Cisco Physical Access Gateway User Manual Page 1

Browse online or download User Manual for Gateways/controllers Cisco Physical Access Gateway. Implementation of Cisco Physical Access Control Solution

  • Download
  • Add to my manuals
  • Print
  • Page
    / 114
  • Table of contents
  • TROUBLESHOOTING
  • BOOKMARKS
  • Rated. / 5. Based on customer reviews

Summary of Contents

Page 1 - Session ID-BRKSEC-2081

Session ID-BRKSEC-2081Implementation of Cisco Physical Access Control

Page 2 - Up to 64

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID10Video Integration Video integration with Cisco VSM Suite:

Page 3 - Client PC

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID100Alarms and video Once camera and door are associated, any

Page 4 - Product Overview

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID101User profile must be configured to show videoCPAM user pro

Page 5

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID102Alarm can trigger live video popupAlarm caused by Door For

Page 6 - Hardware Module Overview

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID103The advantage of Gateway Cloning1. Doors  Templates  C

Page 7 - Gateway module connections

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID104Troubleshooting the system

Page 8 - Additional modules

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID105The infamous ‘show tech’ for CPAMShow Technical Support op

Page 9

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID106Gateway Log collection Performed via CPAM client using Ga

Page 10 - Video Integration

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID107Uploading logs to CPAM serverLeft Click on the Gateway, th

Page 11 - Solution Details

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID108Moving file from the CPAM to client machine1Open Image Man

Page 12 - The CPAM server

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID109Zipping and emailing the Gateway LogsOnce the files are on

Page 13 - The CPAM server (continued)

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID11Solution Details

Page 14 - CPAM server Install

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID110CPAM log collection SSH (user and password needed) into t

Page 15 - Install continued

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID111CPAM client logs Log is kept on the client machine where

Page 16 - NTP (Network Timing Protocol)

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID112Firewall considerations TCP port 80 HTTP TCP port 4

Page 17 - High Availability for CPAM

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID113Additional features Graphic Maps with active ICONs Quick

Page 18

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID114

Page 19 - Cisco PAM High Availability

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID12The CPAM server CPAM server is first device to setup and i

Page 20 - Commands tab

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID13The CPAM server (continued) Install and IP addressing HA

Page 21

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID14CPAM server Install CPAM server comes pre-loaded from fact

Page 22 - CPAM database backup

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID15Install continuedUnder the Network panel, you are prompted

Page 23 - CPAM database restore

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID16NTP (Network Timing Protocol) Standards method to ensure a

Page 24 - Licensing

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID17High Availability for CPAM Active Server ETH0 IP address

Page 25 - Cisco PAM Licensing Model

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID18High Availability for the CPAM server Type determined at i

Page 26 - License SKUs

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID19Cisco PAM High AvailabilityUtilizes LINUX-HA project for th

Page 27 - Hardware SKUs

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID2Access Control Architectures of yesteryearSerial RS485Cables

Page 28

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID20Stopping the CPAM server applicationStop option is availabl

Page 29 - The Gateway Module

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID21Software upgrades for CPAM server, CPAM is always upgraded

Page 30

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID22CPAM database backupPerformed from the CPAM web interfaceBa

Page 31

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID23CPAM database restoreCPAM server application must be stoppe

Page 32 - POE for the Gateway

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID24Licensing Installed via WEB connection to CPAM active serve

Page 33

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID25Cisco PAM Licensing ModelAdditional feature licenses availa

Page 34

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID26License SKUsSKU DescriptionCIAC-PAME-BD= Badge Designer Lic

Page 35

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID27Hardware SKUsSKU DescriptionCIAC-PAME-1125-K9 Version 1 CPA

Page 36 - Network tab also

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID28Gateway and associated modules Web Configuration Tool. Po

Page 37 - Additional module inventory

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID29The Gateway Module The second device to configure and inst

Page 38 - Gateway Image management

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID3Cisco Access Control Deployment ArchitectureCiscoAccess Gate

Page 39

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID30Gateway module Web Configuration tool Eth0 IP Address assi

Page 40 - CAN bus layout

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID31NTP If NTP is not configured on the gateway , it will use

Page 41

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID32POE for the Gateway GW POE budget can be used to power rea

Page 42 - Where do I get this ‘client’?

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID33Sample of Single Door POE ConnectionWeigand Reader Reader

Page 43 - Log in via the client

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID34Weigand slot wiring on Gateway or Reader modules.Chassis La

Page 44

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID35Initial configuration of the Gateway moduleusing Eth1User a

Page 45 - Templates

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID36Setting the IP and CPAM on the GW moduleDHCP is on by defau

Page 46

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID37Additional module inventoryUsing the Show Inventory panel y

Page 47 - Flexible Door Template

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID38Gateway Image managementYou can use the web interface to ma

Page 48

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID39CAN bus Controller Area Network bus 3 wire, parallel bus

Page 49 - Credential template

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID4Product Overview Hardware: Cisco Access Gateway controlling

Page 50

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID40CAN bus layoutCAN termination set on for this module and of

Page 51

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID41CPAM client (configuring the hardware) Where do I get it f

Page 52 - If the badge is known!

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID42Where do I get this ‘client’?HTTPS into the CPAM server.Und

Page 53 - Audit trails

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID43Log in via the clientFound under Programs, in the directory

Page 54 - Device templates (Inputs)

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID44Window jumping, from here to anywhereThis menu bar is avail

Page 55 - What is a supervised input?

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID45Templates Used for credentials, devices, doors, and gatewa

Page 56 - Generic Output

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID46TemplatesDevice template created or edited and savedCredent

Page 57 - Door Template

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID47Flexible Door Template Doors templates can consist of any

Page 58 - Gateway Template

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID48Template theory in use example You have 50 doors that will

Page 59 - Gateway Cloning

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID49Credential template• Credential template must match the bit

Page 60 - Gateway module replacement

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID5Access Control Hardware Modules1. Access Gateway: CIAC-GW-K9

Page 61 - Replace non Gateway module

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID50Associating Credential templates with reader Done on the r

Page 62 - Disable/Delete function

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID51What if the badge layout is unknown?Reader Decode Failed me

Page 63 - Creating the Door

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID52If the badge is known!Here we see that the badge was read a

Page 64 - The door theory!

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID53Audit trailsWhile viewing the badge record, we can look at

Page 65 - Door Device Associations

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID54Device templates (Inputs)•Accessed from CPAM client main me

Page 66 - Deviations from the Templates

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID55What is a supervised input? An unsupervised input has 2 st

Page 67

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID56Generic OutputCreates from the Device Template main menu.No

Page 68

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID57Door TemplateUsed to create logical door layout. Each devi

Page 69 - Door Usage Profile

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID58Gateway TemplateOnce you have a Gateway configured the way

Page 70

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID59Gateway CloningUseful when you are pre-provisioning the CPA

Page 71

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID6Cisco Physical Access GatewayOutputModuleReader ModuleHardwa

Page 72 - Logical device locations

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID60Gateway module replacementFirst, Disable the GatewayThird,

Page 73

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID61Replace non Gateway moduleOn the client, Hardware tree disp

Page 74 -

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID62Disable/Delete functionBy default, devices can only be disa

Page 75 - Gateway Bulk Image upgrade

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID63Creating the DoorLogical door is created under the Location

Page 76

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID64The door theory! Basic door has 4 devices involved The re

Page 77 - Schedules

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID65Door Device AssociationsUnder Associate Devices, you select

Page 78 - Gateway timezone

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID66Deviations from the TemplatesThe device template used in th

Page 79 - Schedule example

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID67•Here is where we map the physical door connections to the

Page 80 - Schedule creation

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID68Door properties (defaults are based on door template used t

Page 81

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID69Door Usage ProfileDefault is based on door template used to

Page 82 - Policy creation

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID7Gateway module connectionsEth0 port used for network connect

Page 83

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID70Facility Code and Duress SpecificationCredential templates

Page 84 - Badge Access Level and Policy

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID71Configuration download to the gateway Once the devices and

Page 85 - Badges continued

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID72Logical device locations Easy way to determine what device

Page 86

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID73Firmware upgrades for Gateway module 2 step process…image

Page 87 - Credential download

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID74Firmware upgrade on Gateway continuedOnce image is on the C

Page 88

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID75Gateway Bulk Image upgradeSame options as seen on the Gatew

Page 89 - Event Monitoring

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID76CPAM client (configuration for access) Schedules Access P

Page 90 - Turn on light or send email

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID77Schedules Schedules are created to fit the specific custom

Page 91 - Global I/O

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID78Gateway timezoneBefore schedules can be accurately put in p

Page 92 - The trigger

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID79Schedule example We want to create a schedule and associat

Page 93 - The action

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID8Additional modulesRequire external power to operateConnected

Page 94 - Email notification TEST

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID80Schedule creationWe added a schedule entry to use the defau

Page 95 - Email notification for events

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID81Deny action for desired HolidaysAfter adding the Permit for

Page 96 - Sample email text

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID82Policy creationHere we created a Policy and added the descr

Page 97

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID83Configuring a badge for accessCard number is imbedded in th

Page 98 - Camera associations

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID84Badge Access Level and PolicyWhich location and what access

Page 99

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID85Badges continuedCredential template must be associated to t

Page 100 - Alarms and video

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID86Badges are then associated to peoplePersonnel records are c

Page 101

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID87Credential download Credential database is synced between

Page 102

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID88Manual download of credentialsIf you update a badge credent

Page 103

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID89Event MonitoringFlashes on every window when alarm occurs

Page 104 - Troubleshooting the system

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID9Cisco Physical Access Manager (CPAM) Appliance form factor

Page 105

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID90Global I/O to take action on a trigger Automation driver m

Page 106 - Gateway Log collection

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID91Global I/OEvent trigger is defined, this can based on any e

Page 107 - Uploading logs to CPAM server

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID92The triggerHere we have the ability to use any event messag

Page 108

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID93The actionUnder Action, we added a Device Command.We then s

Page 109

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID94Email notification TESTYou can use the CPAM web interface t

Page 110 - CPAM log collection

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID95Email notification for eventsHere we see and Automation Rul

Page 111 - CPAM client logs

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID96Sample email textTest email generated by the CPAM server Te

Page 112 - Firewall considerations

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID97Video Integration EDI driver will start automatically, use

Page 113 - Additional features

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID98Camera associationsOnce the drivers are started, you need t

Page 114

© 2010 Cisco and/or its affiliates. All rights reserved.Cisco ConfidentialPresentation_ID99Camera Manager and door associationsCamera Manager is under

Comments to this Manuals

No comments