Cisco Physical Access Manager User Guide, Release 1.4.1
System Configuration Settings
Downloads: This chapterpdf (PDF - 622.0KB) The complete bookPDF (PDF - 61.78MB) | Feedback

System Configuration Settings

Table Of Contents

System Configuration Settings

Contents

LDAP Settings

Event/Alarms Settings

Data Entry/Validation - Personnel Settings

Data Entry/Validation - Badge Settings

Data Entry/Validation - Login

Password Policy Settings

Custom Personnel Fields Settings

Custom Device Fields Settings

Custom Badge Fields

Personnel ID Number Generator

PIN Generator

Card Number Generator

Support Contact Information

Miscellaneous Settings

Cisco Settings


System Configuration Settings


This chapter describes the system-wide site settings available in the System Configuration module.In Cisco Physical Access Manager 1.4.1 release, the System Configuration module includes additional settings through which an user profile can be associated to a location hierarchy. This feature allow the users to control or execute actions on locations and sub locations mapped to their user profile. See Data Entry/Validation - Login


Note We recommend restricting access to the System Configuration module to administrators only.


To modify the system configuration settings, do the following:


Step 1 Select System Configuration from the Admin menu.

Step 2 Select a configuration topic from the tabs on the left (Figure 17-1).

Step 3 Enter the settings and configurations as described in the sub-sections listed below.

Step 4 Click Save to save changes made in a system configuration window.

Step 5 Log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu). For some settings in the Cisco Settings window, you must restart the Cisco PAM appliance. See the "Cisco Settings" section for more information.



Contents

LDAP Settings

Event/Alarms Settings

Data Entry/Validation - Personnel Settings

Data Entry/Validation - Badge Settings

Data Entry/Validation - Login

Password Policy Settings

Custom Device Fields Settings

Custom Badge Fields

Personnel ID Number Generator

PIN Generator

Card Number Generator

Support Contact Information

Miscellaneous Settings

Cisco Settings

LDAP Settings

The LDAP options (Figure 17-1) include login validation settings required to use the Lightweight Directory Access Protocol. See Table 17-1 for field descriptions.


Tip For more information, see Configuring LDAP User Authentication.


Figure 17-1 LDAP Settings

LDAP uses a principle to authenticate. The principle is formed from the username: prefix + username + suffix. The exact format of the principle varies based on the type of LDAP server, and the domain.

For Active Directory, the prefix should be the (uppercase) domain followed by \\ (example: MY-DOMAIN\\) and the suffix should be blank.

For OpenLDAP, the prefix should be: uid=
The suffix should be changed to reflect the actual domain.
So for my-domain.com, this would be:
,dc=my-domain,dc=com

Table 17-1 describes the LDAP settings:

Table 17-1 System Configuration LDAP Settings 

Field
Description

Enable LDAP

Click the checkbox to enable or disable LDAP support.

LDAP server URL

URL of LDAP server, must begin with ldap://

Example: ldap://192.168.1.1

Principle suffix

Appended to the username for authentication. See above.

Principle prefix

Prepended to the username for authentication. See above.

Search root

LDAP search root. The search root is the node in the LDAP tree, the subtree under which the user account should be found.

For Active Directory, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com: cn=Users,dc=my-domain,dc=com.

For OpenLDAP, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com:dc=my-domain,dc=com.

LDAP version

Advanced setting that generally should be left unchanged.

JNDI authentication type

Advanced setting that generally should be left unchanged as simple.

JNDI factory

Advanced setting that generally should be left unchanged as com.sun.jndi.ldap.LdapCtxFactory



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Event/Alarms Settings

Use the Events/Alarms tab (Figure 17-2) to define how alarms are managed by the system, and how much video is recorded for events.

Figure 17-2 Events/Alarm Settings

Table 17-2 describes the Event and Alarms settings.

Table 17-2 System Configuration Alarm Fields 

Field
Description

Allow commenting of cleared alarms

Allow operators to comment on alarms that have already been cleared.

Consolidate duplicate alarms window (mins)

If duplicate alarms are being consolidated, this is the maximum time difference between the original and the duplicate. If an alarm that would otherwise be considered a duplicate occurs after this time, it becomes a new original alarm and subsequent duplicate alarms will bump up its duplicate count.

Consolidate duplicate alarms

Consolidate duplicate alarms identical other than time, into a single alarm, with an increasing alarm count. This is useful for preventing a flood of individual alarms; for example, if an armed alarm point is on an external gate which is flapping in the wind, repeatedly triggering the alarm. It is not recommended that this be unchecked without careful consideration of the possible performance impact of the increased number of individual alarms.

Duplicate alarm cache size

The size of the cache for duplicate alarms.

Length of video to display pre-event

The number of seconds of video that are included before the event occurred.

Length of video to display post-event

The number of seconds of video that are included after an event occurs.

Repeat alert sounds

Defines if alarms sounds are played only once, or repeated.

Show audit records in events

Lists the audit records of events.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Data Entry/Validation - Personnel Settings

Figure 17-3 Personnel Data Entry Settings

Table 17-3 describes the Data Entry/Validation - Personnel settings.

Table 17-3 Data Entry/Validation - Personnel Settings 

Field
Description

Default personnel ID specifier

The type of personnel ID specifier the field will default to. The various ID specifiers will be available in the drop-down.

Allow duplicate personnel IDs

Allow personnel to be added with duplicate personnel IDs.

Warn about duplicate personnel IDs

Warn if personnel are added with duplicate personnel IDs.

Use signature capture

Enable the ability to capture personnel signatures with a signature capture device. Signature capture devices must be configured in the application preferences before they may be used. See Enabling Signature Capture Devices.

Use single-screen personnel wizard

Enables a single-screen personnel wizard used for personnel data entry. All personnel information is available on one screen.

Use custom fields on personnel wizard

Enable custom fields in the single-screen personnel wizard. This makes the screen larger, but is useful if important data is being stored in the custom fields. Refer to custom fields in the Custom Personnel Fields window.

Use CSV personnel import wizard

Enable the CSV import wizard in the personnel module. The CSV import wizard allows operators to add personnel to Cisco Physical Access Manager using a CSV file. See Importing Personnel Records Using a Comma Separated Value (CSV) File.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Data Entry/Validation - Badge Settings

Figure 17-4 Badge Data Entry Settings

Table 17-4 describes the Data Entry/Validation - Badge settings.

Table 17-4 Data Entry/Validation - Badge Settings 

Field
Description

Allow printing of unsaved badges

Allows printing new badges before the badge is saved. For highest security, leave this unchecked. When allowed (which may be more convenient), it is possible to print a badge without having any record of the badge.

Set 'today' as the default effective date

Uses the current date as a new badge effective date.

Use single-screen badge wizard

Enables a single-screen badge wizard for data entry. Most badge properties are on one screen.

Require PIN to be unique

Requires cardholder PINs to be unique. Useful in systems that use PIN-only access-control.

Allow null PIN

Allows badges to have null PINs. Useful in systems that do not use PIN for access-control.

Require numeric hot stamp

Requires hot stamp field to be numeric.

Disallow leading zeros in hot stamp

Prohibits users from adding hot stamps with leading zeros.

Use effective times for badges

Select this checkbox to enable the effective time constraint for badges, in addition to effective date, which is always enabled.

Use expiration times for badges

Select this checkbox to enable the expiration time constraint for badges, in addition to effective date, which is always enabled.

Use custom fields on badge wizard

Enables custom fields in the badge wizard. This makes the screen larger, but is useful if important data is being stored in the custom fields.

Max PIN Length

The maximum number of characters in a PIN.

Disable batch badge printing

Enables or disables the batch printing module. See Printing Multiple Badges.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


Data Entry/Validation - Login

The profile enhancement feature is set in this page. This configuration setting facilitates the administrator to link a user profile to hierarchial location.

Figure 17-5

Data Entry/Validation - Login Settings

Table 17-5 describes the Data entry Validation - Login Settings

Table 17-5 Data entry Validation - Login Settings

Field
Description

Login may not have a profile from a different partition

Not supported in this version

Profile may not restrict by hierarchial location

select this check box if you do not want user profiles to be restricted by hierarchial locations

Allow profile to be bound to hierarchial locations per assignment

select this check box if you want user profiles to be restricted by hierarchial locations


On setting these changes , the system configuration settings changes i.e a user is able to associate a location to a login thereby granting privileges to the login user for devices in that location. Also a a user can be associated to several profiles and the one with higher privileges is applied to the login user.


Tip You must select both Profile may not restrict by hierarchial location and Allow profile to be bound to hierarchial locations per assignment to associate profiles to hierarchial location.



Note If the user does not select the fields that associate profiles to locations, the user profile actions are not restricted to the locations or sub locations that they belong to. The configuration settings would then reflect the Cisco Physical Access Manager 1.3 release.


Password Policy Settings

The Password Policy options (Figure 17-6) determine password expiration and strength requirements.

Figure 17-6 Password Policy Settings

Table 17-6 describes the Password Policy settings.

Table 17-6 System Configuration Password Policy Fields 

Field
Description

Passwords expire after (days)

Passwords expire after this many days.

Minimum alphabetic characters

Minimum number of a to z characters or A to Z characters in the password.

Minimum password length

Minimum number of characters in the password.

Minimum uppercase characters

Minimum number of uppercase password characters.

Minimum lowercase characters

Minimum number of lowercase password characters.

Minimum numeric characters

Minimum number of numeric password characters.

Minimum special characters

Minimum number of special characters in the set specified below.

Set of "special" characters

Which characters qualify as special characters for the above.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Custom Personnel Fields Settings

The Custom Personnel Fields defines the custom fields available in the personnel detail window.

Figure 17-7 Custom Personnel Fields

Table 17-7 describes the Custom Personnel Fields settings.

Table 17-7 Custom Personnel Fields 

Field
Description

Custom Personnel Field

Selects which of the available custom fields is to be viewed or edited.

Enabled

Select the checkbox to enable the selected custom field.

Drop down

Select the checkbox to use a drop-down for entry the selected custom field.

Column header

Changes the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example: Driver's License Number.

Form label

Changes the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example: Driver's license number.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Custom Device Fields Settings

Configures which the custom fields which are available in the device detail window.

Figure 17-8 Custom Device Fields

Table 17-8 describes the Custom Device Fields settings.

Table 17-8 Custom Device Fields Settings 

Field
Description

Custom Device Fields

Selects which of the available custom fields is to be viewed or edited.

Enabled

Select the checkbox to enable the selected custom field.

Drop down

Select the checkbox to use a drop-down for entry the selected custom field.

Column header

Change the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example, Serial Number.

Form label

Change the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example, Serial number.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Custom Badge Fields

Configures which the custom fields which are available in the badge detail window.

Figure 17-9 Custom Badge Settings

Table 17-9 Custom Badge Fields 

Field
Description

Custom Badge Fields

Selects which of the available custom fields is to be viewed or edited.

Enabled

Select the checkbox to enable the selected custom field.

Drop down

Select the checkbox to use a drop-down for entry the selected custom field.

Column header

Changes the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example: Serial Number.

Form label

Changes the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example: Serial number.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Personnel ID Number Generator

The personnel ID number generator is used for generating random personnel ID numbers, and is useful when personnel IDs do not correspond to any pre-existing ID numbers, such as employee ID, Social Security Number.

Figure 17-10 Personnel ID Number Generator Settings

Table 17-10 Personnel ID Number Generator Settings 

Field
Description

Enabled

Enables the personnel ID number generator. New personnel entries will have randomly generated ID numbers entered in the field.

Length

The digit length of generated IDs.



Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).


PIN Generator

Use the PIN generator to generate random PIN numbers for badges.

Figure 17-11 PIN Generator Settings

Table 17-11 PIN Generator Settings

Field
Description

Is Present

Enable the personnel ID number generator. Adding new personnel will have randomly generated ID numbers entered in the field.

Length

The amount of digits in the generated PIN.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Card Number Generator

With the card encoder enabled the card number generator will create a card number with the minimum and maximum digits specified below.

Figure 17-12 Card Number Generator Settings

Table 17-12 Card Number Generator Settings 

Field
Description

Is Present

Enables the card number generator. Adding new badges will have randomly generated card numbers entered in the Card # field.

Maximum

Maximum amount of card digits.

Minimum

Minimum amount of card digits.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Support Contact Information

Customer contact information is displayed in the About window available from the Help menu. It is intended to be customized with the dealer/installer/integrator's contact information, as this is often the first contact for support purposes.

Figure 17-13 Support Contact Information Settings

Table 17-13 Support Contact Information Settings

Field
Description

Company

Support company's name.

Contact name

The name of the contact person.

Contact person's email address

The contact person's email address.

Contact person's phone number

The contact person's phone number.

Company's website

Support company's company website address.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Miscellaneous Settings

Figure 17-14 includes a variety of settings, as described in Table 17-14.

Figure 17-14 Miscellaneous Settings

Table 17-14 Miscellaneous Settings

Field
Description

Load all strings from database

Loads all text strings from the database. Used in conjunction with the advanced Text Strings module. Normally there is no reason to check this, as any strings that have been changed or customized since the time of install will be automatically loaded from the database.

Always open new modules in same window

If checked, opening a new module simply replaces the module in the same window, rather than opening a new window.

Enable Window>New Window

Allows modules to be opened in multiple windows. Adds an additional New Window button to the toolbar.

Prevent force quit (Command-Q) on Mac OS X

Blocks the force quit command.

Allow deletion of items that normally may only be disabled

Enables a true delete option in some modules. Normally, important items should be disabled, not deleted. Even with this option enabled, only items that are not referenced by other items may be deleted. For example, if a device has an event occur for it, it may no longer be deleted, as the event references the device. This is because true deletion in this case would result in the inability to correctly report on any such events.

Allow deletion of devices with events

Deletes events associated with a device when a device is deleted.

Note Cisco recommends that you do not delete devices. Events that are associated with the device will be deleted if the device is deleted.

Restrict new devices to wizards only

All new devices added to the Hardware module will use an add wizard.

Default max rows

Limits the number of visible rows in list-based modules such as Events and Badges. For example, if the default max rows is set to 100, the badges module displays a maximum of 100 rows.

Enter a number between 1 and 5000.

Change queue buffer size

Enter a new buffer size.

Enable Credential Watch

Enables the Credential Watch feature which places color borders around photos in the Event Photos module. See Adding a Color Border to Event Photos (Credential Watch).

Use cross-platform page setup dialog for badge printing

Select this option to use the cross-platform Java page dialog if the badge image is truncated. This occurs when using the default printer dialog on some printers (such as the Zebra printer).

Truncate imageable area values used to initialize cross-platform page dialog

If the image is still truncated using the cross-platform Java page dialog, select this option to apply .01 inch margins.

Use Pageable print interface for badge printing

The Java Printable printing interface is used by default. If printing problems occur (such as with the Evolis printer), select this option to use the Java Pageable printer interface.

Stroke text before printing badges

If problems occur printing text, such as on a Mac, select this option to apply a stroke when printing.

Logged in workstations assume partition of login's profile

not supported in this version.(1.4.1)

Partition-restricted workstations only use explicitly assigned license items

not supported in this version.(1.4.1)

Rasterize before printing

It converts the watermark into an image internally and prints it on the badge.

Note Ensure that you do not enable this option unless there is an issue with printing the images on the badges.



Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).


Cisco Settings

Figure 17-15 includes the settings described in Table 17-14.

Figure 17-15 Cisco Settings


Note To activate changes made to Cisco settings, you must either log out and log back in, or restart the Cisco PAM appliance, as described in the following table. To restart the appliance, see Using the Web Admin Menus, Commands and Options, or ask your system administrator for assistance.


Table 17-15 Cisco Settings

Field
Description
To Activate Changes

Default discovered gateway time zone

Defines the time zone for all discovered Gateways. This time zone is configured on all discovered Gateways.

Restart the Cisco PAM appliance.

Credential download frequency (mins)

Defines how often (in minutes) credential information is downloaded to the Gateways.

Note You can also download credential changes immediately. Select Hardware from the Doors menu, right-click on the Access GW Driver, and select Apply Credential Changes. See Configuring Personnel for more information.

Restart the Cisco PAM appliance.

NTP Server

Defines a default NTP server when updating multiple Gateways. See the "Changing the NTP Setting for Multiple Gateway Modules" section.

Log out and log in.

EDI personnel's photo size limit

Defines the maximum file size for imported photo files using the System Configuration module. For example, if you enter a maximum file size of 500 kb, then any files larger than 500 kb will be automatically compressed when the personnel record is imported.

Enter a value, in kb, between 50 and 750.

The default value is 250 kb.

See the "Understanding Photo File Compression When Importing Personnel Records" section.

Log out and log in.

Display soft commands on default module

Displays the soft commands for the default m01 (Gateway) module.

Log out and log in.

Display "Delete All Cameras" command on the camera driver

Displays the Delete All Cameras command for the Cisco VSM Video Driver in the Hardware module. See Deleting the Cisco VSM Cameras.

Log out and log in.

Evict most recent badge from APB area when door not used

If a user presents their badge and is granted access to an Anti-Passback Area, but decides not to enter the door, then a Door Not Used event is generated by the door's Gateway module. To prevent the badge from being added to the Anti-Passback monitoring list, enable the System Configuration setting for Evict most recent badge from APB area when door not used.

See the "Evicting a Badge from APB if the User Does Not Enter the APB Area" section

Restart the Cisco PAM appliance.

Enable "Edge Policies" Module

Enables the Edge Policies module. See the "Configuring Edge Policies" section.

Log out and log in.