Dahua Technology DH-PFM888S-AC User manual
Wireless Access Controller
User’s Manual
V 1.0.0
ZHEJIANG DAHUA VISION TECHNOLOGY CO., LTD.
I
Legal Statement
Copyrights
© 2018 ZHEJIANG DAHUA VISION TECHNOLOGY CO., LTD.. All rights reserved.
Any or full contents of the user’s manual cannot be copied, transmitted, distributed, partially or
wholly, by any means, without the prior written notice of ZHEJIANG DAHUA VISION
TECHNOLOGY CO., LTD. (hereinafter “Dahua”).
Dahua or the third party may reserve the right of the product described in this user’s manual.
Without the prior written approval of the corresponding party, any person cannot copy, distribute,
amend, reverse compile, disassemble, decode, reverse engineering, rent, transfer or sub-license
the software.
Trademark
,, and are the trademarks or registered
trademarks of the Dahua in various jurisdictions.
HDMI logo, HDMI and High-Definition Multimedia Interface are trademarks or registered
trademarks of HDMI Licensing LLC. This product has been authorized by HDMI Licensing
LLC to use HDMI technology.
VGA is the trademark of IBM.
Windows logo and Windows are trademarks or registered trademarks of Microsoft.
Other trademarks and company names mentioned are the properties of their respective
owners.
About this Document
This document is for reference only. Please refer to the actual product for more details.
This document serves as a reference for multiple types of products, whose specific
operations won’t be enumerated. Please operate according to actual products.
The user shall undertake any losses resulting from violation of guidance in the document.
In case that PDF document cannot be opened, please upgrade the reading tool to the
latest version or use other mainstream reading tools.
This company reserves rights to revise any info in the document anytime; and the revised
contents will be added to the new version without prior announcement. Some functions of
the products may be slightly different before and after revision.
The document may include technically inaccurate contents, inconsistencies with product
functions and operations, or misprint. Final explanations of the company shall prevail.
II
Cybersecurity Recommendations
Mandatory actions to be taken towards cybersecurity
1. Change Passwords and Use Strong Passwords:
The number one reason systems get “hacked” is due to having weak or default passwords. It is
recommended to change default passwords immediately and choose a strong password whenever
possible. A strong password should be made up of at least 8 characters and a combination of special
characters, numbers, and upper and lower case letters.
2. Update Firmware
As is standard procedure in the tech-industry, we recommend keeping NVR, DVR, and IP camera
firmware up-to-date to ensure the system is current with the latest security patches and fixes.
“Nice to have” recommendations to improve your network security
1. Change Passwords Regularly
Regularly change the credentials to your devices to help ensure that only authorized users are able
to access the system.
2. Change Default HTTP and TCP Ports:
● Change default HTTP and TCP ports for systems. These are the two ports used to communicate
and to view video feeds remotely.
● These ports can be changed to any set of numbers between 1025-65535. Avoiding the default
ports reduces the risk of outsiders being able to guess which ports you are using.
3. Enable HTTPS/SSL:
Set up an SSL Certificate to enable HTTPS. This will encrypt all communication between your
devices and recorder.
4. Enable IP Filter:
Enabling your IP filter will prevent everyone, except those with specified IP addresses, from
accessing the system.
5. Change ONVIF Password:
On older IP Camera firmware, the ONVIF password does not change when you change the system’s
credentials. You will need to either update the camera’s firmware to the latest revision or manually
change the ONVIF password.
6. Forward Only Ports You Need:
● Only forward the HTTP and TCP ports that you need to use. Do not forward a huge range of
numbers to the device. Do not DMZ the device's IP address.
III
● You do not need to forward any ports for individual cameras if they are all connected to a recorder
on site; just the NVR is needed.
7. Disable Auto-Login on SmartPSS:
Those using SmartPSS to view their system and on a computer that is used by multiple people
should disable auto-login. This adds a layer of security to prevent users without the appropriate
credentials from accessing the system.
8. Use a Different Username and Password for SmartPSS:
In the event that your social media, bank, email, etc. account is compromised, you would not want
someone collecting those passwords and trying them out on your video surveillance system. Using a
different username and password for your security system will make it more difficult for someone to
guess their way into your system.
9. Limit Features of Guest Accounts:
If your system is set up for multiple users, ensure that each user only has rights to features and
functions they need to use to perform their job.
10. UPnP:
● UPnP will automatically try to forward ports in your router or modem. Normally this would be a good
thing. However, if your system automatically forwards the ports and you leave the credentials
defaulted, you may end up with unwanted visitors.
● If you manually forwarded the HTTP and TCP ports in your router/modem, this feature should be
turned off regardless. Disabling UPnP is recommended when the function is not used in real
applications.
11. SNMP:
Disable SNMP if you are not using it. If you are using SNMP, you should do so only temporarily, for
tracing and testing purposes only.
12. Multicast:
Multicast is used to share video streams between two recorders. Currently there are no known issues
involving Multicast, but if you are not using this feature, deactivation can enhance your network
security.
13. Check the Log:
If you suspect that someone has gained unauthorized access to your system, you can check the
system log. The system log will show you which IP addresses were used to login to your system and
what was accessed.
14. Physically Lock Down the Device:
Ideally, you want to prevent any unauthorized physical access to your system. The best way to
achieve this is to install the recorder in a lockbox, locking server rack, or in a room that is behind a
lock and key.
IV
15. Connect IP Cameras to the PoE Ports on the Back of an NVR:
Cameras connected to the PoE ports on the back of an NVR are isolated from the outside world and
cannot be accessed directly.
16. Isolate NVR and IP Camera Network
The network your NVR and IP camera resides on should not be the same network as your public
computer network. This will prevent any visitors or unwanted guests from getting access to the same
network the security system needs in order to function properly.
V
Preface
Overview
This document mainly introduces mounting and basic function of small wireless AC
management platform.
Applicable Model
DH-PFM888S-AC
Symbol Definition
The following symbols may appear in the document. Please refer to the table below for the
respective definition.
Symbol
Note
It indicates a potentially hazardous situation which, if not avoided, could
result in death or serious injury.
It indicates a potential risk that, if ignored, could result in damage to
device, loss of data, degraded performance, or unpredictable results.
It means that it can help you to solve some problems or save your time.
It means the additional info, which is to emphasize or supplement.
Revision Record
No.
Version No.
Revision Content
Release Date
1
V 1.0.0
First release
2018.3.20
VI
Important Safeguards and Warnings
The following description is the correct application method of the device. Please read the
manual carefully before use, in order to prevent danger and property loss. Strictly conform to
the manual during application and keep it properly after reading.
Operating Requirement
Suitable working environment is the foundation of normal operation. Please check whether it
meets the following conditions before mounting.
Please transport, use and store the device within allowed humidity and temperature range.
For working humidity and temperature, please refer to technical parameters of the product.
Please use and store the device on a stable foundation or in a fixed standard cabinet.
Please pack the device with original package or equivalent material during transportation.
Please don’t block the vent of the device. Install it at well-ventilated places and keep at
least 2 cm distance away from another device.
Please don’t put the device in explosive, damp, dusty, extremely hot, extremely cold,
corrosive gas, strong electromagnetic radiation or instable lighting conditions.
Please don’t install the device in an area exposed to direct sunlight or near heat generating
device, such as radiator, heater, furnace or other heating device, in order to prevent fire.
Please prevent liquids from flowing into the device, in order to protect internal elements. In
case that liquids flow into the device, please stop using at once, cut off power supply, pull
out all cables and contact after-sales service.
Please don’t press, vibrate violently or immerse the device during transportation, storage
and installation.
Please don’t dismantle the device unless the supplier’s professionals are on the site or
provide guidance.
During deployment and use, please backup data timely, in order to prevent data loss due to
abnormal operation.
Power Requirement
Safe and stable power supply is a precondition of normal work.
Please conform to local electrical safety standard strictly; ensure that voltage is stable and
meet power supply requirement of the device.
Before operation, please check whether power supply is correct.
Please use the power adapter or case power provided by the device manufacturer.
Please don’t connect the device after powering on power adapter. The power adapter and
device shall be connected under power-off state.
Please don’t disconnect power cable of the device when power adapter is on.
For permanently connected device, please install an obvious and easily identifiable all-pole
disconnection device in external power circuit.
In case that domestic or industrial plug is used and power is cut off by pulling out the plug,
please mark the plug, for the purpose of emergency power-off when necessary.
VII
Please don’t provide two or more power supply modes simultaneously, which may damage
the device or lead to safety risks.
It is suggested that overcurrent protection device (fuse or air switch) should be used in
serial in device power circuit. Its overcurrent protection rated value shall not exceed 2
times as many as rated current of the device.
Faulty power shall be replaced with a new power of the same specification.
VIII
Table of Contents
Legal Statement .....................................................................................................................................................I
Cybersecurity Recommendations...................................................................................................................II
Preface.................................................................................................................................................................... V
Important Safeguards and Warnings.............................................................................................................VI
1Product Overview.............................................................................................................................................. 1
1.1 Product Profile........................................................................................................................................... 1
1.2 Features..................................................................................................................................................... 1
1.3 Hardware Parameters.............................................................................................................................. 4
1.4 Performance Specification....................................................................................................................... 5
2Device Mounting................................................................................................................................................ 6
2.1 Interface...................................................................................................................................................... 6
2.2 Device Mounting ....................................................................................................................................... 7
3Go Online............................................................................................................................................................. 8
3.1 L2 Goes Online ......................................................................................................................................... 8
3.1.1 Access Point Device Goes Online.............................................................................................. 8
3.1.2 Client Device Goes Online........................................................................................................... 9
3.2 L3 Goes Online ....................................................................................................................................... 10
3.2.1 Access Point Device Goes Online.............................................................................................11
3.2.2 Client Device Goes Online......................................................................................................... 13
4Functional Introduction............................................................................................................................... 15
4.1 Login......................................................................................................................................................... 15
4.2 State Statistics......................................................................................................................................... 16
4.3 Device Management............................................................................................................................... 17
4.3.1 Device List.................................................................................................................................... 17
4.3.2 Delete Device .............................................................................................................................. 18
4.3.3 Edit Group.................................................................................................................................... 19
4.3.4 Issue Template............................................................................................................................. 21
4.3.5 Device Upgrade........................................................................................................................... 22
4.3.6 Retrieve the Client ...................................................................................................................... 23
4.4 Terminal Management............................................................................................................................ 24
4.4.1 Terminal List................................................................................................................................. 24
4.4.2 Info Statistics................................................................................................................................ 25
4.5 Advanced Management......................................................................................................................... 28
4.5.1 Template Management............................................................................................................... 28
4.5.2 Image Management.................................................................................................................... 35
4.5.3 System Log.................................................................................................................................. 38
4.6 System Settings...................................................................................................................................... 39
4.6.1 Basic Settings.............................................................................................................................. 39
4.6.2 Upgrade Configuration Management....................................................................................... 42
4.6.3 Access Control............................................................................................................................. 43
4.7 Map Mode................................................................................................................................................ 51
IX
4.7.1 Online Map................................................................................................................................... 51
4.7.2 Offline Map................................................................................................................................... 54
4.7.3 Map Management....................................................................................................................... 55
4.8 Marketing Management......................................................................................................................... 56
4.8.1 Advertising Management ........................................................................................................... 57
4.8.2 Theme Management................................................................................................................... 58
4.8.3 Advertising Statistics................................................................................................................... 59
4.8.4 Message Management............................................................................................................... 60
4.8.5 Application Example ................................................................................................................... 60
4.9 Logout....................................................................................................................................................... 64
1
1Product Overview
1.1 Product Profile
DH-PFM888S-AC is a wireless access control product independently researched, with a built-in
Dahua wireless management platform. With this controller, realize centralized management
and configuration of AP, and solve some management problems of traditional AP.
Without needs to change the structure, this controller integrates with existing network perfectly,
simplifies network allocation and management greatly, and thus saves users’ investment. It is
able to manage 256 sets of equipment, so maximum amount of users reaches 8,192. It is able
to upgrade automatically, issue the configuration automatically to access points and clients,
realize real-time surveillance, and reduce network deployment cost and maintenance difficulty
greatly. Wireless cloud platform is widely used in campus, large enterprise and city, to provide
powerful WLAN hotspot coverage capability.
1.2 Features
Multi-device Management
DH-PFM888S-AC provides a friendly Web configuration interface, so as to help network
administrator to complete device configuration and maintenance with the highest efficiency.
Support CAPWAP protocol.
Multi-level device management.
Support manual and automatic upgrade of the device.
2
Figure 1-1
L2/L3 Network Configuration
DH-PFM888S-AC boasts functions such as user management, smart radio frequency (RF)
management and restoration. In any existing L2/L3 network, this product can realize seamless
and safe wireless network configuration, without needs to interrupt present network operation.
Find the device through static IP or automatically
Issue wireless configuration module.
3
Figure 1-2
Real-time Surveillance System
With real-time surveillance function, DH-PFM888S-AC is able to monitor the operating state of
network, and timely report connection, disconnection and abnormal alarm info. Meanwhile, all
records can be uploaded to log server.
Support many types of system info.
Support many types of warning info.
Support system log service.
Figure 1-3
4
Map Display Device
With map display function, observe the distribution and operation conditions of the device.
Support to display device location on Baidu/Google Map.
Visually display the device info on the map.
Figure 1-4
1.3 Hardware Parameters
For relevant hardware parameters, please refer to Table 1-1.
No.
Feature
Specification
1
CPU
IPQ4028
2
Memory
256MB
3
Storage space
256MB
4
Physical interface
5×10/100/1000M Base-TX
1×USB
1×Console
5
Dimension
170 mm×160 mm×34mm
6
Power supply
DC 12V 2A
7
Operating ambient
temperature
-10℃~55℃
8
Operating ambient
humidity
5%~95% (non-condensation)
Table 1-1
6
2Device Mounting
2.1 Interface
Schematic diagram of interfaces is shown in Figure 2-1. Please refer to Table 2-1 for
descriptions.
Figure 2-1
No.
Interface
Name
Connection and Function
1
DC12V
DC-JACK
DC power supply (12V 2A).
2
LED indicator
LED indicator
Power indicator, 2G/5G indicator.
3
USB
USB
Import license info to open authority of AP
managed number. The largest managed
number has been opened at present.
4
LAN1~LAN4
LAN interface
Access point device can go on line after
corresponding configuration and
connection with this interface through
network cable.
After PC is connected with this interface
through network cable, open the browser
to input IP address of management
interface, in order to visit and manage the
device.
Default address of LAN interface is
192.168.1.100.
5
WAN
Management
interface
After PC is connected with this interface
through network cable, open the browser
to input IP address of management
interface, in order to visit and manage the
device.
Default address of WAN interface is
192.168.3.100.
6
RST
Reset key
Restore factory settings.
7
CONSOLE
Control interface
Use serial port line to connect this interface;
view and manage the device at the
background.
7
Table 2-1
2.2 Device Mounting
DH-PFM888S-AC can be mounted on the wall or on desktop directly.
Drill 8mm hole in the wall.Step 1 Put in rivet bolt, and tighten screw.Step 2 Install the device onto the screw.Step 3
Figure 2-2
Figure 2-3
8
3Go Online
3.1 L2 Goes Online
Access points can directly connect LAN interface of DH-PFM888S-AC to go online. To join
DH-PFM888S-AC, clients shall associate with access point device that has already joined
DH-PFM888S-AC.
3.1.1 Access Point Device Goes Online
Open IP address page of the access point device to modify its IP address. For example,Step 1 modify it to 192.168.1.36.
Set the following parameters in wireless setting page of access point device.Step 2 SSID is DaHua, channel is automatic, and default encryption is WPA2-PSK (secret key
is 1234567890abc). After the access point device joins DH-PFM888S-AC, these
parameters can be modified on DH-PFM888S-AC pages.
Figure 3-1
At AC management page of AP wireless device, enableAC control function.Step 3
9
Figure 3-2
Item
Description
WTP Name
Name of access point device on DH-PFM888S-AC, to be filled in according to needs.
WTP
Location
Info about device location on DH-PFM888S-AC, to be filled in according to needs.
Add IP
It consists of manual designation and automatic mode. Access point device IP and IP
of DH-PFM888S-AC LAN interface shall be in the same network segment.
In case of manual designation, fill in IP address of DH-PFM888S-AC LAN
interface manually; default address is 192.168.1.100.
In case of automatic mode, search DH-PFM888S-AC address automatically and
go online. After AC function is enabled, click Apply & Restart. Configuration of this
function will take effect and the access point device will restart.
Table 3-1
Connect access point device with one LAN interface of DH-PFM888S-AC, so theStep 4 access point device will go online at DH-PFM888S-AC.
3.1.2 Client Device Goes Online
To join DH-PFM888S-AC, client devices shall wirelessly associate with access point device that
has already joined DH-PFM888S-AC.
Open IP address page of the client device to modify its IP address. For example,Step 1 modify it to 192.168.1.37.
Open wireless setting page of the client device, choose the access point whose SSID isStep 2 DaHua; default encryption is WPA2-PSK (secret key is 1234567890abc).
10
Figure 3-3
At AC management page of client device, enable AC control function.Step 3
Figure 3-4
Up to now, setting of access point and client has been completed, ready to join
DH-PFM888S-AC. Please check at DH-PFM888S-AC page.
3.2 L3 Goes Online
When DH-PFM888S-AC and the device to be managed are located in different network
segments in relatively complicated network environment, online environment of access point
and client is shown as follows.
Table of contents
Other Dahua Technology IP Access Controllers manuals
