Table Of Contents
Quick Start Guide
Cisco Physical Access Manager Quick Start Guide
1 Before You Begin
Perform the following tasks before you install and configure the Cisco PAM appliance:
•If upgrading from a previous version of the Cisco PAM server software, see "Appendix B: Upgrading Software and Firmware" in the Cisco Physical Access Manager User Guide.
•Prepare the site, including rack, safety and power. See the Cisco Physical Security Multiservices Platform Series User Guide for instructions. For Cisco PAM release 1.0.0 through 1.2.0, see the Cisco Physical Access 1125 Appliance User Guide.
•Before connecting power to the Cisco PAM appliance, the following are required:
–A PC and web browser that includes the following:
Windows XP/Vista and Internet Explorer 6.0 or higher, or
Windows 7 (64-bit only) and Internet Explorer 8.0 (32-bit) or higher.
Java 6.0 or higher/JDK 1.6 or higher.
–An Ethernet cable to connect your PC directly to the Cisco PAM appliance. Cross-over and straight-through cables are supported.
•In addition, gather the following information:
–IP, subnet, and gateway addresses for the Cisco PAM appliance:
–For a standalone server installation, one IP address for Eth0 is required.
–For a redundant (HA) server configuration, two IP addresses are required: One address for the Shared IP Address setting, and a second address for the Eth0 port.
–(Optional) If using NTP synchronization, the address of the NTP server. We strongly recommend using NTP to synchronize the Cisco PAM appliance and Gateway module clocks to ensure correct event and messaging.
–(Optional) The DNS server settings.
–Administrator password. If you are setting up the appliance for the first time, use the default password supplied in the following instructions.
Tip See the Cisco Physical Access Manager User Guide for complete instructions.
2 Installing the Appliance
To physically install the Cisco PAM appliance, complete the instructions in the Cisco Physical Security Multiservices Platform Series User Guide.
For Cisco PAM release 1.0.0 through 1.2.0, see the Cisco Physical Access 1125 Appliance User Guide.
3 Logging In to the Cisco Physical Access Manager
1. Connect an Ethernet cable from your PC to the eth0 port on the Cisco PAM appliance.
Note After configuration is complete, disconnect your PC from the Eth0 port and connect the Eth0 port to the IP network.
2. Power on the appliance.
3. Open a web browser on your PC and enter the URL: https://192.168.1.2.
4. Enter the default username and password:
4 Entering the Initial Configuration
A series of initial configuration screens appear the first time you log on to a new Cisco PAM appliance. Enter the configuration settings when prompted. For complete instructions, see "Entering the Initial Server Configuration" in the Cisco Physical Access Manager User Guide.
Step 1 Enter the server configuration, as shown in Figure 1.
Figure 1 Initial Configuration: Server Configuration
Note The version and serial number are not configurable.
a. Type: Select the appliance server type.
–Active Server: (Default) Select Active Server for a single appliance, or if the appliance is the active server in a redundant configuration.
–Standby Server: Select Standby Server if the appliance is the standby (backup) server in a redundant configuration. A standby server must have the exact same configuration settings as the active except the network addressees, hostname, and HA license.
b. Site Name: Enter a description to identify the appliance on the network. This field is disabled for a standby appliance since the standby server assumes the primary server name if a failover occurs. Enter any combination of letters and numbers up to 32 characters. Spaces are not allowed. Dashes and underscore characters are allowed.
c. Select Next to continue.
Step 2 Enter the initial user settings to define the administrator password and email address, as shown in Figure 2.
Figure 2 Initial Configuration: User Configuration
a. Username: The admin username cannot be changed. The default username is
b. Current Password: Enter the current administrator password. The default password is
c. New Password: Enter a new administrator password. The administrator has full rights to configure the Cisco PAM appliance, and grant access rights to other users. The new password is required and must be entered to continue.
d. Re-enter Password: Re-enter the new administrator password to confirm the setting.
e. Email Address: (Optional) Enter the email address that will receive system messages.
f. Select Next to continue.
Step 3 Enter the network configuration for the Cisco PAM appliance, as shown in Figure 3.
Figure 3 Initial Configuration: Network Configuration
a. Host Name: Enter the host name on the active appliance. Enter a different host name on the standby appliance. The host name is used to identify the appliance on the local network and does not impact other configurations.
b. Shared IP Address: (HA configurations only). Enter the same IP address on the active and standby appliance. This address is transferred from the active to the standby appliance if a failover occurs.
The Shared IP address and the Eth0 IP address should be on the same subnet. Eth0 and Eth1 can be on separate subnets. See Understanding IP Addresses on the Cisco PAM Server, page 4-4 for more information.
Note Enter a Shared IP Address if you plan to install a Standby server in the future, even if installing only the Active server now. This allows successful HA backups when the Standby server is installed.
c. Transport Port: The default value is 8020. Enter the same number on the active and standby appliances.
d. SSL Enable For Server: Click the SSL checkbox to enable or disable secure IP communication between the Cisco PAM appliance and the Cisco Physical Access Gateways. The settings must be the same on the active and standby appliances.
Note Cisco Systems recommends that SSL always be enabled for all Gateways and the Cisco PAM appliance (default). If SSL is disabled for a Gateway but enabled for Cisco PAM, the Gateway cannot connect to the appliance. If the SSL settings are changed, reset all Gateways and the Cisco PAM appliance. See the Cisco Physical Access Gateway User Guide for more information.
e. Eth0: (Required) Enter a static IP address for the Eth0 port. If the appliance is a standalone server, this port is the Cisco PAM appliance IP address. In a redundant (HA) configuration, the Eth0 port is used for HA communication between the active and standby appliance. The active appliance must have a different Eth0 IP address than the standby appliance.
–IP Address: Enter the IP address for the Eth0 port. This address should be on the same subnet as the Shared IP address, and must be different on the active and standby appliances.
–Subnet Mask: Enter the subnet mask provided by your system administrator.
–Gateway: (Optional) Enter the Gateway provided by your system administrator.
f. Eth1: This port is disabled by default. You can enable and configure the Eth1 port for remote Internet connections to the Cisco PAM Server Administration utility.
–Enable Interface: Click the check box to enable or disable the Ethernet interface.
–DHCP: Click the check box to enable or disable DHCP. When DHCP is enabled, the IP following address fields are inactive since the information is supplied by a DHCP server.
–IP Address: Enter the IP address for the Eth0 port. If configured, this address must be different on the active and standby appliances.
–Subnet Mask: Enter the subnet mask provided by your system administrator.
–Gateway: (Optional) Enter the Gateway provided by your system administrator. If a Gateway is provided for Eth0, leave this field blank.
g. Select Next to continue.
Step 4 (Optional) Enter the optional DNS Settings for the Cisco PAM appliance. Enter the same settings on the active and standby appliance.
a. Primary DNS: (Optional) Enter the domain name server (DNS) for the active Cisco PAM appliance.
b. Secondary DNS: (Optional) Enter the domain name server for the standby Cisco PAM appliance.
c. Domain: (Optional) Enter the domain name for the Cisco PAM appliance.
d. Select Next to continue.
Step 5 Enter the email settings used to send messages from the Cisco PAM appliance: Enter the same settings on the active and standby appliance.
a. SMTP Server Address: Enter the SMTP server address used to send outgoing messages. Outgoing messages include event and other alarm information.
b. SMTP Email Address from: Enter the email address that will appear in the From field for messages sent by the Cisco PAM appliance. This email address is also the Reply To address.
c. Test: Click the Test button to send a test message and verify the SMTP settings. The test message is sent to the administrator email address entered in User settings.
d. Select Next to continue.
Step 6 Enter the date and time settings. Enter an initial date and time for the server. These settings are used by the appliance and the Cisco Physical Access Gateways. Enter the same settings on the active and standby appliance.
a. Date & Time: Click the calendar icon to open a pop-up window and select the current day. The current date and time are inserted from your computer's date and time settings.
b. Time Zone: Select the time zone where the appliance is installed.
c. NTP enable: (Optional) Select the checkbox to use a Network Time Protocol (NTP) server automatically adjust the date and time. We strongly recommend using NTP to synchronize the Cisco PAM appliance and Gateway module clocks to ensure correct event and messaging.
d. NTP Server Address: (Optional) If NTP is enabled, enter the IP address of the NTP server.
e. Select Next to continue.
Step 7 Enter the event pruning and archiving settings.
•Pruned Events are removed from the main database table and placed in a separate database, allowing you to reduce the size of the main database while keeping them accessible on the Cisco PAM system. Pruned events are not visible in Events & Alarms, but are included in reports. Pruned events are also included in system backups.
•Archived events are removed from all Cisco PAM database tables and copied to a compressed file. The file includes a password-protected SQL script, and can be run on an offline database to view the purged events. Archived events are not visible in the Events & Alarms listings or Reports, and are not included in system backups.
a. Select the Pruning tab and enter the following settings:
–Live Events Window (days)—Enter a value between 0 and 500 (inclusive). This is the minimum number of days the events will be available in the live view. After the minimum number of days the events will be removed at the next scheduled pruning. For example, enter 30 to keep events in the live view for 30 days. After midnight on day 30, the events are subject to pruning and archiving (depending on the schedule defined in the following steps). The number is rounded to midnight of the last day.
Note To ensure that events are regularly pruned, we recommend entering 60 days or less in the Live Events Window field. Entering a value greater than 60 can cause an excessive number of event entries to accumulate in the main database and negatively impact system performance.
–Schedule—define the time and frequency when events should be pruned.
Date—To schedule pruning for one day per month, select Date and then select a day of the month. For example: 15.
Weekday—To schedule pruning once per week, select Weekday and then select a day of the week. For example: Tuesday.
Daily—To run pruning every day, select Daily.
Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run pruning at 2 p.m., enter 14:00:00. To run pruning at 1 a.m., enter 01:00:00.
b. Select the Archive tab and enter the following settings:
Tip The archive settings are required during the initial setup. After a successful restore, you can disable auto-archiving if necessary. See the Cisco Physical Access Manager User Guide for more information.
–Enter and re-enter the administrator Password. This password is used to restore the archive file (similar to backup files).
–Historic Events Window (days)—Enter the number of days that events will be available in the live view. After the minimum number of days the events will be archived to a compressed file. For example, enter
30to keep events in the live view for 30 days. After midnight on day 30, the events are subject to archiving (depending on the schedule defined in the following steps).
–Enter a Schedule when the historic events will be removed from the pruned database and placed into a compressed archive file (archived files are listed above the entry fields).
Date—To schedule archiving for one day per month, select Date and then select a day of the month. For example: 15.
Weekday—To schedule archiving once per week, select Weekday and then select a day of the week. For example: Tuesday.
Daily—To run archiving every day, select Daily.
Time—Enter the time in 24 hour format (hh:mm:ss). For example, to run archiving at 2 p.m., enter 14:00:00. To run archiving at 1 a.m., enter 01:00:00.
–(Optional) Select Copy to remote server to automatically copy the archived event files to a remote FTP or SFTP location.
Note Only the three most recent archive files are saved. If you do not save the archive file manually or by copying it to a remote server, then the oldest file will be permanently deleted when the fourth file is created.
FTP: for standard File Transfer Protocol servers.
SFTP: for secure file transfers using the Secure File Transfer Protocol (also known as the SSH File Transfer Protocol).
Address—the IP address or hostname of the remote server.
Username—the username required to log in to the server.
Password—the login password for the remote server.
Path—the directory path where the compressed archive will be copied. The path must exist on the remote server. If the directory is not available, the archive will fail.
c. Select Next to apply the settings and continue.
Step 8 Enter the license settings to obtain and install the software license:
Note Enter all licenses except high availability (HA) on the active appliance. Enter only the HA license on the standby appliance.
a. Locate the Product Authorization Key (PAK) included with the Cisco Physical Access Manager appliance.
b. In a Web browser, open the Cisco Product License Registration Web page.
c. Follow the onscreen instructions to complete the form and enter the PAK. A license file with the extension
.licis sent to your email address.
d. Save the file to the PC used to configure the Cisco PAM appliance.
e. In the License screen, click Browse to select the license file located on your local drive. The selected filename appears in the File field.
f. Select Finish to install the license file on the Cisco PAM appliance and activates the included features.
Step 9 Wait for the installation to complete. A status screen displays each configuration item as it is applied. When all items are marked Done, the CPAM Server Administration utility status page displays.
Note If any errors occur, the setup returns to Step 1. If a serious error occurs, contact your Cisco support representative for assistance.
Step 10 Create a system backup. You should have at least one backup file to preserve critical system data and to restore the appliance software using the recovery CD.
a. Select Setup and then Backup.
b. Select the Manual tab.
Note Manual backups are enabled only if automatic backups are disabled.
c. Enter and re-enter a password for the backup file. This password must be entered when the backup file is used to restore the data.
d. (Optional) Select the Exclude Events box to exclude events from the backup. Events will not be backed up and cannot be restored.
e. (Optional) Select the Copy to remote server check box to automatically copy the backup to a remote server. Select the server type and enter the server address, username, password, and directory path where the files will be copied.
f. Click Backup Now to begin the backup process and create a new .zip backup file. When the backup is complete, the new backup file is added to the top of the screen. The file name includes the date and the server software version number.
For example: December 16, 2009 11:53:15 AM PST.
g. To save the file to another location, right click the filename and select a save option from the browser menu.
Step 11 Disconnect your PC from the Eth0 port and connect the Eth0 port to the IP network.
5 Installing the Desktop Software
When the initial configuration is complete, the CPAM Server Administration utility is displayed. To install the Cisco PAM desktop software, select Launch Client from the menu bar, and complete the onscreen instructions to install the software. This process will install the desktop software, or upgrade an existing version to match the Cisco PAM appliance.
•You can also select Launch Cisco PAM Client from the from the login window of the CPAM Server Administration utility.
•Always upgrade the Cisco PAM desktop client when the server software is upgraded. If the versions are not the same, an error will occur when launching the desktop client.
•If the download fails, check your Java Web Start network settings. The Cisco PAM client launches using Java Web Start.
6 Next Steps
Refer to the following Cisco documents for complete installation and configuration information:
•To install and configure the Cisco PAM appliance, see the Cisco Physical Access Manager User Guide.
•To install and configure the Cisco Physical Access Gateways and optional expansion modules, see the Cisco Physical Access Gateway User Guide.
7 Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.