, you will receive feedback that all
replication has been stopped.
2. Log on to Station with a security level of MNGR.
3. Choose Configure > Cardholder Management > Cardholder Database to
call up the Cardholder Database display.
4. Click the tab of the cardholder type you want to view and configure.
If you only want to view the vehicle fields, for example, click the Vehicle
tab.
5. Click Add New Field to define a new field in the database.
6. In the Selected Field definition section, define the field's properties, as
appropriate (described in the following table).
7. If you have redundant servers, resynchronize them.
8. If you have a DSA system, resynchronize with the other servers.

84
Chapter 5 - Configuring access control for IdentIPoint readers

New cardholder database field properties

Property Description

Required If selected, the field is mandatory, that is, it must be filled in when
adding a cardholder. In displays, mandatory fields are marked with an
asterisk (*).

Visible If selected, the field is displayed.

Label The label that appears next to the field in displays.

Data Type The type of data that is stored in the field:

l boolean
l datetime
l list (If you select this, you must define each value in the list and then click
Add .)
l number
l text
l decimal
Default The default value given to the field when adding a cardholder. Note
Value that you can also use cardholder templates to define default values.

Configuring cardholder preferences for

IdentIPoint controllers
You should configure the cardholder preferences so that they are optimized
for your needs, in particular to make it easier for operators to manage
cardholders.

85
Chapter 5 - Configuring access control for IdentIPoint readers

If your CMS is spread across several servers (sites), you must configure the
preferences on each server. If appropriate, you can set different preferences
on each server. For example, if each site uses a different card technology, you
would specify the appropriate card type for each site.

To configure cardholder preferences

1. Log on to Station with a security level of MNGR.
2. Choose Configure > Cardholder Management > Cardholder Preferences
to call up the Cardholder Preferences display.
3. Configure the properties as appropriate.

Cardholder preferences properties

Property Description

Cardholder Shows the server (site) to which these preferences apply.

Preferences for
Site

Default Employee The default expiry period or date for new employee cardholders.
expiry setting You can specify the date as either an offset from the date when
the cardholder or card is added (for example, 10 years), or as a
fixed date.

Default External The default expiry period or date for External Personnel
Personnel expiry cardholders.
setting

Default Vehicle The default expiry period or date for Vehicle cardholders.
expiry setting

Default Card The default expiry period or date for new cards.
expiry setting

Show names by Specifies the default order in which names are listed in displays.

Limit results Specifies the maximum number of results that are returned
returned by from a search. The default is 1000.
searches to
Increasing the search results limit can lead to degraded system
performance in situations when more than 1000
cardholders/cards returned in the search results are selected.

Resize cardholder If cleared, the cardholder images are cropped to the size of the

86
Chapter 5 - Configuring access control for IdentIPoint readers

Property Description

images to show image window. For example, if an image is wider than the image
the entire image window, the sides of the image that exceed the image window
with no cropping are not visible. The image on a printed card is also cropped. If
selected, the cardholder images are resized to fit within the
image window. The image on a printed card is also resized. The
following displays contain an image window:

l Cardholder detail display

l Image capture display
l Image capture settings display
l Card print preview
l Event Summary detail pane
l Faceplate of an access point detail display
Display the details This property controls whether the details of a newly-added
of each new Card entity (that is, cardholders, templates, unissued cards or external
or Cardholder companies) are shown immediately after the entity is added to
immediately after the system (if the property is True), or if the Add page is shown
they are added again after adding a new entity to the system (if the property is
False, allowing faster adding of multiple entities).If details are
being shown, and a range of unissued cards is assigned in one
go, then the details for all the new multi-selected cards will be
shown.

Remove If selected, deleting a cardholder deletes the cardholder's record

Cardholder from from the database. If cleared, deleting a cardholder marks the
database on cardholder as 'deleted', but retains the cardholder's record in
delete the database.

Automatically If selected, a wildcard character is automatically added to the

append wildcard search string. For example, if the operator types smi as a search
characters to string, cardholders Smith and Smithers would be returned in the
search search results.

Limit number of The maximum number of active cards that can be assigned to a
active cards per cardholder.
cardholder to

Auto Card Commencement and Expiry

Enable auto card If selected, the cardholder's card(s) automatically commence

87
Chapter 5 - Configuring access control for IdentIPoint readers

Property Description

commencement and expire.

and expiry

Validation interval The interval at which the system checks for cards and
cardholders that are about to commence or expire.

Warning time The number of days before a card is due to expire that the card
expiry warning is displayed. For example, if this is set to 1, then
the card expiry warning appears on the card one day before the
card is due to expire.

Cards will expire if If selected, a card will automatically expire if it has not been
not used for used for the specified number of days.

PIN Configuration

Number of PIN The number of digits in the card's PIN (either 4, 5 or 6 digits). All
digits access controllers support a 4 digit PIN code. NexSentry Star II
controllers and IdentIPoint card readers support 6 digit PINs.

If some controllers in your system only support 4 digit PINs, you

can only use 4 digit PINs, even if you also have some Star II
controllers. For example, if you have an SE only site with 5 or 6
digit PINs and want to add a different controller technology (for
example, Temaline), you must change the PIN code length down
to 4 digits.

NOTE: Changing the number of digits in a working system

will change every PIN, by either adding or removing digits.
Increasing the number of digits will add zeros to the
beginning of the PIN. For example, if the current PIN is
'1234', changing to 6 digits will change the PIN to
'001234'. Decreasing the number of digits will remove the
most significant digit(s). For example, if the current PIN is
'123456', changing to 4 digits will change the PIN to
'3456'.

If you have a DSA SE only system, ensure that the PIN code
lengths are consistent across the DSA servers to ensure
cardholders can move between servers with the same card and
PIN code working on each server in the system.

88
Chapter 5 - Configuring access control for IdentIPoint readers

Defining a cardholder template

Cardholder templates speed up the task of adding a cardholder because they
allow you to define default values that are automatically applied each time you
add a cardholder. For example, if your system manages the security for a
large office building, you could create a template for each tenant, which
contained tenant-specific values such as employer details and access levels.

To define a cardholder template

1. Log on to Station as an operator with a cardholder management profile
that allows them to add and modify an Employee Template.
2. Choose Configure > Cardholder Management > Add Templates to call up
the Add Employee Template display.
Alternatively, choose the relevant template type to create a template for
External Personnel, Vehicles or Visitors.
3. In the Name box, type an appropriate name.
4. In the Organization list, click the area to which the cardholders (who will
be added using this template) belong.
5. Click Add to call up the Template Definition display.
6. Define default values for the properties, as appropriate.
7. When you have finished, click Save .

Defining a cardholder management profile

A cardholder management profile defines which tasks a user can perform
when they are assigned the profile.
For example, you could define an 'access control manager' profile that
enables all tasks, and a 'security operator' profile that only enables view
access to cardholder displays.
The Basic, Preregistration and Supervisor operator profiles are read-only
system profiles and cannot be modified.

To define a cardholder management profile

1. Log on to Station with a security level of MNGR.
2. Choose Configure > Cardholder Management > Operator Profiles to call
up the Cardholder Management Operator Profiles display.
3. Click Add to create a new profile.

89
Chapter 5 - Configuring access control for IdentIPoint readers

4. In the Name and Description boxes, type the name and description for the
profile.
5. Click the ellipsis button next to the Organization field to display the
Organization Browser.
6. Select the organization to which the profile belongs and click Apply.
7. In the Card Management Tasks tree, select the tasks that operators with
this profile can perform.
8. Click Save .

Sending a door command from Station

In Station you can select a reader and send it a door control command.
If two readers are in control of a door, the second reader will reflect that the
door is being controlled by the first reader.

Sending a door command from Station

1. Navigate to the General tab on the reader's point detail display.
2. From the Lock type list, select a command:
l Locked - Emergency. Causes the door to remain locked until it is taken

out of this state.

l Unlocked - Emergency . Causes the door to remain unlocked until it is

taken out of this state.

l Unlocked - Single Transit . Causes the door to remain unlocked until an

access/exit occurs, or unlocked for a period of time no longer than the

configured door lock timeout.
l Auto . Causes the door to resume normal operation.

90
CHAPTER

6 ADMINISTRATION TASKS FOR

IDENTIPOINT
This section describes administration tasks associated with IdentIPoint
readers and access control.

Changing the admin password

For security reasons, you must change the default admin password. This
password is required when you connect to the readers.

To change the admin password

1. In Station, choose Configure > Access Control > IdentIPoint > Overview.
2. Click Configure Security Keys & System Parameters.
3. In the Password box, type a new password or the admin account.
4. Click Save .

Restoring reader communication keys

Reader communication keys can be restored if deleted.
Reader communication keys are used in communication between EBI and
the reader.

To restore security keys

1. In Station, choose Configure > Access Control> IdentIPoint >
Security/System Parameters.
2. Click Restore Keys.
The reader communication keys are restored from the archive.

Changing the card security key

You can change the card security key if required. The card security key is
used in communication between the EBI server and the card reader.

91
Chapter 6 - Administration tasks for IdentIPoint

NOTE: The card security key is also referred to as the smartcard

“master” key.

ATTENTION: You can change the master key only if IdentIPoint

RapidKey is licensed.

Prerequisites
n Log on to Station with a security level of Mngr.

To change the card security key

1. In Station, choose Configure > Access Control> IdentIPoint >
Security/System Parameters.
2. In the Card Security Key box, type a new sixteen ASCII character or thirty-
two hexadecimal character card security key.
The key can contain digits from A–Z and 0–9.

ATTENTION: If you have DSA servers, the card security key must
be common across all DSA servers on which the same card is
used.

3. Click Save .
4. In the File Download dialog box, click Open and check the card security
key you typed.
5. Save the file to a secure location.

ATTENTION: If the EBI server fails and the card security key is not
known, the cards cannot be used with the system.

Creating a maintenance card

To perform maintenance tasks on the IdentIPoint reader, you need to create a
maintenance card.

To create a maintenance card

1. In Station, call up the cardholder who is responsible for maintenance.
2. Click the Cards tab.

92
Chapter 6 - Administration tasks for IdentIPoint

3. Click Issue Card .

4. Do one of the following:
l If the card has been added to the database, in the Select a pre-

selected card to issue list, click the card you want to assign.
l If the card has not yet been added, type the card's number in the Card

Number box.
5. Click OK to return to the cardholder display.
6. Select the card you have just issued.
7. Under IdentIPoint Reader Details, select the Maintenance Card check
box.
8. Click Save .

Changing the behavior of a reader

After the readers have been commissioned and are operational, you may
need to make adjustments to the behavior of a reader. For example, you may
need to increase the time limit a door can remain open.
If you have used templates to apply to the readers, decide if you want to make
the change to the template, or just to specific readers. Changing and then
saving a template automatically applies those changes to readers that were
configured using the template.

To change the behavior of a reader by editing a

template
1. In Station, choose Configure > Access Control > IdentIPoint > Add/Edit
Reader Templates.
2. Click the template you want to edit.
3. Click the Door Definition tab.
4. Change the door definitions as appropriate.
5. Save the template.

To change the behavior of a specific reader

1. In Station, in the Command zone, type the name of the reader point and
press F12.
2. The point detail display for the reader point opens.
3. Click the Door, Reader & Alarm Configuration link.

93
Chapter 6 - Administration tasks for IdentIPoint

4. Click the Door Definition tab.

5. Change the door definitions as appropriate.

Modifying an access level

To modify an access level
1. Log on to Station with a security level of SUPV (or higher).
2. Choose Configure > Access Control > Access Levels.
The Access Levels display opens.
3. Click the access level you want to modify.
The Access Level Definition display opens.
4. Make the required changes and click Save .

Deleting a zone
Deleting a zone involves first checking that it is not assigned to any access
levels, and then deleting the access points associated with the zone.

To delete a zone
1. Log on to Station with a security level of SUPV (or higher).
2. Choose Configure > Access Control > Access Levels.
The Access Levels display opens.
3. Check that the zone is not assigned to any access level.
If you have many access levels, it may be simpler to configure an Access
Level report to determine if the zone has been assigned any access
levels. Type the zone name in the report's Zone field.
4. If the zone is assigned to an access level, you must modify the access
level so that it no longer uses the zone.
5. Modify the reader points that are defined as entering the zone.

94
Chapter 6 - Administration tasks for IdentIPoint

Deleting an access level

You can only delete an access level if it is not assigned to any cardholders. To
determine if the access level is assigned to cardholders, you can configure a
CMS Advanced Search for cardholders with the access level/right you want
to delete (see the topic "Searching for a cardholder or card" in the Operator's
Guide). You could also configure a Cardholder Details report with the access
level name in the Access Level field (see the topic "Cardholder Details
Report" in the Configuration and Administration Guide).

To delete an access level

1. Log on to Station with a security level of SUPV (or higher).
2. Choose Configure > Access Control > Access Levels.
The Access Levels display opens.
3. Click the access level you want to delete.
The Access Level Definition display opens.
4. Click Delete .
5. If the access level is:
l Assigned to any cardholders, a list of cardholders is displayed. You

must updated the access levels of those cardholders and return to step
2.
l Not assigned to any cardholders, a prompt appears in the Message

Zone. Click Yes to confirm you want to delete the access level.

Deleting a location that has IdentIPoint readers

assigned
Deleting a location involves first reassigning the points to a different location.

To delete a location that has IdentIPoint readers

assigned
1. If a new location is required for the IdentIPoint readers, create it in Quick
Builder and download the location to EBI.
2. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
3. Select the readers that are assigned the location you want to delete.
4. Select Delete Points.

95
Chapter 6 - Administration tasks for IdentIPoint

5. Reassign these points to another location as required.

6. Click Build Points.
7. In Quick Builder, delete the location that was originally assigned to the
readers selected above.

96
CHAPTER

7 MAINTENANCE TASKS FOR

IDENTIPOINT
This section describes maintenance tasks for IdentIPoint readers.

Responding to a tampered reader alarm

In certain circumstances tampered reader alarms raised on an IdentIPoint
reader appear in the Station Alarm Summary. There are two types of
tampered reader alarms, internal and external:

n An external tampered reader alarm can occur when light interferes with
the optical tamper switch. This can happen if the reader is installed on an
uneven surface or if someone has removed the reader from the wall.
n An internal tampered reader alarm can occur if there is physical damage
to the reader, for example the reader is cracked.

To respond to a tampered reader alarm

1. Check the physical reader to ensure it has been installed correctly.
2. If an external tamper alarm has been raised, check whether light is
interfering with the optical tamper switch.
3. Check that the security screw has been tightened correctly.
4. Check whether there is any physical damage to the reader.
5. When you have addressed the issues with the physical reader, return to
Station and acknowledge the alarm in the Alarm Summary.

Recovering a tampered reader

After you have determined the cause of the tamper alarm and resolved the
issue with the physical reader, there are tasks you need to complete in Station
to recover the reader.

To recover a tampered reader

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
2. Select the reader from the list of readers that you are recovering.
3. Click Update Readers.

97
Chapter 7 - Maintenance tasks for IdentIPoint

4. Choose Action > Access Download .

5. Select the reader that you are recovering.
6. Click Download All.

Checklist for replacing a faulty connected reader

This checklist describes the steps required to replace a reader after you have
installed a new physical reader to replace the faulty reader.

TIP: Print or photocopy this checklist so that it is easier to keep track of

where you are in the process.

Prerequisites
A new reader is installed according to the instructions in the IdentIPoint
Intelligent Smartcard Readers Quick Installation Guide.

Table 7-1: Checklist for replacing a faulty connected reader

Task Go to: Done?

Enable wireless mode "Enabling wireless on the card

on the card reader. reader" on page 12

Connect to the reader "Connecting to the reader network"

network. on page 12

If you have an IOM, "Reconfiguring the IOM" on page 12

reconfigure the IOM.

Configure the basic "Configuring the basic settings for a

settings for the replacement connected reader" on
replacement reader. the facing page

Test the reader. "Testing the reader" on page 17

Disable wireless mode "Disabling wireless mode on the card

on the card reader. reader" on page 17

Replace the faulty "Replacing a faulty connected reader

reader in Station in Station" on page 101

98
Chapter 7 - Maintenance tasks for IdentIPoint

Configuring the basic settings for a replacement

connected reader

To configure the basic reader settings for an Ethernet

connected reader
1. In your browser type http://192.168.0.200 .
This IP is the default of the wireless interface. (If the reader is on Ethernet,
use the IP address the reader currently uses to communicate with EBI.)
The Reader Logon Page opens.
2. Type the user name and password.

ATTENTION: The user name is case-sensitive.

The default user name is admin and the default password is

password.
When EBI is installed and operational, you must change this password.
For information on how to change the password, see the topic, 'Changing
the admin password' in the 'Administration tasks for IdentIPoint' section of
this guide.
3. On the reader web page, click Reader Information under Reader Profile
on the left pane. The reader information page is displayed.
4. In the Name box, type a name for the reader.
This name is only a temporary name. The name must be different to the
name of the reader you are replacing so that you can identify the two
readers.
5. In the Description box, type a brief description for the reader.
6. Click Save .
7. Click Ethernet under Basic Configuration on the left pane.
The Ethernet Connection Details page is displayed.
8. Under Connection Mode click the Connected option button.
9. Under Ethernet IP Address Management click the appropriate option:
l If the network has a DHCP server, click Obtain an IP address

automatically.
l If the network does not have a DHCP server, or you want to use a

specific IP address, click Use the following IP address under Ethernet

IP Address Management.

99
Chapter 7 - Maintenance tasks for IdentIPoint

10. If you are using a specific IP address, type the IP address, subnet mask,
default gateway and DNS server.
11. Click Save .

To configure the basic reader settings for a wirelessly

connected reader
1. In your browser type http://192.168.0.200.
This is the default IP address of the reader.
The Reader Logon Page opens.
2. Type the user name and password.
The default user name is admin and the default password is
password. You must change this password.
3. On the reader web page, click Reader Information under Reader Profile
on the left pane.
The reader information page is displayed.
4. In the Name box, type a name for the reader.
This name is only a temporary name. The name must be different to the
name of the reader you are replacing so that you can identify the two
readers.
5. In the Description box, type a brief description for the reader.
6. Click Save .
7. Click Wireless under Basic Configuration on the left pane. The Wireless
Connection Details page is displayed.
8. Under Wireless Module Settings, click On .
You can modify the following options only if the Status is set to On .
9. Under the Wireless IP Address Management option, select the
appropriate option from the following:
l If the network has a DHCP server then click Obtain an IP address

automatically.
l If the network does not have a DHCP server, or you want to use a

specific IP address, click Use the following IP address under Ethernet

IP Address Management.
10. If you are using a specific IP address, type the IP address, subnet mask,
default gateway and DNS server.

100
Chapter 7 - Maintenance tasks for IdentIPoint

11. Under Wireless Module Settings, select the appropriate Mode:

l The Adhoc mode supports Open and WEP authentication.

l The Infrastructure mode supports Open, WEP and WPA

authentication.
12. In the SSID box, type a name to identify this wireless network.
13. In the Channel Number box, type the appropriate channel number.
The channel number associates to a particular frequency.
14. From the Network Authentication list, click the appropriate authentication
type:
l Open : The communication with the reader is in open mode without any

security key.
l WEP: The security key entered must be same as the key in the router

access point.
l WPA: The security key entered must be same as the router access

point.
15. Click Save .

Replacing a faulty connected reader in Station

After you have physically replaced the reader and configured the basic
settings, you need to replace the details of the old reader in Station with the
details of the new reader.

To replace a connected reader

1. In Station choose Configure > Access Control > IdentIPoint > Manage
Readers.
2. In the Show list, click All Readers.
3. Click Discover .
The replacement reader appears in the list of readers.
4. In the list of Readers, click the reader to be replaced and click the
replacement reader.
5. Click Replace .
6. The new reader now replaces the faulty reader, and the temporary name
you applied to the new reader is overwritten with the name of the faulty
reader.

101
Chapter 7 - Maintenance tasks for IdentIPoint

102
CHAPTER

8 INTERACTING WITH HONEYWELL

DIGITAL VIDEO MANAGER
If you have a Honeywell Digital Video Manager (DVM) system installed, you
can use the EBI server scripting feature and the DVM object model to interact
with the DVM system.

ATTENTION: It is strongly recommended that you use automation

rules instead of server scripting. Automation rules are easier to
configure than server scripts and provide a more robust solution to
your automation requirements. For more information on using
automation rules, see the EBI Configuration and Administration Guide.

For more information about creating server scripts, see the EBI Server
Scripting Reference. For more information about the DVM object model, see
the DVM Application Development Guide.
You want to trigger a camera recording whenever there is an access denied
event because the cardholder entered an invalid PIN at a certain reader.
To do this, you attach a script to the OnChange event for the reader point.
In this example, the point name is AS and the camera name is Axis209FD_
198.
If (StrComp(Server.ParamValue("AS.LastAccessReason"),
"DENIED - Invalid PIN", vbTextCompare) = 0) then // Start
the recording if access is denied due to an invalid PINdim
objDVMdim
objCameradim objRecordingConst BYNAME = 0Dim Now1Now1 = Dateset
objDVM = CreateObject("HWDVSAPINET.DVM")
// We are Creating a
New DVM ObjectobjDVM.InitializeFromRegistry2
// The
new DVM Object is initialized set objCamera =
objDVM.Cameras.Item("Axis209FD_198",
BYNAME) // A object "objCamera"
is defined to point to Camera of name "Axis209FD_198"Set
objRecording = objCamera.StartEventRecording("Axis209FD_198",
Now1, "Granted Event has Started the Automatic recording", "H",
"action", 60, 30, "value", 2) // Start the event
recording and generate the alarmend if

103
Notices

NOTICES
Honeywell Trademarks
IdentiPoint® is a U.S. registered trademark of Honeywell International, Inc.

Other trademarks
Microsoft and SQL Server are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
BACnet® is a registered trademark of the American Society of Heating,
Refrigerating and Air-Conditioning Engineers.
Other brands or trademarks are trademarks of their respective owners.
Trademarks that appear in this document are used only to the benefit of the
trademark owner, with no intention of trademark infringement.

How to report a security vulnerability

For the purpose of submission, a security vulnerability is defined as a software
defect or weakness that can be exploited to reduce the operational or security
capabilities of the software.
Honeywell investigates all reports of security vulnerabilities affecting
Honeywell products and services.
To report a potential security vulnerability against any Honeywell product,
please follow the instructions at:
https://www.honeywell.com/en-us/product-security.

Support
For technical assistance, contact your nearest Honeywell office.

Training classes
Honeywell holds technical training classes on Enterprise Buildings Integrator.
These classes are taught by experts in the field of building control systems.
For more information about these classes, contact your Honeywell
representative.

104

HON-FIN4000xxK-10K - Quick Start Guide V1.3 (EN)
No ratings yet
HON-FIN4000xxK-10K - Quick Start Guide V1.3 (EN)
3 pages
EBI R610.1 StarII
100% (1)
EBI R610.1 StarII
112 pages
Device Network SDK (Access Control On Card)
No ratings yet
Device Network SDK (Access Control On Card)
473 pages
Cambridge IELTS Book 14 Speaking Test 2
82% (11)
Cambridge IELTS Book 14 Speaking Test 2
3 pages
SmartPSSLite - VideoIntercom Manual - Eng
No ratings yet
SmartPSSLite - VideoIntercom Manual - Eng
40 pages
Operators Guide
No ratings yet
Operators Guide
278 pages
Control Acces DAHUA
No ratings yet
Control Acces DAHUA
25 pages
Instrukcja PFS5428-24GT
No ratings yet
Instrukcja PFS5428-24GT
81 pages
SmartPSSLite - Access Manual - Eng
No ratings yet
SmartPSSLite - Access Manual - Eng
41 pages
HW IP O2i
No ratings yet
HW IP O2i
65 pages
Fxseries
No ratings yet
Fxseries
225 pages
SmartPSSLite - Access Manual - Eng
No ratings yet
SmartPSSLite - Access Manual - Eng
44 pages
Embedded+Multi-Screen+Controller User's+Manual V2.0.0
No ratings yet
Embedded+Multi-Screen+Controller User's+Manual V2.0.0
100 pages
Republic of The Philippines
No ratings yet
Republic of The Philippines
27 pages
Kathleen Odell Korgen (Editor), Maxine P. Atkinson (Editor) - Sociology in Action-SAGE Publications, Inc (2020)
No ratings yet
Kathleen Odell Korgen (Editor), Maxine P. Atkinson (Editor) - Sociology in Action-SAGE Publications, Inc (2020)
425 pages
Dhi-Asc1202c-D I en
No ratings yet
Dhi-Asc1202c-D I en
38 pages
Asc1204c D
No ratings yet
Asc1204c D
38 pages
User's Manual-Ir Face Recognition Access and Time Attendance Terminal - v1.0.0 - 20180420
No ratings yet
User's Manual-Ir Face Recognition Access and Time Attendance Terminal - v1.0.0 - 20180420
70 pages
SmartPSSLite Access Manual Eng
No ratings yet
SmartPSSLite Access Manual Eng
40 pages
ASC1202B-D Users-Manual V1 0 0 201808
No ratings yet
ASC1202B-D Users-Manual V1 0 0 201808
38 pages
Time & Attendance (Standalone) Quick Start Guide
No ratings yet
Time & Attendance (Standalone) Quick Start Guide
16 pages
CredoID V4 Quick Start Guide
No ratings yet
CredoID V4 Quick Start Guide
23 pages
Smartpss Lite Video Intercom Solution: User'S Manual
No ratings yet
Smartpss Lite Video Intercom Solution: User'S Manual
32 pages
plt-03099 A.5 - Omnikey SW Dev Guide 0
No ratings yet
plt-03099 A.5 - Omnikey SW Dev Guide 0
62 pages
Hand Read
No ratings yet
Hand Read
28 pages
Reception Manager PDF
No ratings yet
Reception Manager PDF
154 pages
NI Functionality - API V 1.0
No ratings yet
NI Functionality - API V 1.0
19 pages
Per Dev Activity
100% (2)
Per Dev Activity
40 pages
DAHUA ASC1204B-S Manual
No ratings yet
DAHUA ASC1204B-S Manual
36 pages
NymiandEvidianGuide RFID V12 20250123
No ratings yet
NymiandEvidianGuide RFID V12 20250123
148 pages
Community Development
No ratings yet
Community Development
14 pages
Manual Dahua
No ratings yet
Manual Dahua
118 pages
Hid Omnikey Contactless Smart Card Reader Developer Guide
No ratings yet
Hid Omnikey Contactless Smart Card Reader Developer Guide
90 pages
NovaSoftwareAdministratorManual-Version2 1 0
No ratings yet
NovaSoftwareAdministratorManual-Version2 1 0
102 pages
UD12587B-A Baseline DS-K1T8003 Fingerprint Access Control Terminal User Manual V1.0.1 20190315
No ratings yet
UD12587B-A Baseline DS-K1T8003 Fingerprint Access Control Terminal User Manual V1.0.1 20190315
120 pages
800 Series Reader Management Software Instructions
No ratings yet
800 Series Reader Management Software Instructions
26 pages
Four-Door One-Way Access Controller: User's Manual
No ratings yet
Four-Door One-Way Access Controller: User's Manual
35 pages
PowerFlex 22-Comm-E FRN 1.Xxx Adaptor User Manual (22COMM-UM004B-En-P - Jan, 2004)
No ratings yet
PowerFlex 22-Comm-E FRN 1.Xxx Adaptor User Manual (22COMM-UM004B-En-P - Jan, 2004)
166 pages
Zebra Rfid Profinet Ug en
No ratings yet
Zebra Rfid Profinet Ug en
64 pages
AFC DISCS DCU28 Electronic Business Services Dual Channel Unit - 363-252-703i4
No ratings yet
AFC DISCS DCU28 Electronic Business Services Dual Channel Unit - 363-252-703i4
24 pages
PlantPAX Display Elements Manual
No ratings yet
PlantPAX Display Elements Manual
554 pages
HON-FIN4000xxK-10K - User Guide V1.3 (EN)
100% (1)
HON-FIN4000xxK-10K - User Guide V1.3 (EN)
63 pages
Agilis 3 91x Emv Upg B
No ratings yet
Agilis 3 91x Emv Upg B
131 pages
UPSCPORTAL Magazine Vol 17 September 2010 WWW - Upscportal
No ratings yet
UPSCPORTAL Magazine Vol 17 September 2010 WWW - Upscportal
80 pages
Ross 12e PPT Ch08
No ratings yet
Ross 12e PPT Ch08
37 pages
Brochurehsaomniassurtch01en0619be PDF
No ratings yet
Brochurehsaomniassurtch01en0619be PDF
4 pages
User Manual: Date: November 2011
No ratings yet
User Manual: Date: November 2011
31 pages
Luhuna Carvalho - A Laughter That Will Bury You All (2020, Centre For Research in Modern European Philosophy, Kingston University)
No ratings yet
Luhuna Carvalho - A Laughter That Will Bury You All (2020, Centre For Research in Modern European Philosophy, Kingston University)
261 pages
U160C 001 User Manual
No ratings yet
U160C 001 User Manual
24 pages
Nesredin Senior Research
No ratings yet
Nesredin Senior Research
39 pages
Australian Englishpronoun
No ratings yet
Australian Englishpronoun
13 pages
User Manual DS-K1A8503MF
No ratings yet
User Manual DS-K1A8503MF
111 pages
Proces Rm014 en P
No ratings yet
Proces Rm014 en P
574 pages
Zebra Rfid: SDK For Windows
No ratings yet
Zebra Rfid: SDK For Windows
31 pages
Device Network SDK (Card-Based Access Control) - Developer Guide - V6.1.5.X - 20230330
No ratings yet
Device Network SDK (Card-Based Access Control) - Developer Guide - V6.1.5.X - 20230330
526 pages
EBI R500.1 EBIOverview PDF
100% (1)
EBI R500.1 EBIOverview PDF
72 pages
Examen 4: 5 Out of 5 Points
100% (1)
Examen 4: 5 Out of 5 Points
5 pages
Workbook 1 - Edexcel IAS - June 2024 To July 2024
No ratings yet
Workbook 1 - Edexcel IAS - June 2024 To July 2024
172 pages
Hiện tại đơn vs Hiện tại tiếp diễn
No ratings yet
Hiện tại đơn vs Hiện tại tiếp diễn
27 pages
Snap-On LF Uhf Rfid Reader
No ratings yet
Snap-On LF Uhf Rfid Reader
48 pages
Kbat BI
No ratings yet
Kbat BI
20 pages
Fingerprint and Card Reader User Manual
No ratings yet
Fingerprint and Card Reader User Manual
13 pages
2022 GR 12 Accounting Study Pack Activities
No ratings yet
2022 GR 12 Accounting Study Pack Activities
8 pages
Philippine Education System Under The "New Normal"
No ratings yet
Philippine Education System Under The "New Normal"
1 page
White Paper OPOS Suite
No ratings yet
White Paper OPOS Suite
14 pages
The Iraq 2003 (Article)
No ratings yet
The Iraq 2003 (Article)
5 pages
Honeywell Access WPNX4L30
100% (1)
Honeywell Access WPNX4L30
109 pages
Online3.hpsssb - Hp.gov - in latestApplicationDownload - Aspx
No ratings yet
Online3.hpsssb - Hp.gov - in latestApplicationDownload - Aspx
2 pages
SmartPSSLite VideoIntercom Manual Eng
No ratings yet
SmartPSSLite VideoIntercom Manual Eng
40 pages
OfferLetter A
No ratings yet
OfferLetter A
2 pages
FX Series Rfid Fixed Reader: Integration Guide
No ratings yet
FX Series Rfid Fixed Reader: Integration Guide
213 pages
5321-903 b.4 Omnikey Contactless Developer Guide en
No ratings yet
5321-903 b.4 Omnikey Contactless Developer Guide en
102 pages
Final
No ratings yet
Final
6 pages
IZ2.0 Standard Flat
100% (1)
IZ2.0 Standard Flat
321 pages
Bizhub 42
No ratings yet
Bizhub 42
158 pages
Israeli Aircraft Industries: PGDM 2020-2022
No ratings yet
Israeli Aircraft Industries: PGDM 2020-2022
10 pages
Price List TRD Food Service 15 FEB 2023
No ratings yet
Price List TRD Food Service 15 FEB 2023
41 pages
Jora Singh
No ratings yet
Jora Singh
5 pages
2022 y L R 198
No ratings yet
2022 y L R 198
12 pages
User Manual: Date: November 2011
No ratings yet
User Manual: Date: November 2011
31 pages
Detalhes Do Cliente: Priscila Santos
No ratings yet
Detalhes Do Cliente: Priscila Santos
2 pages
RPH Week 12
No ratings yet
RPH Week 12
11 pages
Natraj Aadhaar Card
No ratings yet
Natraj Aadhaar Card
1 page
Impassioned Icons
100% (1)
Impassioned Icons
8 pages
Chief of Staff Job Description
No ratings yet
Chief of Staff Job Description
1 page
Integrated Circuit Card Specifications For Payment Systems: Cardholder, Attendant, and Acquirer Interface Requirements
No ratings yet
Integrated Circuit Card Specifications For Payment Systems: Cardholder, Attendant, and Acquirer Interface Requirements
104 pages
Rhino User Guide V1 - 1
No ratings yet
Rhino User Guide V1 - 1
18 pages
News Hsm8000base Software v3.1
No ratings yet
News Hsm8000base Software v3.1
4 pages
B2MML V0401 Equipment
No ratings yet
B2MML V0401 Equipment
12 pages