bolid S2000-2 User manual
ACCESS CONTROLLER
S2000-2
User’s Manual
2
WARNING:
To change configuration parameters of the controller please use UProg.exe software
utility of versions 4.1.0.54 and higher. DO NOT use UProg.exe of versions 4.0.0.821
and below
3
CONTENTS
1 Description and Operation .........................................................................................................4
1.1 Functions of the Controller..................................................................................................4
1.2 Specifications.......................................................................................................................5
1.3 Standard Delivery ................................................................................................................8
1.4 Access Modes ......................................................................................................................8
1.5 Two-Factor Authentication................................................................................................10
1.6 Access Levels.....................................................................................................................11
1.7 Two (or More) Person Rule Access Control......................................................................12
1.8 Time Zones ........................................................................................................................13
1.9 Antipassback Rules............................................................................................................14
1.10 Coerced Access................................................................................................................17
1.11 Centralized Access and Operating Partitions...................................................................17
1.12 Access by ID Templates ..................................................................................................19
1.13 Connecting Readers .........................................................................................................20
1.14 Connecting Door Open Sensors (Passage Sensors).........................................................25
1.15 EXIT, PERMIT (CONFIRM) and DENY Buttons..........................................................26
1.16 Alarm Loops ....................................................................................................................27
1.17 BUSY Input / Output.......................................................................................................31
1.18 Light and Sound Indication..............................................................................................33
1.19 Configuration Parameters ................................................................................................36
1.20 Programming Credentials ................................................................................................51
2 Operation..................................................................................................................................53
2.1 Two Entrance Doors Mode................................................................................................57
2.2 One Entrance / Exit Door...................................................................................................60
2.3 Turnstile Mode...................................................................................................................63
2.4 Boom Barrier Mode...........................................................................................................66
2.5 Mantrap Mode....................................................................................................................71
3 Maintenance.............................................................................................................................75
3.1 Functionality Test ..............................................................................................................75
4 Marking....................................................................................................................................77
5 Packaging.................................................................................................................................78
6 Storage......................................................................................................................................78
7 Transportation ..........................................................................................................................78
8 Certificates ...............................................................................................................................78
9 Manufacturer Data....................................................................................................................79
Appendix A
Overall and Mounting Dimensions of the S2000-2 Controller...........................80
Appendix B
PCB Layout.........................................................................................................81
Appendix C
The Schematics for Connecting Readers to the S2000-2 Controller ..................82
4
This User’s Manual is intended to help for studying operability principles and maintenance of
S2000-2 Access Controller of version 2.20.
The S2000-2 Access Controller (hereinafter referred to as the controller) is designed to control
access through a single or two access points by reading the codes of presented credentials (Proximity
cards, iButtons, PINs), verifying access rights, and closing (opening) the contacts of relays operating
locking devices (electromechanical or magnetic locks or electric strikes, turnstiles, boom barriers).
The controller is designed to operate as part of a PC-based Orion integrated security system
under Orion Pro software of the version 1.20 SP1 or higher, or as part of an Orion integrated security
system based on an S2000 or S2000M control panel, or in standalone mode.
1Description and Operation
1.1 Functions of the Controller
1.1.1 Local access control, that is granting or denying access for holders of credentials
registered in the controller’s database, depending on the access rights of the presented credentials, the
current access mode and current access rule violations of the presented credentials.
1.1.2 Centralized access control, that is reading the code of a presented credential and
transmitting it to the network controller (Orion Pro workstation) followed by granting or denying
access for the holder of the presented credential by a command of the network controller (only if the
controller operates as part of an Orion system based on a personal computer).
1.1.3 Arming and disarming partitions (when the controller operates as part of an Orion system
based on a PC or an S2000M panel).
1.1.4 Arming and disarming up to four loops of an intrusion alarm system, monitoring loop
conditions and sending alarms over the RS-485 interface to the network controller (Orion Pro
workstation or S2000 panel).
1.1.5 The controller is intended to be installed inside premises and is designed for round-the-
clock operation.
1.1.6 The controller is not designed to be used in aggressive or dust media or in explosion
hazardous premises.
1.1.7 As to resistance to mechanical attacks the controller falls into the 03 placement category
in accordance with Russian Standard ОСТ 25 1099-83.
1.1.8 As to resistance to climatic effects the controller is produced in the implementation 3 in
accordance with Russian Standard ОСТ 25 1099-83 but for operating temperatures minus 30°Сto
+50°С.
5
1.2 Specifications
1.2.1 The controller is to be powered by an external dc power supply with 12 V rated voltage
(10.2 V to 15.0 V). Battery backed power supplies of RIP-12 series manufactured by the Bolid
Company are recommended for use.
1.2.2 The power consumed by the controller from an external dc power supply does not
exceed 2 W.
1.2.3 The maximum current consumed by the controller from an external dc power supply does
not exceed 120 mA.
1.2.4 The number of connected readers of iButtons, Proximity cards, or PINs with output
interface Touch Memory (1-Wire, µ-LAN), Wiegand, or ABA TRACK II is 2.
1.2.4.1 The controller provides operating the two LEDs (the single two-color LED) of each
reader. The control levels match logic levels of +5 V CMOS. In case of direct connection of LEDs the
controller limits the current through the LEDs by 10 mA.
1.2.4.2 The controller provides controlling reader’s beepers. The control levels match logic
levels of +5 V CMOS.
1.2.5 The distance between the controller and the reader shall not exceed 100 meters.
1.2.6 Memory capacity: 32768 codes of credentials (iButtons, Proximity cards, PINs).
1.2.7 The number of actuator relay to control locking devices is 2.
1.2.7.1 The maximum switching current of each relay is 7 A.
1.2.7.2 The maximum switching voltage for each relay is 30 V.
1.2.7.3 The maximum switching power of each relay is 100 W.
1.2.8 The controller provides condition analysis for up to four intrusion alarm loops with
arming and disarming them by means of presenting iButtons (Proximity cards, PINs) or over the RS-
485 interface. The controller also transmits loop events over the RS-485 interface.
1.2.9 The controller can be used in one of the following operation modes:
−Two Entrance Doors;
−One Entrance / Exit Door;
−Turnstile;
−Boom Barrier;
−Mantrap.
1.2.10 In all operation modes the controller supports the following access modes:
−"Simple": access requires presenting one (a "primary") credential;
−"With extra code": access requires presenting two credentials (a "primary" and an "extra"
ones);
−"Confirmed manually": after presenting a credential access must be confirmed by a guard
manually, by pressing a CONFIRM button;
−"Two-person rule" ("Three-person rule"): access can be granted after presenting two or three
credentials with specific access levels;
−"Centralized access": access with presenting a credential not registered in the controller
itself with making a decision about granting / rejecting access by the network controller
(“Orion Pro”);
−"Access locked": local access is prohibited (centralized access can be granted);
6
−"Free pass": no credential is required to achieve access.
1.2.11 The following factors to limit access are taken into account while analyzing access
rights of a presented credential:
−The credential must not be disabled;
−The credential must have a right to access the access zone;
−Validity of the credential;
−The Time Zone of the credential must be active;
−Antipassback rules;
−Conditions of alarm loops of the controller which lock access;
−Status of BUSY signal.
1.2.12 The access controller transmits the network controller (Orion Pro or S2000M panel) the
following messages over the RS-485 interface:
−"Identification" – Authentication of the user has been completed but access rules have not
yet been checked (in case of two- or three-person rules or manually confirmed access);
−"Access Granted";
−"Transaction" – After granting access a passage to the access zone has been detected;
−"Access Denied" – Access is denied for the presented registered credential;
−"Wrong Code" – An unknown credential is presented to a reader when there is no
communications between the S2000-2 and the network controller (the message is stored in
the S2000-2 memory);
−"Duress Code" – Access under coercion;
−"Access Locked" – Access is locked for all credentials;
−"Free Pass" – Access control is deactivated;
−"Access Restored" – Access control has just been activated;
−"Disarmed";
−"Armed";
−"Arming Delay";
−"Arming Failed";
−"Loop Alarm";
−"Authentication" – A credential for arming/disarming loops has been presented to a reader;
−"Door Open" – The passage sensor (door sensor) has responded;
−"Door Closed" – The passage sensor (door sensor) has returned to the quiescent mode;
−"Door Held Alarm" – The door has been open too long (for more than 30 s);
−"Door Forced Open" – The door is forced open without granting access;
−"Tamper Alarm" – The S2000-2 enclosure has just been opened;
−"Tamper Restored" – The S2000-2 enclosure has just been closed;
−"Power Failed" – The device input voltage is out of range;
−"Power Restored";
−"Battery Failed" – Low voltage or missing of the battery which backs up power for the real-
time clock;
−"Battery Restored";
−"Programming" – The controller is switched to the programming mode by means of a
Master credential or Master credential re-programming;
7
−"Manual Test" – Switching the self-diagnostic mode on;
−"Relay ON/Pulsing/OFF" – Changes in relay states;
−"Guessing" – The number of subsequent attempts to present unknown credentials to the
reader has exceeded the programmed value.
1.2.13 If a temporary communication loss happens to be during generating of a message then
the messages are stored within the S2000-2 nonvolatile memory (EEPROM). Then, when RS-485
communications are restored, the stored messages are transmitted to the network controller along with
actual event data and time in accordance with the internal S2000-2 clock.
1.2.14 The capacity of the event buffer in the non-volatile memory of the controller is 32768
events.1.2.15 The controller provides executing the following commands received over the RS-485
interface:
−Writing configuration;
−Assigning a network address;
−Arming / disarming alarm loops;
−Access control, that is granting, locking, unlocking, and restoring controlled access;
−Reading the list of credentials;
−Adding and editing the list of credentials;
−Synchronizing clock;
−Reading ATD values of resistance of the alarm loops;
−Requests for states of the controller, the alarm loops, the readers, the doors.
1.2.16 The controller doesn’t send false alarms under electromagnetic interference of third
severity level in accordance with Russian Standard ГОСТ Р50009.
1.2.17 Radio disturbances from the controller operation do not exceed the values specified in
ГОСТ Р50009.
1.2.18 The pre-operation time after powering up doesn’t exceed 5 s.
1.2.19 The mean time between failures of the controller in quiescent mode should be at least
80000 hours which is equivalent to the probability of no failure 0.98758 within 1000 hours.
1.2.20 The probability of a failure which can trigger a false alarm of the controller should be no
more than 0.01 per 1000 hours.
1.2.21 The average lifetime of the controller is 10 years.
1.2.22 The weight of the controller does not exceed 0.3 kg.
1.2.23 The overall dimensions are 156 mm ×107 mm ×39 mm.
1.2.24 The ingress protection rating of the controller is IP30 in accordance with ГОСТ 14254-96
(IEC 529-89) provided that the controller is mounted on a wall.
1.2.25 According to the content of precious materials the product does not require accounting
for storage, writing-off, and/or disposal.
8
1.3 Standard Delivery
S2000-2 Access Controller 1pcs.
Resistor MF 1/4W-8.2k + 5% 6 pcs.
Woodscrew 1-3×25.016 ГОСТ 1144-80 3 pcs.
Wall Plug 3 pcs.
DIN 7982 Flat Head Tapping Screw with Cross Drive 2.2×6.5 1 pcs.
S2000-2 Datasheet 1 pcs.
S2000-2 Installation Manual 1 pcs.
1.4 Access Modes
For all operation modes of the controller (Two Entrance Doors, One Entrance/Exit Door,
Turnstile, Boom Barrier, and Mantrap) each of the two access directions (each reader) can operate in
one of the three following access modes:
−Controlled Access;
−Access Locked;
−Free Pass.
The access mode of one reader (access in one direction) can differ from the access mode of the
second reader (access in opposite direction).
In addition to the long-duration access modes mentioned above, for any of the readers the
Access Allowed mode can be enabled providing granting access while presenting any credential.
Moreover, until an access procedure started before has been terminated the readers of the
controller can be in the Busy state.
1.4.1 Controlled Access
In the Controlled Access mode the controller provides both local and centralized access.
Local access in this mode is granted for holders of those credentials which are enrolled in the
database of the controller, are in effect at the time, are authorized to access the specified area, meet the
access conditions (the required number of credentials has been presented) and when no access rule
violations (time zone violations, antipassback rule violations, validity violations) are detected provided
that no alarm loop locking access is armed.
By a similar way access is granted for holders of credentials which are not enrolled in the
controller’s database but their codes match one of the ID Templates of the controller.
Centralized access is granted by a network controller (Orion Pro Workstation) commands for
holders of credentials which are not enrolled in the controller’s database and meet no ID Template.
Further in the text, while describing functions of the controller local access is implied unless
otherwise specified.
1.4.2 Locking Access
Access is locked or by presenting a special Locking credential, or by a remote command over
the RS-485 interface, or by arming the alarm loops locking access. If access was locked by a Locking
credential or remote command then the LED of the relevant reader starts pulsing once per second with
short pauses in red.
9
If access is locked by a special credential or by command then it is locked for all the credentials
stored in the controller’s memory (locked local access). In this case only centralized access or access
by Exit button, if applicable, can be allowed. (Centralized access can be locked only by settings of the
network controller). In addition, the reader can be switched to the Access Allowed mode for a single
authentication.
The Controlled Access mode can be restored or by second presenting of the Locking credential,
or by presenting an Unlocking credential, or by a command of the network controller over the RS-485
interface. To make the credential Locking or Unlocking, the Passage Mode parameter in the access
level of the credential is to be set to “Locking” or “Unlocking” respectively.
If access is locked because the alarm loops locking access are armed then on presenting a
combined credential authorized to disarm these alarm loops the alarm loops are disarmed and
simultaneously access is granted. For other credentials (intended only for requesting access or
combined without rights to disarm locking alarm loops) access is denied. Locking access by alarm
loops prohibits also access by EXIT button.
Locking access by alarm loops is canceled by disarming alarm loops locking access.
1.4.3 Unlocking Access
Access is unlocked on presenting a special Unlocking credential, or after activation of a special
alarm loop (see Section 1.16.14), or by a command of the network controller over the RS-485
interface. In this case the LED of the relevant reader starts pulsing ones per second with short pauses
in green.
In this mode free access can be achieved by everybody without presenting credentials.
In the Free Pass mode the controller activates the relevant relay to be open permanently (the
relay for this direction is either always on or always off) or in pulse mode (the relay is switched on or
off on every door closing). The second way to control a relay in the Free Pass mode is suitable for such
kind of barrier devices as electric strikes. Please take into account that applying voltage continuously
to some kinds of strikes can make them inoperative.
In the operation modes Two Entrance Doors and Turnstile each of the two readers (directions)
can be switched to the Free Pass mode without regard to another reader. In other operation modes (One
Entrance / Exit Door, Boom Barrier, Mantrap) activation of the Free Pass mode on one reader
automatically activates this mode for another reader.
If before passing a user has presented its credential enrolled in the controller memory and
intended for access then its passage in the Free Pass mode is logged by the same way as in case of the
Controlled Access mode. It can be necessary for time & attendance purposes or for correct operation
of antipassback functions.
If the Free Pass mode was switched on by means of the alarm loops then to restore the
Controlled Access mode it is necessary to normalize the resistance of the alarm loops. In other cases
the Controlled Access mode is achieved or by the second presenting of the Unlocking credential, or by
presenting a Locking credential, or by a command of the network controller over the RS-485 interface.
To make the credential Locking or Unlocking, the Passage Mode parameter in the access level of the
credential is to be set to “Locking” or “Unlocking” respectively.
10
1.4.4 Access Allowed Mode
This mode can be switched on by pressing the PERMIT access button and is effective only for
one authentication. In this mode the LED of the relevant reader pulses with green once per second.
In this mode a holder of any credential can achieve access regardless of the purpose of the
credential (Master, Unlocking. Locking, Operating, etc.) even if access rules are violated or the
credential is not enrolled in the controller.
The Access Allowed mode terminates just after granting access for a presented credential or the
expiry of 10 s timeout (if no credential was presented) as well as after the second press on the
PERMIT button. The reader returns to its long-term mode in which it was before: Controlled Access,
Access Locked, or Free Pass.
The PERMIT button is supposed to be situated near a guard and is uses for those cases when it
is necessary to approve granting access with logging passage with a credential without access rights or
with registered access rule violations (for time & attendance purpose or correct operation of
antipassback rules).
1.4.5 Busy State
Until a current access procedure is completed the controller generates an internal Busy signal.
For such operation modes as Turnstile, Boom Barrier, and Mantrap, while this signal is in effect no
access is provided for a next credential. In the operation modes One Entrance/Exit Door and Two
Entrance Doors an internal Busy signal is ignored.
In spite of internal Busy signals an external Busy signal can be sent to the BUSY input of the
controller. Its effect on each of the readers is defined by a relevant configuration parameter of the
reader and doesn’t depend on the operation mode of the controller. The BUSY input / output is
designed to synchronize operation of several controllers in case of arranging sophisticated access
points and to connect a presence detector (occupancy sensor) in a mantrap, vehicle loop detector at a
parking lot etc.
If a credential is presented when an internal or external Busy signal is being active, then access
cannot be achieved, please try to access later.
1.5 Two-Factor Authentication
One of the ways to strengthen protection against unauthorized access is two-factor
authentication when a user is required to present two credentials rather than a single one (for example,
a Proximity card and a PIN).
In case of two-factor authentication a procedure of granting access or operating alarm loops
begins with presenting a first credential – a Primary Code. After that the controller proceeds to the
mode of waiting for presenting an additional code, with the reader LED flashing with green five times
per second. Within 30 seconds a second credential should be presented – the Extra Code.
If the presented code does not coincide with the Extra Code then the controller generates an
Access Denied message with the Extra Code Error attribute. If a correct additional code is presented
then the authentication is considered to be completed successfully and the controller or grants access,
or proceeds to authentication of a next user (if a two-person rule or three-person rule is in effect), or
arms or disarms the alarm loops operated by the presented credential.
Necessity to apply two-factor authentication is programmed for every group of users (for every
access level) individually for each reader by setting the configuration parameter Two-Factor
11
Authentication on. In this case for all the users which fall under this group (assigned with this access
level) in addition to a primary credential code an extra code must also be defined.
A primary and an extra codes are presented to a single reader, so combinations of codes of
various types (for example, a Proximity card and a PIN) can be used only if the relevant combined
readers are connected which provide reading credentials of various types and sending them to the
controller in a single format (Touch Memory, or Wiegand, or ABA TRACK II). These combined
readers include, in particular, readers of the Proxy-Key series.
If Two-Factor Authentication is set on then presenting the relevant extra code is required
without regard to the function of the credential for the current reader (granting or confirming access,
locking or unlocking access, arming / disarming alarm loops). Only for a Master credential two-factor
authentication is never applied because an access level of a Master credential defines authorities of the
credentials programmed by means of the Master credential rather than the authorities of the Master
itself.
1.6 Access Levels
To simplify the process of description of access rights for every credential and its rights to
operate the alarm loops, the Access Level category is used. An access level is a set of rights and
limitations applied to a group of credentials (users). Thus, defining access rights for all the credentials
is substituted by defining access rights for all groups of credentials (defining access levels) and
assigning every credential with one or another access level.
Thus, on adding a new credential (user) for defining its access rights only specifying its access
level is required. And to change access rights for a whole group of credentials it is only required to
change these rights for their access level.
For the S2000-2, user authorities described in an access level are programmed for each reader
individually. So, an access level includes two identical sets of parameters: one set for the first reader
and once more set for the second one.
The parameter Two-Factor Authentication requires requesting for an extra code from a
credential holder when he or she is authorized at the reader (see Section 1.5).
Other parameters to be programmed for user via an access level fall into two groups. The
functions of a credential assigned with access control are enabled by setting on the Access attribute. If
the attribute is set on then the additional parameters of the Access group can be programmed:
–Passage Mode (which access function the credential performs at the reader);
–Access Time Zone (the intervals of time allowed for access, see Section 1.8);
–Antipassback Mode (see Section 1.9);
The functions of a credential assigned with arming and disarming are activated by setting on
the attribute Operating. Also other parameters of the Operating group are programmed:
–Rights to arm and/or disarm alarm loops LP1… LP4 of the controller;
–Operating Time Zone (the time intervals allowed for operating alarm loops, see Section 1.8).
Passage Mode (access function) can be:
–Prohibited (no rights to access the zone controlled by the reader);
–Simple (by authentication of a single credential holder);
12
–Two-Person Rule (see Section 1.7);
–Three-Person Rule (see Section 1.7);
–Confirmed Manually (a confirmation of a guard is required);
–Confirmation (for those who doesn’t request access via the access point but confirms pass
for other credential holders in accordance with a two(three)-person rule);
–Unlocking (activates Free Pass mode for the reader, see Section 1.4.3);
–Locking (activates Access Locked mode for the reader, Section 1.4.2).
If in access level of the credentials both the parameters Access and Operating are set on then
for this reader the credential is combined, i.e. is used both for access and for arming / disarming alarm
loops of the controller (see Section 1.16.10) or partitions of fire or intrusion alarm system (see
Section 1.11).
All access level parameters are applied to credentials of User and Duress types. For credentials
of Master type access levels are given only for inheriting by User credentials to be programmed by
using this Master one.
Configurations of access levels with the numbers 1 to 100 are programmable. The parameters
of the access level No.0 are fixed and imply that for both readers of the controller a credential with
zero access level is used only for access with Time Zone 0 ("Always"), Simple passage mode, disabled
antipassback.
1.7 Two (or More) Person Rule Access Control
In order to control access to zones with increased safety requirements, two or three person
access rules can be used when two or three persons must present their credentials with matched access
levels to gain access. Implement this by doing the following:
–Set on the Access parameter of the access level;
–Set Passage Mode to the value "Two-Person Rule" ("Three-Person Rule");
–Select the Access Level 1 to confirm passage;
–Select the Access Level 2 to confirm passage if a three-person access rule is in effect.
If the access level of a presented credential implies passage in accordance with a two(three)-
person access rule then an Identification message is generated, the green LED of the readers starts
pulsing five times per second, and the controller within 30 seconds is waiting for authentication of the
credential(s) which access level is (are) confirming for the presented credential.
If the next presented credential has a mismatched access level and granting access conditions
are also not met for the credential then the controller generates an Access Denied message with the
attribute Confirmation Error.
If the presented credential has a matched access level but granting access conditions have not
yet been met for both the presented credentials (three-person access rule) then an Identification
message is generated and the controller is waiting for presenting a third credential for 30 seconds.
If after presenting the second or third credential the access conditions are met for at least one of
these credentials, access is granted. If the controller operates in the Two Entrance Doors or One
13
Entrance/Exit Door mode, Access Granted messages are generated for all the credentials which meet
the access conditions. In all other operating modes, the controller generates the Access Granted
message for the first credential only.
If not all the persons, involved in the two(three)-person rule access procedure, are supposed to
enter the restricted zone (for example: a security guard confirms access of another staff member), it is
necessary to set the Confirmation passage mode for the access level of such persons. The passage itself
is not permitted for the holders of credentials in such passage mode and neither Access Granted nor
Passage messages is generated for such credential during the two(three)-person rule access procedure.
Two-(three) person access rules like other parameters of Access Level are programmed for
each reader (each passage direction) separately. For example, to entry a zone (to pass into a zone
controlled by the first reader) the two-person rule is used, while to exit this zone (to pass into a zone
controlled by the second reader) the Simple passage mode (authentication of one person only) is used,
and vice versa.
Passage modes to access zones controlled by the first and the second readers (entry mode and
exit mode) for every access level are programmed independently of another access level. Thus, for
example, for one access level passage to one zone can be programmed in accordance with a two-
person access rule while for the second access level simple passage can be given to the same zone (via
the same reader).
If for the access level X the parameter Passage Mode for one of the readers of the controller is
set in accordance with a two-person access rule and the access level Y is specified as Access Level 1 to
Confirm Passage then:
–If two-person rule access via the reader is set for the access level Y too and the access level
X is selected to be the Access Level 1 to Confirm Passage for the level Y then access for
holders of the credentials included in the access level X is granted only accompanied by a
holder of a credential included in the level Y, and vice versa;
–If the simple passage mode is selected for the access level Y, then such credential holder is
allowed as to confirm access by an access level X credential, as to pass in specified direction
(via this reader) by himself.
1.8 Time Zones
To restrict access rights for users depending on the date, the day of the week, and/or the time
within a day the so called time zones are programmed for the S2000-2 and assigned with access levels.
For every access level each reader of the controller is assigned with two time zones, the first
one being used for access and the second one being used for arming / disarming alarm loops.
An access level can be assigned with time zone numbers 0 to 100. Time zone 0 means no
time / date / day of the week limitations. Configuration of time zones with numbers from 1 to 100 is
programmed for the controller.
A time zone descriptor is composed of a list of time slots (ten) and a list of "holidays" within
one year.
A descriptor includes the start and stop times for every time slot (hours and minutes) and
activity flags for this slot in every day of the week as well as in holiday.
14
The list of holidays allows reassigning a day of the week for any day for a year ahead or to
announce any day to be a holiday. If a day in the holiday list is not reassigned (being an ordinary day),
the day of the week corresponds to a calendar day. If the day is reassigned, the calendar is ignored and
the controller considers this day as it is defined in the holiday list. The reassigned value of the day of
the week may take one the following values: 1 (Monday), 2 (Tuesday), …, 7 (Sunday), 8 (eighth day
of the zone), … 14 (fourteenth day of the zone), Holiday. The Holiday value is entered solely to
facilitate in the list reading and in principle does not differ from other values (1 … 14), therefore it
may be qualified as fifteenth day of the zone.
Thus, the holiday list allows:
–Announcing any day to be a holiday (that is the day with active time slots different from the
slots set for other days of the week);
–Transferring working days (for example, a day stated in the calendar as Saturday may be
announced as Monday);
–Programming complex flexible access schedules with repeatable period lasting for less than
7 days or exceeding 7-day period;
–Programming complex access schedules without an explicit repeatable period.
Two typical ways of filling the holiday list may be supposed among all the diversified variants:
1) If the access schedule (schedule of work) for employees is bound to the calendar week (for
example, days from Monday to Friday are working days, and Saturday and Sunday are the weekends),
most of days are not reassigned in the list (a ‘Daily’ day is determined by the calendar). Only a few
days in the list are marked as the ‘Holiday’ day, or redefined (if working days are re-announced), or
redefined for values more than 7 (if special time intervals must be active for these days).
2) If sophisticated and variable access schedules (schedules of work) are not assigned with a
calendar week then days of the week are assigned explicitly for all the listed days (reassigned) and no
ordinary days (for which a day of the week is defined according to the calendar) are left in the list.
In order to limit access rights for a credential by time, date, and validity, the controller clock
has to be synchronized with the network controller. This is provided automatically when the S2000-2
operates as a part of the Orion system based on PC or the S2000M/S2000 control panel of ver.1.20+,
provided that the date and time are set for the PC or the control panel. The controller is equipped with
a non-volatile clock and calendar, thus turning off the network controller, the RS-485 interface
communication fault, and even an S2000-2 outage will not cause the clock failure, time limitations
operating correctly after the controller starting up again. Meanwhile, one should be kept in mind that if
the S2000-2 operates standalone for a long time its clock can shift. That is why it is not recommended
to use time zones while the controller operates in standalone mode (without a network controller): all
time zones for all access levels should have the number 0. The controller backup battery provides
power supply to the S2000-2 clock for at least 5 years.
1.9 Antipassback Rules
In order a credential cannot be used for second entry in an access zone without preceding exit,
the antipassback feature is used.
An antipassback rule is considered to be violated if after a passage to a target zone of the reader
no passing back to the source zone was registered and an attempt to access the target zone second time
15
with the same credential is detected. The respond of the controller after violating of antipassback rules
depends on the current antipassback mode programmed for both the readers in the access level of the
presented credential.
One of the following antipassback modes can be applied:
−None (violation of antipassback are not monitored);
−Hard;
−Timed;
−Soft.
Hard antipassback denies next entry (access to the target zone of the reader) until egress from
the zone is detected (access to the source zone of the reader). Upon an attempt to violate antipassback
rule access is not granted and an Access Denied message is generated with the attribute Antipassback
Violation.
Soft antipassback does not deny second access but following violation of antipassback rules
Access Granted and Transaction messages are generated with the attribute Antipassback Violation.
Timed antipassback uses an additional parameter, Lockout Period. Within this predefined
amount of time after credential holder’s passage to the access zone timed antipassback is similar to
hard antipassback (the controller inhibits any second access if antipassback rule is violated and
generates an Access Denied message), but on expiry of this time timed antipassback is similar to soft
antipassback (second access is granted but Access Granted and Transaction messages are generated
with the attribute Antipassback Violation).
If the S2000-2 operates as part of an Orion system, it checks antipassback rules taking into
account all passages to the access zone registered by other controllers of the system (the Global
antipassback rule is implemented). So, if an access zone comprises several access points (for example,
several barriers in office lobby or several turnstiles operating in parallel) equipped with S2000-2
controllers then in case of entry to this zone through one access point (one S2000-2 controller) entry at
all other points (S2000-2 controllers) is locked while egress from the zone is unlocked and, vice versa,
in case of exit from this zone through one access point for all other access points exit from the zone is
locked while entry is open (if however an antipassback rule is applied for this credential).
An antipassback feature is used correctly between two access zones only if the following
requirements are met:
−Authorized passages from one zone to another are only possible via the access points
controlled by S2000-2 controllers;
−Access points between the zones have to be equipped with readers providing authentication
both for entry and for exit as well as be equipped with passage sensors;
−The parameter Target Access Zone must be set to the same value for all the readers which
control passage to the same access zone.
For all operation modes of the controller apart from Two Entrance Doors it is implied that a
target access zone of one reader is on the other hand also the source access zone of another reader, so
the readers should be assigned with different Target Access Zone numbers. In the Two Entrance Doors
operation mode the readers of a controller belong to two separate access points, so in addition to
Target Access Zone for each reader the Source Access Zone parameters also must be defined.
Applying antipassback rules, the S2000-2 takes into account all the transactions registered by
other S2000-2 controllers of the Orion system but only if the transactions refer to the two access zones
16
assigned with the S2000-2 in question. Passages relevant to zones not assigned with the S2000-2
controller are ignored.
An antipassback rule can be made stronger by setting Zonal Antipassback (“Entry/Exit
Control”). If this parameter is set on for an access level, the S2000-2 controller takes into account all
passages of credential holders assigned to the access level to all the access zones programmed within
the system. If access is requested at one of the controller readers then the antipassback rule requires
that the last passage for this credential holder was to the source zone of the reader.
Thus, for example, if the controller is located on the bound between Zone 1 and Zone 2 and
entering Zone 2 is registered followed by entering Zone 3 (access to which is controlled by another
device of the system), an attempt to pass via the access point located between the Zone 1 and Zone 2
will lead to the following:
–If the Zonal Antipassback parameter is set on, the antipassback rule will be violated
regardless of the passage direction, because the last accessed zone differs from Zone 1 and Zone 2, and
user presence in one of these zones is considered to be incorrect;
–If the Zonal Antipassback parameter is set off, the antipassback rule will not be violated by
the attempt to enter the Zone 1 and will be violated by the attempt to enter the Zone 2, because the
controller considers the user to be located in the Zone 2 (passage to the Zone 3 was ignored by the
controller).
The Zonal Antipassback parameter is in effect only if one of the antipassback modes (hard,
timed or soft) is used. If the antipassback parameter is not used, Zonal Antipassback is meaningless.
The antipassback feature is included to the Access group of credential access level parameters
and is programmed for each of the two readers individually (see Section 1.6).
In order to prevent a possibility of simultaneous access of several persons by means of
sequential presenting of the same credential at closely located readers (for example, opening several
adjacent turnstiles for pass) after granting access and until a transaction is detected, other readers of the
system are locked for a short time for this credential. Namely, if access is granted for a credential
presented at one of the readers and no passage has yet been logged, any attempt to present the same
credential at any other reader (a reader of another controller) will violate the antipassback rule. If the
hard or timed antipassback mode is used for the reader, access for this credential will be denied. As
soon as actual transaction is detected, the lockout is canceled. If no passage is detected (or a passage
sensor is not in use), the lockout will be canceled in a minute. While the lockout is active an access for
the credential is possible only via the lane controlled by the reader where the credential was presented
for the last time or through any other lane controlled by a reader where antipassback rules are not
applied for this credential.
This must be taken into account while designing an access control system at the premises. If
some access points exist not far from the access point where antipassback rules are applied (may be
reached in one-minute walk), the other points have to be equipped with passage sensors (to generate a
passing event after granting access) or the zone number 65535 has to be assigned for these access
points (access granting and passage to this zone are not transferred to other system devices and do not
cause lockout of other readers).
17
1.10 Coerced Access
The controller provides a capability to warn a security service at the premises that access or
operating partitions is requested under coercion. For doing so user presents a Duress Code to the
reader instead of a normal credential. In this case a Duress Code Presented message is generated and
messages about granting access and transaction (if the credential is used for requesting access) are
generated with the Duress Code attribute. In other respects, such credential is used as a usual one.
The controller provides two ways to present a duress code. For the first way, a user is enrolled
with two credentials instead of a single one. Both credentials are registered in the controller’s memory.
The Credential Type parameter of the first credential is set to "User" while for the second credential
this parameter is set to "Duress". Other parameters of the credentials are usually the same. In normal
conditions the first credential is used, and the second credential is used under coercion.
If two-factor authentication is in use then the second way to present the duress code can be
programmed. For this purpose the primary code of the user (credential) is assigned with a second,
special Extra Duress Code. Usually a PIN is used as an extra credential code for two-factor
authentication. So it is enough for a user to have a single primary credential and keep in memory two
PINs: an access PIN and a duress PIN.
1.11 Centralized Access and Operating Partitions
If the controller operates as part of an Orion system, for all its operation modes the credentials
presented to the readers of the controller can be used for centralized access (when Orion Pro
workstation makes a decision about granting access) and for operating (arming and disarming)
partitions (under Orion Pro workstation or S2000M panel). Moreover, the function of operating
partitions can be combined both with local and centralized access.
If credentials are intended for centralized access they must not be stored in the controller’s
memory, so they are enrolled in the Orion Pro database (without setting the attribute of storing
credentials in devices).
Credentials for operating partitions must be enrolled in the database of the panel or PC with
relevant rights. Such credentials are registered in the memory of the controller only if operating
partitions is combined with local access or (and) for applying validity period and time-zone limitations
to credentials.
The controller switches to the mode of centralized access (centralized access or operating
partitions) in the cases as follow:
1) Upon presenting a credential unknown for the controller. Both centralized access (under
Orion Pro software) and operating partitions can be achieved in this case (under Orion Pro or S2000M
panel).
2) If the controller is in the Ready to Arm / Disarm mode and a credential is presented which
is either unknown or known but not authorized to operate the alarm loops of the controller (the
Operating attribute in the access level is set off). In this case only operating partitions is enabled.
3) If the credential is presented which is enrolled in the controller and for which in its access
level the attribute Access is set off and the attribute Operating is set on but operating the own alarm
loops is not permitted. In this case only partitions can be operated.
18
Upon proceeding to the mode of centralized control, the controller sends the code of the
presented credential to the PC (panel) while the reader LED flashes with red and green alternately five
times per second until the controller receives a response from the PC or S2000M panel (it can take
from fractions of a second to several seconds depending on the number of devices connected to the
RS-485 interface).
If the network controller (PC) has made a decision to grant access then centralized access is
granted by the same way as local access is.
If the presented credential is authorized to operate a partition then the reader LED indicates the
current status of the partition in accordance with Table 2. When the credential is presented repeatedly
the partition is armed (if it was disarmed) or disarmed (for all other states). Every next presenting of
the credential follows in the action opposite to the previous operation, i.e. if the second presenting of
the credential disarmed the partition then the third presenting will arm the partition and so on. If the
credential is restricted in its rights to operate the partition, for example if only arming is permitted then
a second presenting (just as the next presenting) of this credential will cause only the permitted action
(arming) regardless of the current state of the partition. The time for indicating partition states by the
reader LED after first and next presenting of the credential is given by the relevant configuration
parameter of the controller.
If the presented credential is not known for the panel or PC or is not properly authorized then
the controller indicates reject in access – the beepers of the reader and the controller issue a long Error
sound, the red reader LED flashes three times and proceeds to its initial state (the quiescent mode).
If upon proceeding to the centralized access mode communication with the computer or panel
is lost then the controller generates a Wrong Code message for unknown credential or an Access
Denied message for a known credential. This message (just as other messages) is stored in the non-
volatile memory of the controller to be sent to the PC on restoring communication.
If centralized access (arming/disarming partitions) is achieved by presenting a credential
enrolled in the controller, then the controller verifies for this credential all the rules and limitations
applicable to an arming/disarming credential: current activity, validity period, under two-factor
authentication an extra code is requested and verified, and if the Operating attribute is set on for the
access level then time zone activity is verified. If there are violations, an Access Denied message is
generated and operating partitions is not implemented.
If a combined credential is presented (centralized access + operating partitions or local
access + operating partitions) then access is granted for this credential. To operate partitions with this
credential, the controller should be preliminary switched to the Ready to Arm / Disarm mode as well
as for using combined credentials for local operating partitions (see Sections 1.16.10 and “Operating
Alarm Loops” in Section 2). If the credential integrates local access and operating partitions then in the
access level of this credential in addition to the Access attribute the Operating attribute can be set on
for partitions to be operated without switching the controller to the Ready to Arm / Disarm mode by
only keeping the credential near the reader (see Sections 1.16.10 and “Operating Alarm Loops” in
Section 2).
Starting with the release 1.11, Orion Pro software supports two-factor authentication and
two(three)-person access rule for centralized access.
19
Table 1. Indicating Partition Conditions
Partition Status Indicator Performance Color
Disarmed Off –
Arming in process… (arming
delay) Pulses five times per second
(green + red)
Armed On
Intrusion Alarm, Fire Alarm, Fire
Prealarm, Arming Failed Pulses twice per second
Trouble
(in a fire partition) Pulses once per second
1.12 Access by ID Templates
To provide access to a wide range of persons whose credentials are difficult or impossible to
enroll to the controller memory (for example, too many credentials to enroll) provided that the codes
of the credentials are subject to a known rule (for example, start from a certain sequence of digits), the
mechanism of access by ID Templates can be implemented.
Every template consists of a credential code and a mask that “opens” certain positions of the
code. If the digits of the code of a presented credential in open positions are the same as the digits in
the relevant positions of the template then access for the credential holder can be granted with the
access rights specified for the template. Other digits of the code (not “open”) of the presented
credential are ignored.
To limit access rights of all the credentials which match to a template, a template is associated
with an access level and a validity period. Granting access for a person presenting a credential which
meets rules of any template is equivalent to that for the credential which is stored in the controller
memory, has access rights of the template’s access level and validity period, except for the following
limitations:
−The credential can be only of User Type and cannot be “Master”;
−Antipassback rules are not monitored (for the credentials that are not stored in the controller
memory passage events are not logged);
−Two-factor authentication cannot be implemented (neither a primary code nor extra code of the
credential is stored in the controller memory).
When a credential has been presented to a reader of the S2000-2, the controller firstly checks whether
the credential code is stored in the database. If the code is not found in the controller memory, it is
compared with the first ID template, then with the second one, etc. So, if the code is stored in the
controller database, the access rights set for this credential will be applied. Otherwise, if the code is not
stored in the memory but meets at least one template, access rights set for this code template will be
applied (for the first of the templates, if the credential code meets several templates simultaneously).
A
A
A
A
20
It should be kept in mind that the codes that are used for centralized access and/or
arming/disarming must neither be stored in the controller memory no meet any ID template
programmed.
By default, all the five ID templates of the controller are disabled.
To enable access by an ID template do the following:
−Unlock one of the templates;
−Define a template code by reading (presenting to the reader) any card which code meets to
the template or type the code manually in the configuration program (it is important to enter
correctly those digits of the code which will be “open” and must match for all the credentials
for which this template is intended);
−"Open" the significant positions in the code and "close" the rest positions
("opening"/"closing" is implemented by double clicking on the relevant position of the ID
template in the configuration program).
A typical example of using access by ID templates is controlling access to an ATM for bank
clients who have bank cards with serial numbers starting with the specified numerical sequence.
If it is necessary to grant access for all holders of cards then all position in the template should
be ‘covered’ (no position of the code is required to be the same).
1.13 Connecting Readers
To read codes of credentials, two readers with Touch Memory, Wiegand, ABA TRACK II
interface are to be connected to the controller.
The terminal sets to connect the first and the second reader to the controller are similar and are
described in Table 2. Table 2. Terminals for Connecting Readers to the S2000-2
Terminal Input or
Output Purpose
D0
Touch Memory
mode Input/output Data of the readers
Wiegand mode Input D0 data of the reader
ABA TRACK II
mode Input DATA data of the reader
D1
Touch Memory
mode – Unused
Wiegand mode Input D1 data of the reader
ABA TRACK II
mode Input CLOCK signal of the reader
LEDG Output Green LED control
LEDR Output Red LED control
BEEP Output Beeper control
The digit "1" or "2" in the terminal designation means which reader the terminal is related to.
For example, the control circuit of the green LED of the first reader is connected to the LEDG1
terminal of the controller.
In addition to the terminals mentioned above, for convenient connecting of readers there are
power voltage output contacts on the controller’s PCB ("+12V1", "GND1" and "+12V2", "GND2").
Other manuals for S2000-2
1
Table of contents
Other bolid IP Access Controllers manuals
