Professional Documents
Culture Documents
Initial Software
Setup Guide
January 2018
S2 Security Corporation
One Speen Street
Suite 300
Framingham MA 01701
www.s2sys.com
S2 Support: 508 663-2505
Document #NB-SS-16
© S2 Security Corporation 2009-2018. All rights reserved.
This guide is protected by copyright and all rights are reserved by S2 Security Corporation. It may
not, in whole or in part, except insofar as herein directed, be copied, photocopied, reproduced,
translated or reduced to any electronic medium or machine-readable form without prior written
consent of S2 Security Corporation.
Third party trademarks, trade names, product names, and logos may be the trademarks or
registered trademarks of their respective owners.
Note:
Refer to Tech Note 24: S2 Node Operational Requirements, which describes
networking requirements for optimal S2 node performance.
The setup instructions assume that the hardware installation has been completed for
the S2 system and all S2 nodes to be included in the system. Consult the following
table to determine the appropriate installation guides for your S2 system components.
S2 NetBox VR Quatro
S2 Network Node with M1-3200 blade
S2 Network Node VR
6. If the Activation Key and Product Key boxes do not contain the correct
keys for your system, you will need to enter them manually.
The Activation Key and Product Key are included on a license label that is
shipped with the system.
7. After reviewing the license agreement, click Apply to accept the terms. Be
sure to click Apply only once.
The Initmode page shown in Figure 2 appears.
Important:
If your S2 NetVR system is running version 1.8.6 of the S2 NetVR software, do not
use the instructions below. Instead, refer to Revision 05 of the S2 NetVR Installation
and Initial Setup Guide (NVR-HW-05) for information on configuring initial settings.
Important:
If you change the IP address, take note of the new address, because you will
need it to log in later.
5. In the Web Server Settings section, change the default HTTP port number
(80) only if the network administrator provides a different port number.
6. Click Save.
It may take several minutes for the system to shut down and restart. When it
restarts, the “restarting Web Server” message on your screen is replaced by a
message indicating that the IP address for the server will change in a few
seconds, and you will need to enter the new address into the browser and log
in again.
7. Connect the system to the corporate network.
8. Set the PC back to an IP address on the corporate network. All further
configuration work can be done through the corporate network.
Important:
If the S2 system is now on a different subnet, be sure to connect the PC to the
same subnet, so you will be able to log in again after your changes have
taken effect.
5. Enter the factory default password (admin), enter the new password, and then
re-enter the new password.
6. Click Save.
Other users can be added to the system later and assigned user roles,
including the full system setup role. They will be able to log into the system
and use the functions accessible to them based on their roles.
Important:
To log in subsequently, you will need to enter the username and password for the
S2 system. If these are unknown, the system will need to be reset to factory defaults.
For instructions, refer to the hardware installation guide for your system.
Note:
Any S2 NetBox or S2 NetVR can act as an NTP server. If you have multiple
S2 NetVRs, you can minimize your reliance on external NTP servers by pointing just
one S2 NetBox or S2 NetVR to the IP address of an external NTP server, pointing all
other S2 NetVRs to the IP address of that S2 system, and pointing your IP cameras to
the IP addresses of their NetVRs. This configuration will ensure that the time on your
devices will be synchronized, even if external NTP servers are inaccessible.
This section provides setup instructions for the following S2 nodes, which use a
built-in web server for configuration: S2 Network Node with M1-3200 blade,
S2 MicroNode Plus, and S2 Network Node VR. It describes how to:
Obtain the network configuration for the S2 node.
Connect to the S2 node, change the default password, and optionally
configure security policies. (page 10)
Configure network settings for the S2 node, to allow it to communicate with
the S2 controller. (page 12)
Enable secure communications for the S2 node. (page 15)
View additional node information. (page 17)
Use the debug utilities to retrieve diagnostic information for the S2 node,
revert it to factory defaults, and reboot it. (page 18)
Required:
Refer to Tech Note 24: S2 Node Operational Requirements, which describes
networking requirements for optimal S2 node performance.
Note:
By default, the S2 node can be accessed only when the enclosure door is open. This
is a security precaution designed to prevent intruders from using the default password
to log into the S2 node and change its configuration. When you change the default
password, you can also select an option to allow logins when the door is closed.
8. Under Change Password, enter the current login password (admin), enter and
re-enter the new password, and click Change.
9. (optional) Under Security Policies, select either or both of the following check
boxes and click Update:
Allow logins when locked: This will allow users to log into the S2
node when the enclosure door is closed.
Disable this web service when SSL is disabled: This will
ensure that the web server will be inaccessible to users when SSL is
disabled.
If this is a new S2 node, the page will show the factory default network
settings:
IP address 192.168.0.251
Net Mask 255.255.255.0
Gateway Address 192.168.0.1
Note:
If the S2 controller is running software version 4.9.11 or earlier, the Node
Secure Communications section will appear on the Security page rather than
on the Network page.
2. To use a static IP address for the S2 node, enter the new IP address, network
mask, and gateway address, and leave the Use DHCP check box
unchecked.
- or -
To allow the network set the IP address dynamically, leave the IP address,
network mask, and gateway address at their defaults; and select the Use
DHCP check box.
For more information about using DHCP, refer to Tech Note 35: USB
Commissioning of S2 Nodes.
3. Under Network Controller, enter one of the following:
The server name for your S2 controller. If you enter the server name, you
will also need to enter the IP address for at least the primary DNS server.
The IP address for your S2 controller.
Entering the server name is an option only if the S2 controller is running
software version 4.9.12 or later.
4. (optional) Clear the Auto-Revert check box to disable the Auto-Revert
feature, which is enabled by default.
This feature causes the S2 node to revert to its previous configuration in five
minutes. If Auto-Revert is enabled and you have configured the network
settings incorrectly, resulting in an inability to connect to the S2 node, it will
revert to the last known configuration.
5. Click Submit.
6. Click OK on the two warning messages that appear.
7. Close your browser window.
Important:
If you left Auto-Revert enabled at step 4, and you are confident that the
network configuration is correct, you must log into the S2 node again within
five minutes to prevent it from reverting to the previous configuration.
To log in again, you can either switch your PC to the new subnet of the S2
node, or access it from another system on the target network.
When you select the number it also appears in the Unique Identifier field.
Do not change this field.
3. Click the Rename link and enter a name that will help you identify the
S2 node.
4. Select the Enabled check box to enable the S2 node.
This allows the communication of data between the S2 node and
S2 controller.
5. Click Save.
6. Select Configuration : Site Settings : Node Status.
In the Current Status section, the unique identifier (UID) for the S2 node
should be displayed in green and it should have the status Connected. This
may take a few minutes.
Refer to page 18 for more information on renaming and enabling an S2 node.
Note:
If you are unable to log into a current generation S2 node, you will need to use the
orange Revert button on the node blade to reset the node to factory defaults. When
the Revert button is held down for an extended period of time, each of the four LEDs
will blink sequentially. They will then blink on and off in unison, indicating that the
revert process has completed and the node has been returned to its factory default
settings. You can now release the Revert button.
For information on using the software to revert an S2 node to factory defaults but
retain its network configuration and digital certificates, see page 18.
Note:
Following a hardware reset of the node to factory defaults (described on page 14), you
will need to re-enable secure communications for the node. If you use a custom
certificate, it will need to be downloaded to the node again. Only the default certificate
is retained on the node during a hardware reset to factory defaults.
If there is a secure node configuration error, a message in the Activity Log will indicate
the reason for the error, as described in Table 3.
2. To retrieve system diagnostics, click Get Diags and wait for up to one
minute. Email the files to S2 Support for review.
3. To revert the node to factory defaults, click Revert.
This closes the existing connection to the S2 controller, clears the current
system configuration and credentials from the node, and restores the
firmware to the factory pre-installed image. Only the node’s network
configuration and digital certificates are retained.
When the node reconnects to the S2 controller, it upgrades to the latest
firmware, and the current system configuration and credentials are loaded
onto the node.
4. To reset the node, click Reset.
This power cycles the node to reset it.
Note:
If you are installing a system with multiple nodes, you might find it helpful to power up
and rename them one at a time. When viewing a long list of nodes in the user
interface, it will be easier to identify one from the other by their meaningful names
rather than by their 16 character UIDs.
Note:
For information on setting up elevator access control, refer to the online help.
Note:
In the procedures below you will use the access control blade diagram, but this is not
the only way to configure portal resources. See the online help for more information.
Setting Up a Reader/Keypad
Set up a reader/keypad for each portal’s incoming reader, keypad, or combination
reader/keypad device.
To set up a reader/keypad:
1. On the blade diagram, click the 7-pin connector to which the reader/keypad
device is connected (or click the link for that reader connector on the right side
of the page).
The Readers/Keypads configuration page appears:
2. Enter a descriptive Name for the reader/keypad, or click add and then enter
the name.
3. Make sure the Enabled check box to the right of the Name field is selected.
The Expansion Slot and Position fields will be filled in automatically
based on your selection at step 1.
4. From the Reader/Keypad Type drop-down list, select the reader/keypad
device type.
5. Click Save.
Setting Up Inputs
Set up an input for each portal’s DSM (door status monitor) and, optionally, an input
for each portal’s REX (request to exit) device.
To set up an input:
1. On the blade diagram, click the 2-pin connector to which the input device is
connected (or click the link for that input connector on the right side of the
page).
2. Enter a descriptive Name for the input, or click add and then enter the
name.
3. Make sure the Enabled check box to the right of the Name field is selected.
4. To ensure that the input is armed at all times, make sure the Always
Armed check box is selected.
Note:
If the input needs to be armed only at certain times, clear the Always Armed
check box and add the input to an input group. The time spec assigned to the
input group will determine when its inputs will be armed.
Important:
It is critical that this selection accurately reflects the input circuit. The system
supports 1K Ohm resistors only, and a circuit diagram is displayed on the
page next to Termination Circuit. The various circuits and resistor
configurations create resistance values used by the system in determining
normal, alarm, and trouble states.
Setting Up Outputs
Set up an output for each portal’s lock.
To set up an output:
1. On the blade diagram, click the 3-pin connector to which the output device is
connected (or click the link for that output connector on the right side of the
page).
The Outputs configuration page appears:
3. Enter a descriptive Name for the portal, or click add and enter the name.
4. From the Network Node drop-down list, select the S2 node for which you
are configuring the portal.
Sections appear on the page for selecting the portal’s lock, DSM, REX, and
incoming reader/keypad:
5. From the Location drop down menu, select a location. The Master location
is selected by default.
6. Select resources for the portal’s Lock and DSM and, optionally, for its REX.
7. Select a resource for the portal’s Reader 1 and/or Keypad 1.
8. Click Save.
Important:
For a time spec whose start time is later than its end time, the time spec
period will end on the day following the last day of the week you select. For
example, suppose that when setting up a Weekdays 8 PM to 7 AM time spec,
you select the days Monday through Friday. The time spec period will start at
8 PM on Monday and will end at 7 AM on Saturday, even though Saturday is
not one of the days you selected. To have the time spec period end at 7 AM
on Friday, you would need to select only the days Monday through Thursday.
6. Click Save.
Note:
The default reader group, All Readers, is a system-owned group containing all
readers currently configured in the system. When you add a reader to the system, it is
added to the All Readers group automatically.
2. Enter a descriptive Name for the access level, or click add and then enter
the name.
3. Select the Enabled check box to the right of the Name field to enable the
access level.
4. For Reader(s), select the reader group you created.
5. For Time Spec, select the time spec you created.
6. Click Save.
For information on other functions of access levels, see the S2 online help.
Note:
If you do not know the format of an individual credential or the existing credential
population, you can use the Card Decoder utility to decode the bits on Wiegand
formatted credentials and the bytes on Track 2 of Magnetic stripe credentials. For
instructions, see the online help. (Search for Decoding Cards.)
Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new name, and making any needed
changes to the new format.
3. Enter a Name for the new card format. This is a required entry.
4. To enable the card format, select the Enabled check box.
5. Enter a Description for the card format.
Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.
9. Enter in the following four fields the correct start-bit and bit-length values for
the format you are creating:
Facility Code Start: The first bit of the facility code number.
Facility Code Length: The number of bits used to indicate the facility
code. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the facility code portion of the card
format.
Encoded # Start: The first bit of the card ID number.
Encoded # Length: The number of bits used to indicate the card ID
number. For special applications, select the Reverse bit order check box
to reverse the read order of the bits in the card ID portion of the format.
Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility Code
Start, and Facility Code Length.
10. Select the Hot Stamp and encoded numbers default identical
check box if the number printed on the card is the same as the encoded
number.
If this box is checked, whenever you either enroll a card using a reader or
manually enter a number in the Hot Stamp # field, the system populates both
Hot Stamp # and Encoded # fields with the same value.
11. Bit definitions in card format: These drop-down lists will fill in
automatically when you complete step 7 above. The number of bit drop-down
lists will match the number you entered in the Length box at step 5.
P is for a parity bit. F is for a facility code bit. N is for a card number bit.
12. Parity bit definitions: These drop-down lists are filled in with the default
parity bit definitions for the Wiegand format. The first bit (bit 1) is used for
even parity error checking and covers bits 2 through 13. The last significant bit
(bit 26) is used for odd parity error checking and covers bits 14 through 25.
13. Click Save.
Note:
If you are adding a card format that is substantially similar to an existing
format, you can save time by selecting that format from the drop-down list,
clicking the clone link, entering a new Name, and making any needed
changes to the new format.
3. Enter a Name for the new card format. This is a required entry.
4. Enter a Description for the card format.
5. From the Data Format drop-down list, select Magstripe Track 2.
6. In the Length text box, enter the number of bytes in this card format. This is
a required entry. The number entered here determines the number of byte
definition drop-down lists provided below.
7. Check the card manufacturer's documentation for the facility code of the card
batch you are using. Enter this number in the Facility Code field.
Note:
Make sure the facility code for keypads differs from the facility codes used in
the card population. It is important that the system recognize keypad input as
separate from card reads. For instructions on setting keypad facility codes,
refer to the keypad manufacturer's documentation.
8. Enter in the following four fields the correct start byte and byte length values
for the format you are creating:
Facility Code Start: The first byte of the facility code number.
Facility Code Length: The number of bytes used to indicate the
facility code.
Encoded # Start: The first byte of the card ID number.
Note:
If you want your system to ignore the facility code when validating card reads,
enter a zero (0) in each of the following fields: Facility Code, Facility
Code Start, and Facility Code Length.
Note:
An access level that is not assigned to a person record is stored in the S2 controller’s
database and is not downloaded to S2 nodes.
Note:
Although the ID# is not required, supplying a unique Person ID for each
person record allows the records to be reliably retrieved, modified, and
deleted via the API.
3. To issue a credential, click Add New Credential on the Access Control tab
to display the fields shown below:
4. Enter the Hot Stamp # and Encoded #, and select the Credential
Format you created earlier. The Status for the credential should remain
Active.
Note:
You can also add a credential by presenting it at the system’s enrollment
reader, as described in the next procedure.
6. Select the access level you created from the Available list, and click the right
arrow button to move it to the Selected list.
7. Click Save.
S
S2 controller
email settings 6
network settings 6
time server settings 8
web server settings 7
S2 nodes
changing default password 10
changing security settings 11
configuring resources for 20
diagnosing problems 18
enabling and renaming 18
enabling secure communications 15
resetting 18
reverting to factory defaults 14, 18
secure communications, enabling for S2 nodes 15
setting up
access levels 28
credential formats 29
inputs 22
outputs 24
person records 33
portal access control 20
portals 25
reader groups 27
reader/keypads 22
S2 nodes 9
time specs 26
Software License page, displaying 3
SSL certificate, selecting for an S2 node 15
system
configuring initial settings 6
logging in 7
T
testing a portal access control configuration 36
time server
available settings 8
configuring 6
time specs, creating 26