Cisco Physical Access Manager Appliance User Guide, Release 1.3.0

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents

Find Matches in This Book

Available Languages

Download Options

Book Title

Cisco Physical Access Manager Appliance User Guide, Release 1.3.0

Chapter Title

System Configuration Settings

PDF - Complete Book (36.2 MB) PDF - This Chapter (1.84 MB)
View with Adobe Reader on a variety of devices

Results

Chapter: System Configuration Settings

Contents
LDAP Settings
Password Policy Settings
Event/Alarms Settings
Data Entry/Validation - Personnel Settings
Data Entry/Validation - Badge Settings
Custom Personnel Fields Settings
Custom Device Fields Settings
Custom Badge Fields
Personnel ID Number Generator
PIN Generator
Card Number Generator
Support Contact Information
Badge Design
Miscellaneous Settings
Cisco Settings

System Configuration Settings

This chapter describes the system-wide site settings available in the System Configuration module.

Note We recommend restricting access to the System Configuration module to administrators only See Defining User Profiles for Desktop Application Access, page 4-2 for more information.

To modify the system configuration settings, do the following:

Step 1 Select System Configuration from the Admin menu.

Step 2 Select a configuration topic from the tabs on the left (Figure 14-1).

Step 3 Enter the settings and configurations as described in the sub-sections listed below.

Step 4 Click Save to save changes made in a system configuration window.

Step 5 Log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu). For some settings in the Cisco Settings window, you must restart the Cisco PAM appliance. See the "Cisco Settings" section for more information.

•LDAP Settings

•Password Policy Settings

•Event/Alarms Settings

•Data Entry/Validation - Personnel Settings

•Data Entry/Validation - Badge Settings

•Custom Personnel Fields Settings

•Custom Device Fields Settings

•Custom Badge Fields

•Personnel ID Number Generator

•PIN Generator

•Card Number Generator

•Support Contact Information

•Badge Design

•Miscellaneous Settings

•Cisco Settings

LDAP Settings

The LDAP options (Figure 14-1) include login validation settings required to use the Lightweight Directory Access Protocol. See Table 14-1 for field descriptions.

Tip For more information, see Configuring LDAP User Authentication, page 4-11.

Figure 14-1 LDAP Settings

LDAP uses a principle to authenticate. The principle is formed from the username: prefix + username + suffix. The exact format of the principle varies based on the type of LDAP server, and the domain.

•For Active Directory, the prefix should be the (uppercase) domain followed by \\ (example: MY-DOMAIN\\) and the suffix should be blank.

•For OpenLDAP, the prefix should be: uid=
The suffix should be changed to reflect the actual domain.
So for my-domain.com, this would be:
,dc=my-domain,dc=com

Table 14-1 describes the LDAP settings:

Table 14-1 System Configuration LDAP Settings
Field	Description
Enable LDAP	Click the checkbox to enable or disable LDAP support.
LDAP server URL	URL of LDAP server, must begin with `ldap://` Example: `ldap://192.168.1.1`
Principle suffix	Appended to the username for authentication. See above.
Principle prefix	Prepended to the username for authentication. See above.
Search root	LDAP search root. The search root is the node in the LDAP tree, the subtree under which the user account should be found. •For Active Directory, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com: `cn=Users,dc=my-domain,dc=com`. •For OpenLDAP, the 2 dc components should be changed to match the full domain name managed by the directory. The following example is for my-domain.com:`dc=my-domain,dc=com.`
LDAP version	Advanced setting that generally should be left unchanged.
JNDI authentication type	Advanced setting that generally should be left unchanged as `simple`.
JNDI factory	Advanced setting that generally should be left unchanged as `com.sun.jndi.ldap.LdapCtxFactory`

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Password Policy Settings

The Password Policy options (Figure 14-2) determine password expiration and strength requirements.

Figure 14-2 Password Policy Settings

Table 14-2 describes the Password Policy settings.

Table 14-2 System Configuration Password Policy Fields
Field	Description
Passwords expire after (days)	Passwords expire after this many days.
Minimum alphabetic characters	Minimum number of a to z characters or A to Z characters in the password.
Minimum password length	Minimum number of characters in the password.
Minimum uppercase characters	Minimum number of uppercase password characters.
Minimum lowercase characters	Minimum number of lowercase password characters.
Minimum numeric characters	Minimum number of numeric password characters.
Minimum special characters	Minimum number of special characters in the set specified below.
Set of "special" characters	Which characters qualify as special characters for the above.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Event/Alarms Settings

Use the Events/Alarms tab (Figure 14-3) to define how alarms are managed by the system, and how much video is recorded for events.

Figure 14-3 Events/Alarm Settings

Table 14-3 describes the Event and Alarms settings.

Table 14-3 System Configuration Alarm Fields
Field	Description
Allow commenting of cleared alarms	Allow operators to comment on alarms that have already been cleared.
Consolidate duplicate alarms window (mins)	If duplicate alarms are being consolidated, this is the maximum time difference between the original and the duplicate. If an alarm that would otherwise be considered a duplicate occurs after this time, it becomes a new original alarm and subsequent duplicate alarms will bump up its duplicate count.
Consolidate duplicate alarms	Consolidate duplicate alarms identical other than time, into a single alarm, with an increasing alarm count. This is useful for preventing a flood of individual alarms; for example, if an armed alarm point is on an external gate which is flapping in the wind, repeatedly triggering the alarm. It is not recommended that this be unchecked without careful consideration of the possible performance impact of the increased number of individual alarms.
Duplicate alarm cache size	The size of the cache for duplicate alarms.
Length of video to display pre-event	The number of seconds of video that are included before the event occurred.
Length of video to display post-event	The number of seconds of video that are included after an event occurs.
Repeat alert sounds	Defines if alarms sounds are played only once, or repeated.

Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).

Data Entry/Validation - Personnel Settings

Figure 14-4 Personnel Data Entry Settings

Table 14-4 describes the Data Entry/Validation - Personnel settings.

Table 14-4 Data Entry/Validation - Personnel Settings
Field	Description
Default personnel ID specifier	The type of personnel ID specifier the field will default to. The various ID specifiers will be available in the drop-down.
Allow duplicate personnel IDs	Allow personnel to be added with duplicate personnel IDs.
Warn about duplicate personnel IDs	Warn if personnel are added with duplicate personnel IDs.
Use signature capture	Enable the ability to capture personnel signatures with a signature capture device. Signature capture devices must be configured in the application preferences before they may be used. See Enabling Signature Capture Devices, page 8-53.
Use single-screen personnel wizard	Enables a single-screen personnel wizard used for personnel data entry. All personnel information is available on one screen.
Use custom fields on personnel wizard	Enable custom fields in the single-screen personnel wizard. This makes the screen larger, but is useful if important data is being stored in the custom fields. Refer to custom fields in the Custom Personnel Fields window.
Use CSV personnel import wizard	Enable the CSV import wizard in the personnel module. The CSV import wizard allows operators to add personnel to Cisco Physical Access Manager using a CSV file. See Importing Personnel Records Using a Comma Separated Value (CSV) File, page 8-15.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Data Entry/Validation - Badge Settings

Figure 14-5 Badge Data Entry Settings

Table 14-5 describes the Data Entry/Validation - Badge settings.

Table 14-5 Data Entry/Validation - Badge Settings
Field	Description
Allow printing of unsaved badges	Allows printing new badges before the badge is saved. For highest security, leave this unchecked. When allowed (which may be more convenient), it is possible to print a badge without having any record of the badge.
Set 'today' as the default effective date	Uses the current date as a new badge effective date.
Use single-screen badge wizard	Enables a single-screen badge wizard for data entry. Most badge properties are on one screen.
Require PIN to be unique	Requires cardholder PINs to be unique. Useful in systems that use PIN-only access-control.
Allow null PIN	Allows badges to have null PINs. Useful in systems that do not use PIN for access-control.
Require numeric hot stamp	Requires hot stamp field to be numeric.
Disallow leading zeros in hot stamp	Prohibits users from adding hot stamps with leading zeros.
Use effective times for badges	Select this checkbox to enable the effective time constraint for badges, in addition to effective date, which is always enabled.
Use expiration times for badges	Select this checkbox to enable the expiration time constraint for badges, in addition to effective date, which is always enabled.
Use custom fields on badge wizard	Enables custom fields in the badge wizard. This makes the screen larger, but is useful if important data is being stored in the custom fields.
Max PIN Length	The maximum number of characters in a PIN.
Disable batch badge printing	Enables or disables the batch printing module. See Printing Multiple Badges, page 8-44.

Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).

Custom Personnel Fields Settings

The Custom Personnel Fields defines the custom fields available in the personnel detail window.

Figure 14-6 Custom Personnel Fields

Table 14-6 describes the Custom Personnel Fields settings.

Table 14-6 Custom Personnel Fields
Field	Description
Custom Personnel Field	Selects which of the available custom fields is to be viewed or edited.
Enabled	Select the checkbox to enable the selected custom field.
Drop down	Select the checkbox to use a drop-down for entry the selected custom field.
Column header	Changes the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example: Driver's License Number.
Form label	Changes the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example: Driver's license number.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Custom Device Fields Settings

Configures which the custom fields which are available in the device detail window.

Figure 14-7 Custom Device Fields

Table 14-7 describes the Custom Device Fields settings.

Table 14-7 Custom Device Fields Settings
Field	Description
Custom Device Fields	Selects which of the available custom fields is to be viewed or edited.
Enabled	Select the checkbox to enable the selected custom field.
Drop down	Select the checkbox to use a drop-down for entry the selected custom field.
Column header	Change the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example, Serial Number.
Form label	Change the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example, Serial number.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Custom Badge Fields

Configures which the custom fields which are available in the badge detail window.

Figure 14-8 Custom Badge Settings

Table 14-8 Custom Badge Fields
Field	Description
Custom Badge Fields	Selects which of the available custom fields is to be viewed or edited.
Enabled	Select the checkbox to enable the selected custom field.
Drop down	Select the checkbox to use a drop-down for entry the selected custom field.
Column header	Changes the name of the column header of the selected custom field. The column header is displayed in list view columns. To be consistent with the rest of the application, this would be capitalized like the title of a book, for example: Serial Number.
Form label	Changes the name of the form label of the selected custom field. The form label is displayed in detail window fields. To be consistent with the rest of the application, this would be capitalized like the a sentence, for example: Serial number.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Personnel ID Number Generator

The personnel ID number generator is used for generating random personnel ID numbers, and is useful when personnel IDs do not correspond to any pre-existing ID numbers, such as employee ID, Social Security Number.

Figure 14-9 Personnel ID Number Generator Settings

Table 14-9 Personnel ID Number Generator Settings
Field	Description
Enabled	Enables the personnel ID number generator. New personnel entries will have randomly generated ID numbers entered in the field.
Length	The digit length of generated IDs.

Note Changes to system configuration settings do not take effect until the Cisco PAM desktop application is restarted (exit and re-launch the application).

PIN Generator

Use the PIN generator to generate random PIN numbers for badges.

Figure 14-10 PIN Generator Settings

Table 14-10 PIN Generator Settings
Field	Description
Is Present	Enable the personnel ID number generator. Adding new personnel will have randomly generated ID numbers entered in the field.
Length	The amount of digits in the generated PIN.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Card Number Generator

With the card encoder enabled the card number generator will create a card number with the minimum and maximum digits specified below.

Figure 14-11 Card Number Generator Settings

Table 14-11 Card Number Generator Settings
Field	Description
Is Present	Enables the card number generator. Adding new badges will have randomly generated card numbers entered in the Card # field.
Maximum	Maximum amount of card digits.
Minimum	Minimum amount of card digits.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Support Contact Information

Customer contact information is displayed in the About window available from the Help menu. It is intended to be customized with the dealer/installer/integrator's contact information, as this is often the first contact for support purposes.

Figure 14-12 Support Contact Information Settings

Table 14-12 Support Contact Information Settings
Field	Description
Company	Support company's name.
Contact name	The name of the contact person.
Contact person's email address	The contact person's email address.
Contact person's phone number	The contact person's phone number.
Company's website	Support company's company website address.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Badge Design

Figure 14-13 lists the database links available in Badge Designer.

Figure 14-13 Badge Design Settings

Miscellaneous Settings

Figure 14-14 includes a variety of settings, as described in Table 14-13.

Figure 14-14 Miscellaneous Settings

Table 14-13 Miscellaneous Settings
Field	Description
Load all strings from database	Loads all text strings from the database. Used in conjunction with the advanced Text Strings module. Normally there is no reason to check this, as any strings that have been changed or customized since the time of install will be automatically loaded from the database.
Always open new modules in same window	If checked, opening a new module simply replaces the module in the same window, rather than opening a new window.
Enable Window>New Window	Allows modules to be opened in multiple windows. Adds an additional New Window button to the toolbar.
Prevent force quit (Command-Q) on Mac OS X	Blocks the force quit command.
Allow deletion of items that normally may only be disabled	Enables a true delete option in some modules. Normally, important items should be disabled, not deleted. Even with this option enabled, only items that are not referenced by other items may be deleted. For example, if a device has an event occur for it, it may no longer be deleted, as the event references the device. This is because true deletion in this case would result in the inability to correctly report on any such events.
Allow deletion of devices with events	Deletes events associated with a device when a device is deleted. Note Cisco recommends that you do not delete devices. Events that are associated with the device will be deleted if the device is deleted.
Restrict new devices to wizards only	All new devices added to the Hardware module will use an add wizard.
Default max rows	Limits the number of visible rows in list-based modules such as Events and Badges. For example, if the default max rows is set to 100, the badges module displays a maximum of 100 rows. Enter a number between 1 and 5000.
Change queue buffer size	Enter a new buffer size.
Enable Credential Watch	Enables the Credential Watch feature which places color borders around photos in the Event Photos module. See Adding a Color Border to Event Photos (Credential Watch), page 10-18.
Use cross-platform page setup dialog for badge printing	Select this option to use the cross-platform Java page dialog if the badge image is truncated. This occurs when using the default printer dialog on some printers (such as the Zebra printer).
Truncate imageable area values used to initialize cross-platform page dialog	If the image is still truncated using the cross-platform Java page dialog, select this option to apply .01 inch margins.
Use Pageable print interface for badge printing	The Java Printable printing interface is used by default. If printing problems occur (such as with the Evolis printer), select this option to use the Java Pageable printer interface.
Stroke text before printing badges	If problems occur printing text, such as on a Mac, select this option to apply a stroke when printing.

Note Changes to system configuration settings do not take effect until you log out and log back in to the Cisco PAM application (select Logout from the Options menu).

Cisco Settings

Figure 14-15 includes the settings described in Table 14-13.

Figure 14-15 Cisco Settings

Note To activate changes made to Cisco settings, you must either log out and log back in, or restart the Cisco PAM appliance, as described in the following table. To restart the appliance, see Using the Web Admin Menus, Commands and Options, page 2-16, or ask your system administrator for assistance.

Table 14-14 Cisco Settings
Field	Description	To Activate Changes
Default discovered gateway time zone	Defines the time zone for all discovered Gateways. This time zone is configured on all discovered Gateways.	Restart the Cisco PAM appliance.
Credential download frequency (mins)	Defines how often (in minutes) credential information is downloaded to the Gateways. Note You can also download credential changes immediately. Select Hardware from the Doors menu, right-click on the Access GW Driver, and select Apply Credential Changes. See Configuring Personnel, page 8-2 for more information.	Restart the Cisco PAM appliance.
NTP Server	Defines a default NTP server when updating multiple Gateways. See the "Changing the NTP Setting for Multiple Gateway Modules" section on page C-7.	Log out and log in.
EDI personnel's photo size limit	Defines the maximum file size for imported photo files using the System Configuration module. For example, if you enter a maximum file size of 500 kb, then any files larger than 500 kb will be automatically compressed when the personnel record is imported. •Enter a value, in kb, between 50 and 750. •The default value is 250 kb. See the "Understanding Photo File Compression When Importing Personnel Records" section on page 12-15.	Log out and log in.
Display soft commands on default module	Displays the soft commands for the default m01 (Gateway) module.	Log out and log in.
Display "Delete All Cameras" command on the camera driver	Displays the Delete All Cameras command for the Cisco VSM Video Driver in the Hardware module. See Deleting the Cisco VSM Cameras, page 13-21.	Log out and log in.
Evict most recent badge from APB area when door not used	If a user presents their badge and is granted access to an Anti-Passback Area, but decides not to enter the door, then a Door Not Used event is generated by the door's Gateway module. To prevent the badge from being added to the Anti-Passback monitoring list, enable the System Configuration setting for Evict most recent badge from APB area when door not used. See the "Evicting a Badge from APB if the User Does Not Enter the APB Area" section on page 9-18	Restart the Cisco PAM appliance.
Enable "Edge Policies" Module	Enables the Edge Policies module. See the "Configuring Edge Policies" section on page 11-9.	Log out and log in.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)