If network communication is lost between the access control controllers and the ICPAM appliance, the entry and exit doors will fail to grant access to users since the user credentials cannot be verified. To prevent this scenario, you can configure the doors to authenticate user credentials locally (using credential data stored on the door’s controller).
Usage Notes
· Allowing local controller authentication as described in this section means that the badge can be used multiple times (potentially by different users) at the entry controller. Use the local authentication option only if necessary. APB areas are only fully effective when stable network communication exists between the controllers and the ICPAM appliance.
· We recommend using the Soft (grant access) anti-passback mode when local controller credentials are used. See the Configuring Anti-Passback Areas.
· A Gateway authenticated APB Grant Access event is generated when an APB controller authenticates a badge locally.
o After network communication is reestablished between the controller and the ICPAM appliance, any controller authenticated APB grant access events are synchronized with the appliance.
o The appliance uses the events to determine the APB status of badges. For example, if a controller used local credentials to grant access to a badge at the entry door while the network was down, the badge will be added to the APB area by the ICPAM appliance when the network communication is reestablished. When the user swipes their badge at the exit door, the ICPAM appliance evicts the badge from the APB area.
· If the entry and exit doors are configured to use two different controllers, it is possible that a user can become trapped in an APB area. This can occur under if the user is granted access to the APB area using local credentials stored on the entry controller, and network communication is restored between ICPAM and the (second) exit door controller while the user is still in the APB area (before they access the exit door controller). This occurs because there is no record on the ICPAM appliance that the user entered the APB area (the record only exists on the entry controller). To prevent this scenario, we recommend the following:
o Configure all APB area doors on a single controller. To support more than two doors on a single controller, a Reader module is required.
o Install working phones that can reach the ICPAM administrator within the APB area. A badge can be modified to allow one free APB pass for the trapped user.
Procedure
To configure local authentication of user credentials (using data stored on the local controller and not the ICPAM appliance), do the following:
Step 1 Use either the Hardware - Tree or Locations & Door module to edit the door or door template configuration.
· For example, choose Hardware - Tree from the Doors menu, expand the hardware tree, right-click on the door name, and select Edit. You can also double-click the device name to open the edit window.
· To change the settings for a single door, see the Modifying Door Configurations.
· To change the settings for a door template, see the Configuring Door Templates and the Door Configuration Properties.
Step 2 Select the Properties tab.
Step 3 Uncheck the box for If server unreachable (APB). This allows you to edit the setting.
Step 4 Choose Authenticate locally from the drop-down list.
Step 5 Click Save and Close.
Step 6 Download the configuration change.
See the Applying Configuration Changes.
See also: