1

ACCESS CONTROL
LENEL ONGUARD
Training Document
 2

Contents
• C.CURE System Administration P03
Personnel Record P04
Access Card – add/edit/delete P05 – P20
Personnel Record Configuration P21 - P24
Personnel View P25 - P30
Personnel Purge P31
Export P32 – P33
Template P34 – P35
Clearance P36 – P38
Time Specification P39 – P40
Holiday P41 – P42
Hardware setup P43 – P50
Event P51 – P52
Report P53 – P65

• Monitoring Station P66

Monitoring Screen P67
No-Hardware Status – Door / Manual action P68
APC Status P70
Wiring Diagram P71 – P72
 3

OnGuard Packages
Package Concurrent clients Qty of Readers

32ES 1–5 32 – 64

ADV 1 – 10 65 – 256

PRO 1 - unlimited 128 - unlimited

• SWS / SWC packages

– Systems only require one (1) Software Server (SWS) license
– Clients are licensed by the Software Client (SWC)
– SWS-32ES, SWC-32ES, SWS-ADV etc.
• PCS / PCC packages
– Includes the computer (PCS-32ES, PCC-32ES, PCS-PRO, etc.)
• 32ESI, ADVI, PROI
– Access Control and ID Management
• IDES, IDADV, IDPRO
– ID Management only
 4

Software Upgrade and Support Plans

• Software Upgrade and Support Plans (SUSP) are annual renewals for End User
OnGuard systems
– First year included with new system

• On the behalf of the End User, an active SUSP provides the Value Added
Reseller (VAR) access to:
– Every commercially released version of OnGuard
– Standard telephone technical support

• Additional information is found in the price book under the Service Products
section
 5

OnGuard System Overview

 6

Overview Terminology
• Access Panel – ISC – Intelligent System Controller (LNL-500, 1000, 2000,
2210, 2220, 3300)

• Alarm Panels – Input and Output Modules (LNL-1100, LNL-1200, and LNL-
1300e)

• RIMs – Reader Interface Modules (LNL-1300, LNL-1320, LNL-2220, LNL-2210,

LNL-1300e)

• Upstream Communication – Bidirectional between ISC and PC

• Downstream Communication – Bidirectional between ISC and downstream

hardware

• Relay – Output
 7

• Devices – Addressable hardware components

• Input – Alarm points such as motion detector, glass break sensor,

switches, panic button, door contact

• Output – Hardware that can be turned on, off, or pulsed such as lights,
sounder, siren, strike.

• Auxiliary Input/Output - Configurable

• Dedicated Input/Output – Specific

• Firmware – Programmed procedures used to control hardware

 8

OnGuard Navigation
GOAL: To gain an understanding of:

1.Customizing OnGuard’s System Administration layout

2.Utilizing OnGuard Help files

 9

Lenel OnGuard Applications

Lenel has multiple applications within
one product called OnGuard
– Specific applications can be installed on a
computer through custom installation of
OnGuard
• Guard station using Alarm
Monitoring
• Badging Station using ID
Credential Center
 10

System Administration login

• Log in to System Administration
 11

System Administration Login

• Lenel OnGuard supports strong password enforcement
– Passwords cannot be blank
– Passwords cannot be the same as the user name
– Passwords cannot be one of the following keywords
•MULTIMEDIA
•Secur1ty# (New with OnGuard 7.0)
•LENEL
•BASIS
•PASSWORD
•PROKUPETS
•PROKUPET
– Advisories issued for both OnGuard user and database (lenel)
account passwords
• OnGuard is not case sensitive
 12

Menus
• Text menus are organized for ease of use

• Toolbars allow shortcuts to commonly used dialogs

–Toolbars may be hidden, rearranged, docked, and undocked
 13

Menus - Application
• Application menu
– Allows log on and off from the application
– Allows the password to be changed for the current logon
– Allows printer setup
 14

Menus - Edit
• Edit menu
– Required for Microsoft Certification
– Cut, Copy, Paste is available on certain forms
 15

Menus- View
• View menu
– Controls toolbars
• Reset to factory defaults
• Add text labels to toolbars
• Allows toolbars to be hidden from view
– Status bar appears on the bottom of the window
– Tabs used for each open screen which allows fast access to multiple screens
 16

• Font and text color can be easily reset to system defaults

– The list font
– The disabled text color

• Save settings remembers the settings changes made when the user exits
the program
– The settings are per user, per machine

• The system tree is a graphical depiction of the common system

configuration and shortcuts to the configuration dialogs
– It may be hidden, docked or undocked as well
 17

Menus - Window
• The Window menu controls how the windows appear. They may be set to:
– Cascade
– Tile horizontally
– Tile Vertically
– Allow the user to arrange the icons
– Close all windows
 18

Menus - Help
• The Help menu contains:
– Contents
– Search
– Send Feedback
– About
 19

User Permissions
• Configures user accounts for OnGuard applications
• Permission Groups allow easy configuration of OnGuard user accounts with
similar permissions
 20

User Accounts - Templates

• OnGuard has default Users Accounts
–System Account (SA)
–Administrator
–User
–Badge Operator
• There can only be one (1) System Account (SA) and multiple
Administrators, Users, and Badge Operators accounts as needed
• SA has all permissions in OnGuard and those permissions cannot be
changed
• Administrator account by default has the 2nd highest permission rights
in OnGuard then User and lastly Badge Operator
 21

User Permissions - Templates

• OnGuard has default Permission templates which can be applied to an OnGuard
user, altered, or new custom permission templates can be created
–Admin
–Power User
–User
–Badge Operator
• Admin has the most permissions followed up Power User, User, and then Badge
Operator
 22

User Accounts - Hands On

• Create (Add) the user information
– First and last name
– Notes may be added
• Create an internal account for the user
– User name and password
• Created/Changed dates
• Access to OnGuard disabled
 23

Permission Groups
• Permission Groups are templates used to control user permissions within OnGuard
applications
• Appropriate permission group(s) can then be assigned to the OnGuard User account
 24

User Permissions
• System Permission Groups
– Controls system wide configuration abilities, application access, and hardware
configurations
 25

User Permissions
• Cardholder Permission Groups
– Cardholder configuration
– Badge configuration
– Capture options
– Bulk operations
 26

User Permissions
• Monitor Permission Groups
– Alarm Monitoring options
– Video control
– Hardware control
 27

User Permissions
• Report Permission
Groups
– Allow Users to add
and/or delete reports
– Allow Users to view,
and/or modify specific
reports
– Filter Report View for
ease of locating specific
set of reports
 28

User Permissions
• Field/Page Permission Groups
– Controls the ability to view/edit cardholder related fields
 29

Exporting Permission Group Data

• System, Cardholder, Monitor, and Report Permission Groups may be exported to a
Comma Separated Variable (.csv) file format

– In the Compare mode, the user can export the settings of the permission groups
being compared

– CSV files may be imported into programs such as Microsoft Excel

 30

Single Sign-On
• Allows user to log on to any OnGuard application automatically using the current
Microsoft Windows account
– Manual OnGuard logon using the OnGuard Internal Account User name and
Password is still available, if desired
• Internal Account
– A user account where the authentication information is saved within the OnGuard
system database
• Directory Accounts
– A user account where the OnGuard user is linked to an operating system
(Windows) account
– The authentication information is controlled by the operating system
 31

OnGuard User Accounts

• OnGuard users may have an internal account and/or a directory account link
– Internal account user name and password stored in OnGuard database
– Directory accounts establishes a link between the OnGuard user and the Windows
account
• Multiple Directory Accounts may be assigned to a single OnGuard user account
– Not recommended as user accountability will be lost in reporting
System Administration > Administration > Users
 32

Internal Account
• The Internal Account is what you have been using to log in to OnGuard up to
this point.
 33

Auto Single Sign-On

• Launch the Logon window
– Open OnGuard Application
– Log on to OnGuard using key icon or menu option
– Auto Logon will be started
▫ • Press the Shift Key to bypass Auto Logon and log in manually
 34

System Options - Hardware Settings

Tab
 35

System Options - Hardware Settings

Tab
• System Wide Limits
– Holidays – 20-255 supported (Default = 255)
– Timezones – 127-255 supported (Default = 255)
– Access levels – 255-31,999 supported (Default = 255)
– Affects Access Panel available memory

• Maximum Badge Number Length

– Default length is 9 digits, configurable up to 18 digits
• Crystal Reports limited to displaying 15 digits in Lenel reports
– All areas of the software dealing with badge ID will conform to this system setting
– Affects Access Panel available memory
 36

• Maximum Number of Elevator Floors

– Lowest setting is 16 floors
– Highest Maximum setting is 128 floors
– The default is 64 floors
– Affects Access Panel available memory
• Maximum access level assignments per badge
– Total
• With no activation dates
• With activation dates (Start / End date and time)
• Cannot assign to each cardholder more the quantity selected in the Total field
– 0-128 supported
• The default is 6 assignments
• Prior to version 6.1.222 the maximum was 32 access levels per badge
– Affects access panel available memory
 37

Holidays and Timezones

• Timezones encompass time of day, days of week, and holidays
• Timezones/Holidays are stored on the access panels
• A Timezone/Holiday may be used to:
– Control cardholder access (access level)
– Control online mode of card readers
– Mask alarm inputs
– Activate outputs
– Dial up an Access Panel
– Log events to the database
 38

Holidays
• Holidays can be configured in OnGuard to manage cardholder and
hardware status changes
– Mask/UnMasking inputs on a holiday
– Cardholder access into a facility on a holiday
• A holiday may be of Type 1-8 or multiple types
– Used for ease of maintaining and managing holiday categories
– All Holidays can be placed in one Type or split between multiple Types (1-8)
 39

• A single Holiday duration may be up to 366 days

• Holidays can be set to recur annually (new in 6.5)
– LS Linkage Server manages updating the holiday if the ‘Repeat yearly’ checkbox is
enabled for a holiday
• Holiday type names may be customized
• Holidays consist of Type, date, and duration
– The number of Holidays is configurable
• 20 to 255
• Repeat yearly feature for Holidays
– Linkage server must be running in order to update holidays
– Once the holiday occurs, the year is updated in the database and transferred to the access
panels when a download occurs
• When this feature is enabled, the holiday's year is automatically recalculated during
panel downloads
• Updates year to year only
• Any associated additional days off surrounding the holiday may need to be adjusted
accordingly
 40

Timezones
• Timezones
– A Timezone consists of: Time of day, days of the week, and holidays
– The number of Timezones is configurable
• Default is 255 and is configured under System Options > Hardware Settings
– There can be up to six intervals in each Timezone
 41

• Never and Always are default Timezones

– Can not be modified or deleted
• A Timezone may be activated on holidays by type
(H1, H2, H3…H8)
• An interval may not cross a date change
– Two intervals must be used
• A Timezone must have at least a single interval
with a start and end date in order to be
downloaded to the access panel(s)
• 24-hour clock is used for Start and End times
 42

Timezone Rules
• A Timezone activates on the leading edge of the minute

• A Timezone deactivates on the trailing edge of the minute

 43

Timezones/Holidays
• A holiday is treated as an exception in the activation of a timezone
– Example: An access level that uses an 8:00-5:00 timezone will not work if the day
is a holiday

• A timezone may be configured to activate on a holiday, if desired, by

enabling the appropriate holiday type checkbox for the timezone

• A newly created Timezone will work on the next Start or End time
configured
– Example: if an 8am – 5pm timezone is created and applied to an input at 10am,
the input will change status at 5pm
– A download to the Access Panel will be required if immediate action is required or
manually adjust via Alarm Monitoring
 44

Access Panels
• Bi-directional upstream communication with the OnGuard software

• Bi-directional downstream communication with all dependent devices

– Alarm Panels (LNL-1100, LNL-1200, LNL-1300e)
– Reader Interface Modules (LNL-1300, LNL-1320, LNL-1300e)
 45

Lenel Access Panels - Series 2

LNL-2210, LNL-2220, LNL-3300
 46

Access Panel Configurations

• Access panel configuration
– Name of the panel
– Online checkbox
• Communication with the LS Communication Server will be disabled if the
access panel is not online
 47

Access Panel - Location

• Location
– Workstation
• The computer running LS Communication server that is servicing this access
panel
– Address
– World Time Zone/Daylight Savings
 48

• Configuration Web Page button is used to configure ISCs settings (added OnGuard
5.12)
• Supported for the LNL-2210, LNL-2220, and LNL-3300
• Configurations performed through browser based application
 49

Access Panel - Connection

• Connection type selections
– Direct
– IPv4
– IPv6
– DNS Host name
– Dialup
• IPv6 is supported with OnGuard 7.0
– Designed to address IPv4 available address limitation
 50

Access Panel - Options

• Memory is fixed on Series 2 Access
Panels
• PIN Type
• Select from None, 4, 6 or 9 digit
• Default is none
• Cardholders
• Will allocate an appropriate amount of
memory on the ISC
• Event Capacity
• How many events will the access panel
store if not communicating to the
OnGuard server
• Event Capacity is fixed at 50,000 for the
Series 2 panels
 51

• Device count
• Controls the number of downstream devices that may be added to the access panel
• No more than ½ of the downstream devices can be alarm panels
– Except for LNL-2210
• LNL-3300 Supports 64 total devices, 32 per port
• Store Expiration / Activation Date
• Stores the badge expiration and activation information on the access panel
• The options are Not Enforced / Date Only / Date and Time*
* Time must be configured to be used in the General Cardholder Options
 52

Reader Interface Modules (RIMs)

• RIMs are a downstream device from
the access panel (ISC)
• The reader modules support magnetic
and wiegand readers
• Lenel offers several types of reader
modules
–Single reader module LNL-1300
–Dual reader module LNL-1320
–Intelligent dual reader module LNL-2220
–Intelligent single door controller LNL-2210
–LNL-1300e - Single Door, 1 or 2 readers
 53

• Door hardware can have up to three

components:
–Door Contact = allows for monitoring of door
status/state (dedicated input)
–Request to Exit (REX) = automatic or manual
(push bar) request
• to exit through door (dedicated input)
–Strike = powered door component used to
release/energize door for entry (dedicated
output)
 54

Reader Configurations
• The name of the reader
–Reader field length expanded to 96 characters

• Select the Access Panel connected to the Reader Interface Module for that
particular card reader
 55

• With OnGuard 7.1 the board type and reader output are now separate
dropdowns
–Dynamically update based on selection of Panel and Type
 56

• Board types
–Interface type
•Dual Interface = LNL-1320
•Single Interface = LNL-1300
•Onboard = LNL-2220 or LNL-2210
•IP Interface = LNL-1300e
–Reader Output
•Wiegand/Prox
•OSDP Protocol
•And more…
 57

• Port and Address

–RS-485 downstream port from the ISC
–Device address of the Reader Interface Module (0-31)
• Reader Number
–The number is automatically selected prior to OnGuard 7.1
–The number is determined by Reader Type selection prior to 7.1
–With 7.1, Reader number 0 is for physical reader 1 on the board or Reader number 1
is for physical reader 2 on the board
• Alternate Reader
–Alternate reader associated with primary reader
–Two readers on the same side of the door
–Must select Primary Reader
 58

Configuration for Onboard Readers

• LNL-2210 and LNL-2220 can have Onboard readers
• If using the onboard readers, under Type select Onboard Reader number
• If using a downstream LNL-1320 or LNL-1300 off an LNL-2210, the port
is automatically listed as Reader 1
–Set the necessary address of the downstream Reader Module
 59

• Reader modes for online operation

–Locked
–Unlocked
–Facility Code
–Card Only
–PIN or Card
–Card and PIN
 60

• Reader modes for offline operation

–Locked
–Unlocked
–Facility Code
• Selecting any other choice sets the offline mode to LOCKED
 61

• Held Open Time / Extended Open

–Controls amount of time the door may remain open on a valid access grant or REX
• Strike Time / Extended Strike
–Controls how long the strike will remain energized on a valid access grant or REX
–Extended times are configured by using the “Use Extended Strike/Held Times”
option of the cardholder badge form
 62

• Strike
–Option is to cut off on open or on close of door contact
• Do Not Activate Strike on REX
• Keypad
–Options include 4 bit, 8 bit, 1-7 style, or 2020 with or without tamper
 63

• Card Format
–OnGuard supports eight (8) card formats per system
–Must checkbox appropriate format for card reader
 64

• Door forced and door held

open alarms may be masked
during a timezone
–blank = never
• Logging events to database
–blank = always
–Events always display in Alarm
Monitoring regardless if Timezone
applied
 65

• Paired Master and Paired Slave setting

–For controlling the same door using LNL-
1320 or LNL-2220
–Automatically configured if using the two
onboard readers of an LNL-2210
• Two Card Control
–Requires two valid cards with access within
10 seconds
 66

• Reader must be in Card and PIN mode

• The Duress code is the cardholders PIN
#+1
–Add 1 to the last digit of the PIN
–If the PIN is 123, then the duress code is 124
–If the PIN is 129, then the duress code is 120
• The Duress alarm will be sent to Alarm
Monitoring
• Access to the reader may be denied as
an option set per reader
 67

• Assume door used

–Used when door contact hardware is not installed
• Use Limit
–Access will be denied when the use limit is reached
at the reader
–The use limit value is set per badge
•The use limit is stored in the database
•Use limit range is 0-255 with blank = Unlimited
•Remaining uses will be restored upon a database
download to the ISC
•Changes to the use limit count will take effect
immediately
 68

Denied (PIN) Attempts

• Denied Attempts events include
–An unknown PIN entry at a reader in PIN or Card mode
–An invalid PIN entry at a reader in Card and PIN mode
• If configured, the reader will lock (Restore feature)
for the configurable period of time (in minutes) if
the denied attempts count is exceeded
• Count
–The number of invalid access attempts
•0-255 – zero disables the counter
• Timeout
–How long after the last invalid access before the count
resets
•1-999 minutes
• Restore
–How long the reader will stay in a locked or denied mode
•0-999 minutes – zero disables the reader lockout feature
 69

• The reader mode in the status tree will not change while in denied
attempt lockout mode
–A Reader Locked event will be generated while in denied locked mode
 70

Pre-Alarm
–Used for pre-held alarm annunciation
•None: gives no warning before a Held Open Alarm is generated
•Pulse AUX Output 1: pulses the reader AUX Output 1 for the specified Output 1 Pulse
Time
•Use Reader Buzzer: Activates the buzzer on the reader if wired
•The duration is specified in the Pre-Alarm timeout field
–Timeout specifies when the buzzer or AUX 1 pulse will start
–The buzzer will continue until the door is secure
–Reader must support the buzzer control line (5VDC)
 71

• Door Contact and REX Supervision settings

–Report REX events
•Controls whether or not REX events are displayed in Alarm Monitoring
72
 73

- END -