Software House IP-ACM Ethernet Door Module v2: Installation and Configuration Guide

Software House
IP-ACM Ethernet Door Module v2
Installation and Configuration Guide
PART NUMBER: 8200-1466-02

REVISION: H0
SEPTEMBER 2019
Copyright and Trademarks
©2019 Johnson Controls. All rights reserved. JOHNSON CONTROLS, TYCO and C•CURE 9000 are trademarks and/or registered trademarks.
Unauthorized use is strictly prohibited. Product offerings and specifications are subject to change without notice. Actual products may vary from
photos. Not all products include all features. Availability varies by region; contact your regional sales representative.
Canadian Radio Emissions Requirements
The digital apparatus does not exceed the Class A limits for radio noise emissions from digital apparatus set out in the Radio Interference
Regulations of the Canadian Department of Communications.
Le present appareil numerique n’emet pas de bruits radioelectriques depassant les limites applicables aux appareils numeriques de la class A
prescrites dans le Reglement sur le brouillage radioelectrique edicte par le ministere des Communications du Canada.
FCC Digital Device Limitations
Radio and Television Interference
This equipment has been tested and found to comply with the limits for a digital device, pursuant to Part 15 of the FCC rules. These limits are
designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may
cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference, in
which case the user will be required to correct the interference at his own expense.
Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) this device must accept any
interference received, including interference that may cause undesired operation.
In order to maintain compliance with FCC regulations, shielded cables must be used with this equipment. Operation with non-approved equipment
or unshielded cables is likely to result in interference to radio and television reception.
Caution: Changes or modifications not expressly approved by the manufacturer could void the user’s authority to operate this
equipment.
Table of Contents
Chapter 1 - Overview and Introduction 1

Overview 1
IP-ACM v2 Ethernet Door Module features 2
Readers and accessory modules 6
Chapter 2 - Site Requirements and Installation 7

Requirements and Specifications 7
Installation and Enclosures 11
Chapter 3 - Configuration 15
IP-ACM v2 Configuration Sequence 15
Initial Configuration 15
C•CURE 9000 iSTAR Ultra IP-ACM Editor 18
iSTAR Controller IP-ACMs Tab 18
iSTAR Ultra IP-ACM Inputs Tab 20
iSTAR Ultra IP-ACM Outputs Tab 21
iSTAR Ultra IP-ACM Wiegand Tab 21
iSTAR Ultra IP-ACM RS-485 Tab 22
iSTAR Ultra IP-ACM Triggers Tab 23
iSTAR Ultra IP-ACM Status Tab 24
Offline configuration 24
Upgrading the IP-ACM v2 Firmware 26
Chapter 4 - IP-ACM Web Page Configuration 27

IP-ACM Configuration/Status Web Page 27
802.1X port-based authentication configuration 29
1
Chapter 1 - Overview and Introduction
Overview
The IP-ACM Ethernet Door Module v2 module provides connection and management of access control for two
readers. The maximum number of IP-ACM Ethernet Door Module v2 modules supported per iSTAR Ultra is 32,
iSTAR Ultra SE is 32, and iSTAR Ultra LT is 8 or 16, depending on the model.
The maximum number of readers can be accomplished as follows:

■ iSTAR Ultra or Ultra SE (in Ultra Mode): Up to 16 IP-ACMs with 2 readers per IP-ACM, 32 IP-ACMs with 1 reader
per IP-ACM, or any combination of these configurations.
■ iSTAR Ultra LT 16-reader board (0312-7188-02): Up to 8 IP-ACMs with 2 readers per IP-ACM, 16 IP-ACMs with
one reader per IP-ACM, or any combination of these configurations.
For the 8-reader iSTAR Ultra LT board (0312-7188-01), you can have up to 4 IP-ACMs with 2 readers per IP-ACM, 8 IP-ACMs with
NOTE one reader per IP-ACM, or any combination of these configurations.
The 16-reader iSTAR Ultra LT board has not been evaluated by UL.
The IP-ACM Ethernet Door Module v2 supports the following features:

■ 12VDC or 24VDC local power or Power over Ethernet (PoE or PoE+)
■ Two RJ45 ports:
• Port 1: Ethernet port, internally bound to MAC with the MAC address and used as the network connection
port for the board (10/100/1000)
• Port 2: Switch port, not a secondary port, used for iSTAR Ultra LT connection (10/100, no PoE).
Caution: Do NOT plug this port into the same network as J1 or a loopback will occur.
■ Four supervised Inputs and two Outputs

■ Communication to readers through Wiegand or RS-485 ports
■ SSL network encryption from the unit to the GCM
■ IPv4 and IPv6 network protocols
■ 802.1X port-base authentication
■ HTTPS Web-based configuration
IP-ACM Ethernet Door Module v2 Chapter 1 1

IP-ACM v2 Ethernet Door Module features
■ Offline mode for two readers that allows the last 1,000 previous card admits and/or a specific personnel group of
no more than 100
Table 1: Part numbers and descriptions of IP-ACM Ethernet Door Module v2 and enclosures
Part Number Description
IP-ACM2A-MB IP-ACM V2, 2 Reader, board only
IP-ACM2A-EM IP-ACM V2, 2 Reader in metal enclosure
IP-ACM2A-EP IP-ACM V2, 2 Reader in plastic enclosure
IP-ACM2-CAN IP-ACM metal enclosure without board
IP-ACM2-CAN-P IP-ACM plastic enclosure without board
IP-ACM2A-MB-5PK IP-ACM V2, 2 Reader, board only five pack box

Figure 1 on Page 2 shows the switches, jumpers, ports, and connectors of the IP-ACM Ethernet Door Module v2.
Figure 1: IP-ACM Ethernet Door Module v2
2 Chapter 1 IP-ACM Ethernet Door Module v2

Switches and jumpers

See Figure 1 on Page 2 for the locations of the switches and jumpers on the IP-ACM v2.
SW1
Table 2 on Page 3 describes the positions of switch SW1.

Table 2: Switch SW1 descriptions
Position Description
SW1-1 OFF: Normal Operation

ON: Standalone Operation
Refer to the Initial Configuration section for details.
SW1-2, SW1-3, and SW1-4 Not used. Must be in the OFF position.
SW2 used for factory reset
Position D of rotary switch SW2 is used for factory reset. All other positions of the rotary switch are not used in this
release.
Factory reset
1. Switch the position of the rotary switch SW2 to position D.

2. Press and release SW3 Reset button.
3. Wait until LEDs DS4 and DS8 flash. Factory reset is successful if DS4 and DS8 flash in a sequence of two
flashes in quick succession then pause and repeat continuously. If there are more than two quick flashes in the
sequence, the factory reset has failed.
4. Switch rotary switch SW2 to position 0.
5. Press and release SW3 Reset button.
Ports and connectors

See Figure 1 on Page 2 for ports and connectors on the IP-ACM v2.
J5
The second RJ45 port (J5) used for connection to the iSTAR Ultra LT when mounted in the same enclosure. If this use
case is being implemented, two IP addresses are needed: one for the IP-ACM and another for the iSTAR Ultra LT.
Caution: Do not plug this port into the same network as J1 or a loopback will occur.
DO NOT PLUG INTO THE SAME NETWORK AS PORT 1 OR A LOOPBACK WILL OCCUR!
Specific requirements for the second RJ45 port are:

■ Full duplex wiring

■ 10/100 speed (Gigabit Ethernet not provided)

■ Power over Ethernet (PoE) not provided on this port
P1
This port supports local power of 12 VDC or 24 VDC, 25.5W max. However, the maximum combined output limit for
readers and locks is 17W (+/-10 %). See Table 4 on Page 9 for more information regarding power and wiring
requirements.
P3 and P4
Figure 2 on Page 4 illustrates the wiring for a Wiegand reader on the IP-ACM v2.
Figure 2: Wiegand wiring for the IP-ACM v2
P5 and P6
You can wire these RS-485 ports either full or half duplex depending on the reader you are using. See Figure 3 on Page
5 for reference on wiring these RS-485 ports.

Figure 3: Full duplex and half duplex wiring
l Wiring for the RS-485 ports are straight-through. Ensure that pin 1 of the RS-485 port on the IP-ACM
NOTE v2 connects to pin 1 of the RS-485 port on the corresponding reader.
l Full duplex has not been evaluated by UL.
P15 Tamper
Normally Closed (NC) when the enclosure is secure.
Inputs
See Figure 1 on Page 2 for the four supervised inputs, P11 to P14, of the IP-ACM v2. Use standard Software House
1K dual EOL configuration. Further configurations may be selected through the IP-ACM v2 editor in C•CURE 9000.
Output Relay Wet or Dry Jumpers

The two output relays can be Dry or Wet, based on the position of these jumpers.
■ When Dry, the integrator must supply the external power that the relay switches. When set to Dry, use the C, NO,
or NC connections.
■ When Wet, the IP-ACM sources the power. When set to Wet, use the GND, NO, or NC connections.
Jumper Settings
■ 12 VDC Wet sourced from Jumper 1 to 2

■ 24 VDC Wet sourced from Jumper 3 to 4
■ Dry use external power - Park Jumper on 2 to 3

Readers and accessory modules
Figure 4: Wet/Dry Relay Jumper
Readers and accessory modules

The following readers and accessory modules are UL supported:
■ Wiegand Signaling Readers:
• SWH-4000, SWH-4100, SWH-4200
• SWH-5100
• HID 5365 Series
• HID RP40 multiCLASS
• HID RPK40 multiCLASS
• HID RP15 multiCLASS
■ RS-485 RM Bus:
• RM1 series (SWH)
• RM2L series (SWH), RM2L-PI, RM2L-4000, RM2L-NH
• SWH-TST series (SWH): SWH-TST-100, SWH-TST-100-V
■ Accessory modules:
• One I/8 or I/8-CSI per port
• One R/8 per port
• RM-4, RM-4E, RM-DCM-2

2
Chapter 2 - Site Requirements and Installation
Requirements and Specifications

The contents of this chapter explain the installation, power and wiring, grounding, and environmental requirements for
the IP-ACM v2.
Installation Requirements
Ensure the site is ready:
■ The module installation must be performed by a certified installer and must be installed within the same protected
premise as the controlling GCM.
■ For a UL-compliant installation, the power supply must be UL Listed to UL 294 and UL 603, low voltage Class 2
power limited with appropriate ratings.
Table 3: UL 294 Levels
Feature Level
Destructive Attack 1
Line Security 4
Endurance 4
Standby Power 1
■ All interconnecting devices must be UL Listed, low voltage Class 2 power limited.
■ The site must be approved and all wiring must comply with UL requirements and other codes, as appropriate.
Installation shall be in accordance with the National Electric Code, ANSI/NFPA 70-1993.
■ In this installation, the enclosure is mounted directly to a wall or uni-strut using suitable user-supplied hardware.
■ The anchoring system must be capable of sustaining, a proof load four times that of the assembly. Refer to the
enclosure dimensions for information on the weight of enclosures. This weight does not include the cables.
■ The cables are protected by using metal or plastic conduit, or using flexible cable grip strain relief.
■ The module can be powered from either a 12VDC or 24VDC local source, PoE or PoE plus.

■ UL testing was conducted with a product powered from UL Listed model POE36U-1AT-R injector, manufactured
by PHIHONG.
■ Do not connect to a receptacle controlled by a switch.
■ It is recommended to setup a private dedicated network for the connection between IP-ACM v2 panels and iSTAR
Ultra panels for more secure connection options.
ELECTROSTATIC SENSITIVE DEVICES:

NOTE • Observe precautions for handling.
• Before handling any internal components, discharge static electricity by holding a grounding lug or non-painted surface for three
seconds.
• Wear a grounding wrist strap and stand on a grounded static mat.
• Reduce movement during installation to reduce static buildup.
• Confirm work area is safeguarded.
• Transport components to static-shielded containers.
• Verify that all components, materials, and the installer are reference to a common ground.
The outsides of the ESD bags are not ESD protected.
LIFE SAFETY REQUIREMENT: A fail-safe override mechanism must be installed at each card reader exit to allow people to leave
NOTE the secure area in case of electromechanical failure.
CAUTION: Changes to the IP-ACM v2 that are not expressly approved by the party responsible for compliance could void your
authority to operate the equipment.
FOR BURGLAR ALARM INSTALLATIONS:

The IP-ACM v2 is not provided with backup power. An external power supply must be provided with the following characteristics:
• UL 603 Listed.
• Minimum four hours of standby power after notification of loss of AC Power.
Tyco/Software House Advanced Power Supply (apS) used in conjunction with the IP-ACM v2 will be sufficient in meeting the
requirement of UL 1076.
When using an external power supply, the supply shall be Class 2 and compliant with EN/IEC 62368.
All Burglar Alarm and Intrusion Zone inputs must be supervised and have Triggers configured to Alarm upon Tamper.
Data processing equipment and office appliance and business equipment used as computer equipment shall comply with the
NOTE Standard for Information Technology Equipment - Safety - Part 1: General Requirements, UL 60950-1.
• The installation shall supply line transient protection complying with the Standard for Transient Voltage Surge Suppressors, UL
1449, with a maximum marked rating of 330 V.
• Communication circuits and network components connected to the telecommunications network shall be protected by
secondary protectors for communication circuits. These protectors shall comply with the Standard for Secondary Protectors For
Communication Circuits, UL 497A. These protectors shall be used only in the protected side of the telecommunications network.
• Equipment shall be installed in a temperature controlled environment. A temperature controlled environment is defined as one
that can be maintained between 55°F (13°C) to 95°F (35°C) by the HVAC system. Twenty-four hours of standby power shall be
provided for the HVAC system. The standby power system for the HVAC system may be supplied by an engine driven generator
alone and in those situations a standby battery is not required to be used.

IP-ACM Ethernet Door Module v2 power and wiring requirements

Table 4 on Page 9 describes the power and wiring requirements for the IP-ACM v2.
Table 4: Power and wiring requirements for the IP-ACM v2
Signal Power Requirements To AWG Shield Maximum Length
RS-485 Comm, RM & I/O modules 22 Yes 4000ft (1212m)

Data half duplex
2-wire
NOTE: If using tthe TST-100
Touchscreen Terminal
reader, then the
maximum distance is
32ft (10m).
RS-485 Power 1 RM & I/O modules 22/18 Yes Maximum length depends on
12Vdc
application and AWG2
RJ45-Ethernet Level 3 Switch, Hub, or CAT-5E No 328ft. (100m)

Host or better
Request to Exit Switch Contact 22/18 No 2000ft. (606m)

(REX or RTE)
Door State Switch Contact

Monitor (DSM)
Supervised Input Input 22 Yes 2000ft. (606m)

(UL) Note3
Reader Data 4 Proximity/Wiegand 22 Yes 200ft. (60.96m)

12Vdc
(Direct Wiegand signaling read head 20 300ft. (91.4m)
Connection)
18 500ft. (152.4m)
Wet Relay 12 or 24Vdc (jumper 2000ft. (606m)

Contacts selectable), 0.5A (per lock) 5
Dry Relay 0 to 30Vdc , 5A max. NO, 2000ft. (606m)

Contacts 3A max. NC
Power over IEEE 802.3af (PoE) and 802at Switch Contact 24 Yes 328 ft. (100m)
Ethernet (PoE) (PoE Plus), 25.5W max. LLDP
supported for PoE Plus6
1It is important to note that the aggregate load of each pair of RS-485 and Wiegand connections together must not exceed 750mA. Each set of RS-485
and Wiegand can support 750mA.
2Check wire lengths to verify that voltage drops are acceptable. Calculations are based on a single RM-4 reader with keypad and LCD (250mA). Using
22AWG, distance = 600ft. (.0165 ohms/ft.). Using 18AWG, distance = 1500ft. (.0065 ohms/ft.).
3To comply with UL requirements, use shielded, minimum 22 AWG stranded, twisted pair cable for monitor points, DSMs, and REXs. Use Belden 9462
or equivalent.
4It is important to note that the aggregate load of each pair of RS-485 and Wiegand connections together must not exceed 750mA. Each set of RS-485
and Wiegand can support 750mA. Maximum combined output limit for readers, locks, and board logic is 20W.
5Voltage depends on selection of power feed (L1 or L2). Maximum combined output limit for readers, locks, and board logic is 20W.
6Compliance with IEEE 802.3 (AT or AF) specifications was not verified as part of UL294/B.

Signal Power Requirements To AWG Shield Maximum Length
Local Power 12 or 24Vdc 25.5W P1 18 No Maximum length depends on

max.1 application and AWG
Environmental requirements
This product is for indoor use only and not intended for outside wiring as covered by article 800 in the National
Electrical Code, NFPA 70.
Table 5: Environmental requirements of the IP-ACM v2
Status Range
Ambient temperature rating 32° to 120° F (0 to 49°C)
Maximum elevation 6600 ft (2000m)
Humidity 0 to 85% RH
Grounding requirements
The grounding requirements for IP-ACM Ethernet Door Module v2 installation are as follows:
■ Grounding needs to follow NEC codes or the applicable local code.
■ On the plastic enclosure, ensure that all shields of the IP-ACM v2 cables properly connect and terminate to the
earth ground at the point indicated on Figure 6 on Page 12.
■ Shielded wires should have the shields grounded to the chassis enclosure as close as possible to where the
cables are entering the enclosure.
■ When disconnecting the wiring, disconnect ground wires last, to provide maximum protection to the equipment
and personnel.
Disconnect all power sources before modifying the wiring.
Supervision wiring
The IP-ACM v2 supports configurable supervised input circuits. The default selection is the double 1K circuit, as seen
in Figure 5 on Page 11. For more information regarding other inputs available and details of configuration, refer to the
I/8-CSI User Guide.
1Maximum combined output limit for readers and locks is 17W (+/- 10%).

Installation and Enclosures
Figure 5: Supervised wiring
This method reports:

■ Short
■ Normal: 1K for Normally Open, 1K for Normally Closed
■ Alert: 500 ohms for Normally Open, and 2K for Normally Closed
■ Open: >30K
■ Line Fault: Any unexpected value usually due to wrong value or fault resistors
For more information regarding other inputs available and details of configuration, refer to the I/8-CSI User Guide.
Not all configurations can detect all states. For more information regarding states, refer to the I/8-CSI User Guide and the con-
NOTE figuration tables and images relevant to the configuration of your unit.

The following sections describe features and installation procedures of the plastic and metal enclosures with the IP-
ACM Ethernet Door Module v2.
Plastic enclosure
Figure 6 on Page 12 and Table 6 on Page 12 describe the dimensions of the plastic enclosure. The plastic enclosure is
not acceptable for use in a plenum.

Figure 6: Plastic enclosure mounting hole dimensions
Table 6: Plastic enclosure dimensions
Plastic Enclosure Dimensions
Item Dimension
Weight 1.6lb (.72kg)
Height 7.2in (183mm)
Width 12.1in (307mm)
Depth 2.46in (62.4mm)
Installing the plastic enclosure and IP-ACM Ethernet Door Module v2

To install the plastic enclosure, complete the following steps:
1. Remove the screws using the Software House security screwdriver (not included, part number: 132-183) and lift
the enclosure cover off of the plastic enclosure.
2. Secure the enclosure to the selected wall or support surface using the holes provided in the enclosure’s molded
base. See Figure 6 on Page 12 for dimensions and hole pitch for mounting.
It is essential to use all five securing screws when mounting the plastic enclosure. Ensure that the mounting hole at 131.1 across and
NOTE 26.3 up is used as this is required for the "whole unit off the wall" anti-tamper feature to be operational.
3. Remove the IP-ACM v2 from the packaging and place in a safe location using ESD proper procedures while
handling equipment.

4. Secure the IP-ACM v2 to the right of the enclosure.

5. Fit and connect all customer cables. Refer to the power and wiring requirements for more information.
6. Secure the cover with two tamper-proof screws using the Software House security screwdriver.
Metal enclosure
Figure 7 on Page 13 and Table 7 on Page 13 describe the dimensions of the metal enclosure. The metal enclosure is
approved for use in a plenum.
Mounting hardware is not included with the metal enclosure. Hardware used for mounting should be able to support
four times the weight of the enclosure not including cabling.
Table 7: Metal enclosure dimensions
Metal Enclosure Dimensions
Item Dimension
Weight ~2.6lb (~1.2kg)
Height 8.25in (209.6mm)
Width 7.34in (186.5mm)
Depth 3.46in (87.8mm)
Figure 7: Metal enclosure mounting holes

Installing the metal enclosure and the IP-ACM Ethernet Door Module v2
To install the module and metal enclosure, complete the following steps:
1. Open the door of the metal enclosure.
2. Secure the enclosure to selected wall or support surface using holes provided in the enclosure’s base. See Figure
7 on Page 13 for dimensions and hole pitch for mounting.
3. Remove the IP-ACM v2 from the packaging and place in a safe location using ESD proper procedures while
handling equipment.
4. Secure the IP-ACM v2 to the enclosure.
5. Fit and connect all cables. Refer to the power and wiring requirements for more information.
6. Close and secure the metal enclosure cover.

3
Chapter 3 - Configuration
IP-ACM v2 Configuration Sequence

As the IP-ACM v2 is part of an access control system, you have to configure multiple parts prior to the initial
configuration of the IP-ACM v2. Once you configured the IP-ACM v2, you have subsequent configurations to perform
for readers, door, cards, credentials, clearances, and personnel.
Configuring the IP-ACM v2 Summary

1. Create an iSTAR cluster.
2. Create controllers within that cluster. Ensure that the iSTAR Controller (Ultra or Ultra SE in Ultra Mode) you are
going to connect the IP-ACM v2 to is configured in the C•CURE 9000.
3. Start the IP-ACM v2 hardware and connect the IP-ACM v2 to the network. You can perform initial configuration of
the IP-ACM Ethernet Door Module v2 in two modes:
• Normal Operation mode
• Standalone configuration mode
Use Normal operation mode when using DHCP network addressing, and use Standalone configuration mode
when configuring a static IP address for the IP-ACM v2.
4. Configure the IP-ACM v2 in the C•CURE 9000 Administration Station. Open the iSTAR controller editor and click
the IP-ACMs tab:
a. Add the IP-ACM v2 to the controller.
b. Configure the IP-ACM v2 Offline Mode.
c. Configure the readers to connect to the IP-ACM v2.
d. Configure the IP-ACM v2 inputs, outputs, and triggers.
5. Configure a door with the readers in the IP-ACM v2.
6. Configure cards, credentials, clearances, and personnel for access at doors and readers.
Initial Configuration
The IP-ACM v2 requires:
■ iSTAR Ultra/Ultra SE/Ultra LT firmware version 6.5.4 or higher

If the iSTAR Ultra, Ultra SE, or Ultra LT is running firmware v6.6.B and higher refer to the latest respective Controller Installation
NOTE and Configuration Guide, available from the website, for iSTAR controller configuration information.
■ C•CURE 9000 version 2.60 SP1 and higher
Initial configuration of the IP-ACM Ethernet Door Module v2 can be performed in two modes:
■ Normal Operation mode
■ Standalone configuration mode
Use Normal operation mode when using DHCP network addressing, and use Standalone configuration mode when
configuring a static IP address for the IP-ACM v2.
The IP-ACM Ethernet port (J1) defaults to using DHCP.

NOTE The MAC Address of the IP-ACM Ethernet Door Module v2 is located on the module, enclosure, or shipping carton.
Software House strongly recommends that you use a Static IP address when configuring iSTAR controllers.
The following limitation applies to iSTAR controllers with member connected controllers and iSTAR Ultra controllers
with connected IP-ACMs that use DHCP IP address assignments:
■ If DHCP is used, the lease may expire and assign a new IP address to the iSTAR controller. If this happens, all
members and IP-ACMs are not able to connect to the iSTAR controller with the new IP address. You need to
reassign the IP address:
1. Update the iSTAR controller IP address in the ICU.
2. Update the IP address in the IP-ACM Configure/Status web page.
3. Update the IP address in the iSTAR Controller Editor (members).
• When you initially configure the IP-ACM v2 using the iSTAR Configuration Utility (ICU), you can only use one IP address of the
NOTE Ultra GCM board for configuration. The GCM board has two Ethernet connections, so if the GCM switches to a different IP
address from the initial configuration, communication from the IP-ACM v2 to the GCM board is lost.
Normal operation mode

To configure the IP-ACM v2 in Normal Operation mode, complete the following steps:
1. Ensure the SW1-1 is OFF.
2. Apply power using the PoE (J1) or the local power port.
3. Push the SW3 reset switch.
4. Connect the IP-ACM v2 board to the Ethernet port directly on a DHCP network and run the iSTAR Configuration
Utility (ICU), version 6.5.4 or later, on the same subnet using an Ethernet cable. Ensure you have previously
configured the iSTAR Ultra controller in order to obtain the iSTAR IP address for the IP-ACM configuration.
5. To discover the IP-ACM, click the IP-ACM icon in the ICU. A list of IP-ACM modules appear.
6. Right-click the IP-ACM, identified by its IP address or MAC Address, you want to configure and select Configure
IP-ACM.

• There is limited access to the IP-ACM v2 Configuration/Status Web Page on a system with Windows 8 or Windows 10 operating
NOTE system using Internet Explorer 11 or Edge browser on IPv4 and IPv6.
• Internet Explorer 9 does not display content correctly for the IP-ACM v2 web page.
• If using Internet Explorer and you receive a Certificate Error indicating "There is a problem with this website's security
certificate”, click Continue to this website (not recommended).
• If using Goggle Chrome and you receive an error indicating “Your connection is not private”, click ADVANCED and then click
Proceed to x.x.x.x (unsafe).
7. Enter the password: iSTAR, and click Login. The IP-ACM Configuration/Status web page appears.
8. In the Configuration section, enter the iSTAR IP address assigned to the iSTAR Ultra controller.
Ensure you click Logout on the IP-ACM Configuration/Status Web Page instead of exiting the browser through the X in the
NOTE upper-right corner so you can access this web page when you want to. If you close IP-ACM Configuration/Status Web Page from
the X in the upper-right corner and then re-open a new web page to the same URL, a message appears stating that the IP-ACM
session is currently locked by the IP Address of the machine where you closed the web page. The locked session times out after
being idle for five minutes. You can then try accessing the URL again.
9. Click Save.
• Saved changes do not take effect until the board is rebooted.

NOTE • When you initially configure the IP-ACM v2 using the iSTAR Configuration Utility (ICU), you can only use one IP address of the
Ultra GCM board for configuration. The GCM board has two Ethernet connections, so if the GCM switches to a different IP
Standalone configuration mode

To configure the IP-ACM v2 in Standalone mode, complete the following steps:
1. If there is no DHCP network, or the installer prefers configuring the IP-ACM v2 before putting it on the network,
switch SW1-1 to ON.
2. Apply power using the PoE (J1) or the local power port.
3. Perform a factory reset, see Factory reset on Page 3, while SW1-1 is in the ON position.
4. The IP-ACM starts with a static IP address of: 192.168.1.111. Connect a laptop or PC, statically configured in the
192.168.1.0/24 subnet, directly to the IP-ACM v2 with an Ethernet cable.
5. Open a web browser and enter the IP address: https://192.168.1.111.
• There is limited access to the IP-ACM v2 Configuration/Status web page on a system with Windows 8 or Windows 10 operating
NOTE system using Internet Explorer 11 or Edge browser on IPv4 and IPv6.
• Internet Explorer 9 does not display content correctly for the IP-ACM v2 web page.
certificate”, click Continue to this website (not recommended).
6. Enter the password: iSTAR, and then click Login.

7. Make edits that you require to the following fields on the IP-ACM web page: IP-Type, Alloc Type, IP-ACM Addr,
IP-ACM NetMask, IP-ACM Gateway, IP-ACM DNS, and iSTAR IP Addr.
8. Click Save.

C•CURE 9000 iSTAR Ultra IP-ACM Editor
Ensure you click Logout on the IP-ACM Configuration/Status Web Page instead of exiting the browser through the X in the upper-
NOTE right corner so you can access this web page when you want to. If you close IP-ACM Configuration/Status Web Page from the X in
the upper-right corner and then re-open a new web page to the same URL, a message appears stating that the IP-ACM session is
currently locked by the IP Address of the machine where you closed the web page. The locked session times out after being idle for
five minutes. You can then try accessing the URL again.
9. Switch SW1-1 to OFF.

10. Reboot the IP-ACM v2 before putting the module back on the network.
• Saved changes do not take effect until the board is rebooted.

NOTE • When you initially configure the IP-ACM v2 using the iSTAR Configuration Utility (ICU), you can only use one IP address of the
Ultra GCM board for configuration. The GCM board has two Ethernet connections, so if the GCM switches to a different IP

The iSTAR Ultra IP-ACM editor in the C•CURE 9000 Hardware Pane of the Administration Station is used to configure
readers, inputs, and outputs.
See the following for more information:

■ iSTAR Controller IP-ACMs Tab on Page 18
■ iSTAR Ultra IP-ACM Inputs Tab on Page 20
■ iSTAR Ultra IP-ACM Outputs Tab on Page 21
■ iSTAR Ultra IP-ACM Wiegand Tab on Page 21
■ iSTAR Ultra IP-ACM RS-485 Tab on Page 22
■ iSTAR Ultra IP-ACM Triggers Tab on Page 23
■ iSTAR Ultra IP-ACM Status Tab on Page 24
iSTAR Controller IP-ACMs Tab

You can access the IP-ACM configuration through the iSTAR Controller dialog box IP-ACMs tab.
To Configure the IP-ACM

1. From the iSTAR Controller editor, click the IP ACMs tab.
Be sure to select the correct configuration table for your IP-ACM.

NOTE
■ IP-ACMv1s for IP-ACM boards with one Ethernet port.
■ IP-ACMv2s for IP-ACM boards with two Ethernet ports.
2. Click on the Configured check box in the Index row that you want to add or edit.
3. Click in the Edit column of the Index row to open the iSTAR Ultra IP-ACM Editor. The iSTAR Ultra IP-ACM editor
is used to configure the inputs, outputs, and readers (Wiegand, RM, BLE, OSDP, and Smart).
4. Configure the Offline Mode of All IP-ACM's configured on this controller. See Table 8 on Page 19 for
descriptions of the fields.
5. When the IP-ACMs configuration is complete, click in the Enabled check box, and click Save and Close.

Table 8: iSTAR Controller IP-ACMs tab Definitions
Field/Button Description
IP-ACMs
Create All IP-ACMs Click to create the IP-ACMs. When you click Create All IP ACMs the Configured column check boxes are
selected, and you can click in the Edit column to open the iSTAR Ultra IP ACM Editor to configure the
IP-ACM.
Delete All IP-ACMs When you click Delete All IP-ACMs, the check boxes in the Configured column are cleared for all IPACMs.
When the configuration is save, you are prompted to confirm deletion of each IP-ACM.
Offline Mode of All IP-ACMs
NOTE: The selections made in the Offline Mode of All IP-ACMs section will apply to all IP-ACMs (IP-ACMv1s and IP-ACMv2s) configured on the
controller.
In offline mode, the IP-ACM board will admit cards that are among the last xxx previous admitted cards in addition to a pre-defined personnel group.
- A total of 1000 credentials (not personnel) for both previous admitted credentials and credentials in the personnel group.
- Maximum 100 personnel in the personnel group.
- If you set the Personnel system variable "Maximum Cards Per Person", then that value must be taken into consideration.
Example: If you set the "Maximum Cards Per Person" value to 3, then only 1000 - 100 x 3 = 700 is allowed in the "Admit the last admitted cards" field
for configuration. This is true, even if the personnel count in the personnel group selected is less than 100.
Admit the last admitted cards Select a number from the menu that will apply to the previous cards that were admitted.
Default: 0
Value: 0 to 1000
Admit the members of this

personnel group Click to select a pre-configured personnel group.
NOTE: The maximum value is 1000 admitted cards. If a Personnel Group is configured to have 100
personnel members, the maximum value is reduced by 100 times the maximum number of cards per
person configured in the System Variable.
Card Format used for Offline Mode Select a card format to be used for personnel when in offline mode. Only individual card formats are
selectable. The card format is used to determine the card data stream for each person in the personnel
group. All personnel will use the same card format. The first facility code and site code in the list will be used
if that format has multiple values.
Number of seconds before Offline The time in seconds that the IP ACM waits to enter offline mode after it loses communication with the GCM
Mode is enabled board.
This setting will apply to all IP ACMs on this controller unless specified in the iSTAR Ultra IP ACM Editor
General tab.
Default: 10 seconds.
Range: 5 to 30 seconds.
Number of Days to Keep The number of days a credential is kept while in offline mode.
Credentials in Offline Mode A value of 0 indicates not to keep a credential when in offline mode.
Default: 30 days
Range: 0 to 9999 days

High Latency Threshold in The number of milliseconds that will cause a round-trip latency alarm. This value will apply to all IP-ACM's
milliseconds configured for this controller.
Default: 200 milliseconds (0.2 seconds)
Range: 100- 2000 milliseconds (0.1 to 2 seconds)
iSTAR Ultra IP-ACM Inputs Tab

You can use the Inputs tab to create and configure the Inputs that are attached to this Ultra IP-ACM Board.
You can use an existing Input Template to create one or more of the IP-ACM Board Inputs. Click in the Template
Column, then click . A list of available iSTAR Input Templates appears. Click on the Template you want to use.
Refer to the C•CURE 9000 Hardware Configuration Guide for more detailed information about using Templates to
create Inputs.
Table 9 on Page 20 provides definitions for the buttons and fields on the iSTAR Ultra IP-ACM Inputs tab.
Table 9: iSTAR Ultra IP-ACM Board Inputs Tab Definitions
Special Purpose Inputs
Tamper The Tamper input activates when the controller cabinet is opened or removed from its mounting surface.
NOTE: For UL applications, this field must be enabled.
Select the check box in the Configured column and click located in the Edit column to open the iSTAR Input Editor
General tab to configure the Tamper input. From the Input Editor you can configure the Options, Triggers, Groups, Status and
State Images that are associated with the Tamper Input.
The Template column shows the template name chosen if you selected a Template prior to creating the Input.
Communication A logical unsupervised input that reflects the state of the communication between the GCM board and Processor-A on this IP-
Fail ACM v2 board.
Port Power Power indicator input for each RM / Weigand port.

Alarm Status 1
Port Power
Alarm Status 2
Lock Power IP-ACM can provide power for the locks directly from the 2 Output connectors (Lock Power 1 & 2). There are automatic over-
Alarm Status 1 current shut-off switches on each Lock Power. The Lock Power Alarm Status inputs go Active when the over-current shut-off
Lock Power switches are active, such as when Lock Power has been shut off.
Alarm Status 2
General Purpose Inputs
Inputs 1 These standard general purpose supervised inputs are available on iSTAR Ultra IP-ACM boards.
through 4

iSTAR Ultra IP-ACM Outputs Tab

You can use the Outputs tab to configure the Outputs for the IP-ACM.
Table 10 on Page 21 provides definitions of the fields and buttons on the iSTAR Ultra IP-ACM Board Outputs tab.
Table 10: iSTAR Ultra IP-ACM Outputs Tab General Tab Definitions
Name Displays the name for this Output board. The name is system-generated by default, but you can edit this name by
clicking this field.
Description Enter a textual comment about the Output board, such as its location or purpose. This text is for information only.
Maintenance Mode Click to put the iSTAR Outboard Board into Maintenance Mode.
Outputs (CANNOT BE ENABLED FOR FIRE ALARM INTERFACE)
Create All Outputs Click to create all Outputs.
Delete All Outputs Click to delete all Outputs.
Edit column Click the ellipsis in this column to open the iSTAR Output Editor to edit this Output.
NOTE: The Configured check box must be selected to open the Output Editor.
Index column This read-only field identifies the position of each Output (1 - 2) on the IP-ACM board.
Configured column A selected check box indicates that the Output has been configured.
A clear check box indicates that the Output has not been configured.
NOTE: The Configured check box must be selected to open the Output Editor.
Name column Displays the system-generated name for this Output. You can edit this name by clicking in the field.
Template column Displays the Template used for creating this Output. If the Output is not yet configured, you can click in this column,
then click to select an Output Template.
iSTAR Ultra IP-ACM Wiegand Tab

You can use the Wiegand tab to configure Wiegand readers connected to the IP-ACM board.
Table 11 on Page 21 provides definitions of the fields and buttons on the iSTAR Ultra IP-ACM Wiegand tab.
Table 11: iSTAR Ultra IP-ACM Wiegand Tab.Definitions
Box Description
Create All Click to create all the Readers. When you click Create All Readers, the Configured column check boxes are selected, and you
Readers can click the ellipsis in the Edit column to open the iSTAR Reader Editor to configure a direct connect Wiegand Reader.
Delete All When you click Delete All Readers, the check boxes in the Configured column are cleared for all Readers, and all these Readers
Readers are immediately deleted (any settings you have configured are lost).

Table 11: iSTAR Ultra IP-ACM Wiegand Tab.Definitions (continued)
Box Description
Edit Click the ellipsis in the Edit column to open the iSTAR Reader Editor to configure a Reader.
column
Index This column displays the number for each reader. This number is the physical port number for a Direct Connect Wiegand reader.
column
Configured Click the ellipsis in this column to create a reader and make it available for you to edit the device.
column
Name Displays the name for this Reader. The name is system-generated by default, but you can edit this name by clicking in this field.
column
Template Click in this column prior to creating the Reader, then click the ellipsis to select a Reader template from the list of available Reader
column templates.
The Template column shows the template name chosen if you selected a Template prior to creating the Reader.
Readers 1 Select the check box in the Configured column for a Reader and click the ellipsis located in the Edit column to open the iSTAR
-2 Reader Editor General tab to configure the Keypad, Triggers, Groups, Status and State Images that are associated with a Reader.
The Name column displays a name comprised of the Reader Type and the iSTAR Controller name. You can click in this column to
edit the Reader name.
iSTAR Ultra IP-ACM RS-485 Tab

You can use the RS-485 to configure RS-485 ports connected to the iSTAR Ultra IP-ACM Board.
The iSTAR Device Port Editor, accessed by clicking in the Configured check box of the port and click Edit, allows you to
select the RM, BLE, or OSDP protocols. See IP-ACM iSTAR Device Port Dialog Box on Page 23
Table 12 on Page 22 provides definitions of the fields and buttons on the iSTAR Ultra IP-ACM RS-485 tab.
Table 12: iSTAR Ultra IP-ACM Board RS-485 Tab Definitions
Create All Click to create the RS-485 Ports. When you click Create All Ports the Configured column check boxes are selected, and you
Ports can click the ellipsis in the Edit column to open the iSTAR Device Port Editor to configure an RS-485 Port.
Delete All When you click Delete All Ports, the check boxes in the Configured column are cleared for all Ports, and all Ports are
Ports immediately deleted (any settings you have configured are lost).
Edit column Click the ellipsis in the Edit column to open the iSTAR Device Port Editor to configure Device Ports for the IP-ACM. See iSTAR
Ultra ACM RS-485 Device Port Editor on Page 1.
Index column This column displays the number for each Device Port.
Configured Click the ellipsis in this column to create a Device Port and make it available to be edited.
column
Name column Displays the name for this Device Port. The name is system-generated by default, but you can edit this name by clicking in click in
this field.

Table 12: iSTAR Ultra IP-ACM Board RS-485 Tab Definitions (continued)
Device Ports 1 Select the check box in the Configured column for a Device Port and click the ellipsis located in the Edit column to open the
-2 iSTAR Device Port Editor General tab to configure the Readers and ACM extensions that are associated with the Device Port.
The Name column displays a name comprised of the Device Port and the iSTAR Controller name. You can click in this column to
edit the Device Port name.
IP-ACM iSTAR Device Port Dialog Box

Use the iSTAR IP-ACM Device Port dialog box to select the Protocol, select or configure the reader, and configure the
Inputs.
There are four protocols supported by the IP-ACM readers:

■ RM (Software House Reader Protocol): supported on RM readers, Touchscreen readers, RM modules, I8, and R8
modules.
■ OSDP (Open Supervised Device Protocol): supported on HID iCLASS SE readers and Allegion aptiQ readers.
■ Smart: supported on the Touchscreen reader.
Limitations
■ C•CURE 9000 only supports up to two readers (any combination of RM/Wiegand/OSDP/Smart readers)
connected to an IP-ACM v2.
■ Offline mode is not supported for Smart or RM readers connected to the IP-ACM v2.
■ One I8 input module and one R8 module may be assigned to each device port when the port is assigned as an
RM protocol.
To Configure the IP-ACM Readers, Inputs, and Outputs

1. On the General tab, select the Protocol from the drop-down menu.
If you select OSDP, you can select a supported Baud Rate. In most cases, the default, 9600 baud, is acceptable.
NOTE
2. Click the Reader tab to configure the readers.

3. Click in the Configured check box of the Reader you want to configure, and click Edit. The iSTAR Reader editor
opens. See the C•CURE 9000 Hardware Configuration Guide for more information on configuring readers.
4. Click the ACM ext tab to configure the inputs and outputs.
5. Click in the Configured check box of the Input/Output you want to configure, and click Edit.
6. Click Save and Close when done.
iSTAR Ultra IP-ACM Triggers Tab

The Triggers tab is used to configure Triggers, which are configured procedures for activating actions, to activate
Events or Outputs for an iSTAR device. A Trigger automatically executes a specified Action when a particular

Offline configuration
Condition occurs (when the object Property specified in the Trigger reports the Value specified in the Trigger).
For the iSTAR Ultra IP-ACM, you can create the IP-ACM High Latency Alarm Trigger for an iSTAR.
To Define a Trigger for an iSTAR Device

1. Click on the Triggers tab.
2. Click Add on the Triggers tab to create a new Trigger.
3. Click in the Property column and click the ellipsis to open the Property dialog box showing the Properties
available for the device.
4. Click the Property, which is the IP-ACM High Latency Alarm, in the list to select it and add it to the Property
column.
5. Select the Value check box to enable the trigger. When the check box is selected it is enabled, and clear is
disabled.
6. Click the Action column drop-down menu to display a drop-down list of valid actions. Click an Action, Activate
Event, that you want to include as a parameter for the trigger to add it to the column. When you select Activate
Event, the lower pane in the Triggers box displays Event.
7. Click the ellipsis in the Event field to select an event to associate with the property.
8. Click Save and Close to save the iSTAR Trigger.
iSTAR Ultra IP-ACM Status Tab

The Status tab displays a read-only listing of information about the operational status of the selected iSTAR Ultra IP-
ACM Board.
Table 13 on Page 24 provides definitions of the fields and buttons on the iSTAR Ultra IP-ACM Board Status tab.
Table 13: iSTAR Ultra IP-ACM Board Status Tab Definitions
Communication Status Unknown, Offline, or Online.
Firmware Version Processor firmware, such as 00.00.36.00008
IP Address The IP-ACM IP address.
High Latency Alarm Possible status values are True or False.
In Offline Mode, there is a limited level of access and control if communication is interrupted between the IP-ACM v2
and the iSTAR. The offline functionality of the IP-ACM v2 allows up to the last 1,000 previous card admits and/or a
specific personnel group of no more than 100. Offline Access stores a set of credentials in non-volatile memory on the
IP- ACM v2. Clearances are not downloaded to the IP-ACM v2 and are not stored.

Refer to the C•CURE Hardware Configuration Guide for more information regarding IP-ACM Offline Mode
Configuration. Offline mode is configured in C•CURE 9000 in the iSTAR Controller editor dialog box in the IP-ACMs
tab.
Card + PIN access is not supported in Offline Mode. Card,-only access with no PIN is supported.
Predefined credentials
Predefined credentials are downloaded from the iSTAR controller in the form of raw data, also called Static Card Data.
When the IP-ACM v2 is offline, access is granted when the predefined credentials, from the Static Card Data stored
on the IP-ACM v2, are presented to the readers.
The following restrictions apply to stored predefined credentials in offline mode:

■ Personnel groups configured for Offline Mode must all share the same card format and facility code.
■ Card formats supported are:
• Wiegand 26
• Wiegand 37
• Two-parity bit style formats
• 32-bit serial number type formats
■ The Offline Mode Personnel Group can only be configured or edited in C•CURE. Offline Mode Personnel Group
changes are sent to the IP-ACM immediately including deleting credentials, if necessary, if the iSTAR controller
and the IP-ACM are online. Any change in the Personnel Group deletes and recreates the IP-ACM static records.
Credentials last granted access

In Offline Mode, the IP-ACM v2 board admits cards that are among the last xxx previous admitted cards in addition to
a pre-defined personnel group.
■ A total of 1000 credentials (not personnel) for both previous admitted credentials and credentials in the personnel
group.
■ Maximum 100 personnel in the personnel group.
■ If you set the Personnel system variable Maximum Cards Per Person, then that value must be taken into
consideration.
Example:
If you set the Maximum Cards Per Person value to 3, then only 1000 - 100 x 3 = 700 is allowed in the Admit the last
admitted cards field for configuration.
Door configuration
In Offline Mode, all components of the door must come from the same IP-ACM v2 board.
NOTE Door configuration in Offline Mode does not support RS-485 wiring for readers.
In Offline Mode, you must configure the readers, inputs, and outputs on the IP-ACM v2 as detailed below:
■ A reader configured on Wiegand Port 1 as the entry reader.

Upgrading the IP-ACM v2 Firmware
■ A reader configured on Wiegand Port 2 as the exit reader.

■ An input configured on Input 1 as the DSM (Door State Monitor).
■ An input configured on Input 2 as the REX (Request to Exit).
■ An output configured on Output 1 as the Door lock.
• Door configurations not complying with the above restrictions may result in unexpected operation between online and offline
NOTE modes. However, any of the above readers, inputs, or outputs may be omitted from the door. See the following note about not
using these reader, inputs, or outputs for other purposes.
• If the readers and inputs/outputs are configured for a different purpose in C•CURE, the Offline Mode door controller uses them
for the door control function listed above, even if they are not configured for the door in C•CURE.
The door operation parameters are fixed when the IP-ACM v2 goes into offline mode and cannot be changed. The door
parameters revert to their configured settings when the IP-ACM v2 goes back online.
Offline fixed parameters:

■ Shunt time: 10 seconds
■ Unlock time: 5 seconds
■ Relock delay time: ½ second
■ Debounce time: ½ second
■ Unlock on RTE: Enabled
■ Shunt on RTE: Enabled
■ DSM shunted full shunt time: Disabled
■ Delay Relock full shunt time: Disabled
Upgrading the IP-ACM v2 Firmware

To Upgrade the IP-ACM v2 Firmware to version 04.01.00.30093 or Higher:
1. Power on the IP-ACM v2. Ensure the Ethernet cable is plugged into a port that does not require authentication.
2. Configure the IP-ACM v2 to connect to the controller.
3. Connect to the IP-ACM Status/Control web page:
a. Enter the IP address.
b. Enter the IP-ACM v2 password and click Login.
NOTE: The default case-sensitive login password is iSTAR.

NOTE
4. Wait for the IP-ACM v2 to download the new firmware and Reboot.

4
Chapter 4 - IP-ACM Web Page Configuration
IP-ACM Configuration/Status Web Page

You can view or edit IP-ACM configuration in the IP-ACM Configuration/Status Web Page.
Accessing the IP-ACM Status/Control Page

1. Enter the IP address in a browser. In the ICU, click IP-ACM and right-click on the IP-ACM, which is identified by
its IP address or MAC address, and select Configure IP-ACM. The IP-ACM log in page opens.
NOTE certificate”, click Continue to this website (not recommended).
2. Enter the password in the IP-ACM Status/Control Web Page login screen and click Login.
The default case-sensitive log in password is "iSTAR".

NOTE If you change the Diagnostic Web Page Password in the C•CURE 9000 System Variables iSTAR Driver settings, that password
applies to all IP-ACMs in the network.
The IP-ACM Configuration/Status Web Page appears. See Table 14 on Page 28 for more information about the
fields of this web page.
3. Click Save. Saved settings do not take effect until the system is rebooted.
4. Click Reboot for changes to take effect.
Ensure you click Logout on the IP-ACM Configuration/Status Web Page instead of exiting the browser through the X in the
NOTE upper-right corner so you can access this web page when you want to. If you close IP-ACM Status/Control Web Page from the X in
the upper-right corner and then re-open a new web page to the same URL, a message appears stating that the IP-ACM session is
currently locked by the IP Address of the machine where you closed the web page. The locked session times out after being idle for
five minutes. You can then try accessing the URL again.

IP-ACM Configuration/Status Web Page
Table 14: IP-ACM Configuration/Statusl Web Page Field and Buttons
Refresh Refreshes the page without saving changes.
Reboot Applies the configuration.

If you changed the IP address, the IP address may change after you click Reboot.
Logout Exits the page.
Save Saves the settings, but does not apply them until you click Reboot, except when changing the iSTAR IP Address.
If you change the IP Mode (IPv4, IPv6) you must Save and Reboot.
Address Configuration
IP-Type Select IPv4 or IPv6.
Alloc Type The type of network connection used, DHCP or Static.

• IPv4: select Static or DHCP. If you select Static, enter the IP-ACM Netmask, IP-ACM Gateway, and IP-ACM DNS
(Domain Name Server).
• IPv6: select Static or DHCP. If you select Static, enter the IP-ACM address and the IP-ACM Prefix length.
iSTAR IP Addr The IP Address of the iSTAR to which the IP-ACM is configured.
NOTE: This field is 0.0.0.0 if the IP-ACM is not configured on an iSTAR.
802.1X Configuration
See 802.1X port-based authentication configuration on Page 29.
Auth Type • Disable. The default setting.

• TLS
• PEAP
Anon User Enter the Supplicant ID.

(PEAP)
Identity (TLS)
Password Enter the password.

(PEAP)
Private Key Enter the Private Key Password.

Password (TLS)
CA Cert (TLS Browse to the location of the certificate and click Open to select it.
and PEAP)
ACM Cert Browse to the location of the certificate and click Open to select it.
ACM Private Key Browse to the location of the ACM Private Key and click Open to select it.
Upload Click to upload the settings. 802.1X settings do not take effect until the next reboot.

802.1X port-based authentication configuration
Table 14: IP-ACM Configuration/Statusl Web Page Field and Buttons (continued)
Status (Read Only)
Includes the above configuration information in addition to the following:
Connection The IP-ACM v2 connection status to the iSTAR.

Status • Displays Connected if the IP-ACM v2 is communicating with the iSTAR.
• Displays Down if the IP-ACM v2 is not communicating with the iSTAR.
FW Rev The IP-ACM v2 firmware version.
Offline Access • Displays Active if the IP-ACM v2 is not in contact with the host. In this mode, the IP-ACM v2 uses its own database.
Mode • Displays Inactive if the IP-ACM v2 is in contact with the host.

802.1X is a port-based authentication. Credentials, such as user name and password or digital certificate, are
forwarded to the authenticator. The authenticator then forwards the credentials to the authentication server for
verification. If the authentication server determines the credentials are valid, access resources located on the
protected side of the network are allowed.
■ 802.1X is supported on IP-ACM v2.
■ 802.1X is disabled by default.
■ EAP-TLS authentication and EAP-PEAP authentication with MSCHAPv2, MD5, or GTC are supported.
■ Factory reset clears the 802.1X configuration and sets 802.1X back to disabled.
Prerequisites
■ An Internet browser with JavaScript and cookies enabled.
■ IP-ACM v2 firmware version 04.01.00.30093, or greater.
■ A configured network switch with 802.1X capability.
• Port control enabled:
— Set the ports to be authorized to avoid authentication.
— Set the ports to auto to automatically detect port status for authentication.
■ A Radius Server running on the network.
■ You need to know the location of the following files generated by the Radius Server configuration:
• User Certificate
• CA Certificate
• Private Key
• Authentication password

Configuration
To configure the IP-ACM v2 to use 802.1X authentication:

1. Ensure that the Ethernet cable is plugged into a port that does not require authentication.
2. Connect to the IP-ACM v2 Status/Control web page. You must prefix the IP address with HTTPS://. The ICU
automatically adds the IP address prefix.
3. Click in the radio button to select the authentication type, PEAP or TLS. The fields change depending on the
authentication type selected.
• Disabled: 802.1X is disabled.
• TLS requires Identity, Private Key Password, CA, Client Cert, and Private Key.
• PEAP requires Anon Identity, Identity, Password, and CA.
• Anon Identity can be any string you want.
4. Complete the required fields with the appropriate values.
a. The sum of the sizes of all files uploaded must be less than 10K. The web page does not accept any
configuration where the sum of the file sizes is greater than 10K.
b. The suggested file type for certificates is: .pem.
c. The suggested file type for private keys is: .key.
5. Click Upload to upload the 802.1X configuration settings.
6. Click Reboot at the top of the page.
7. Move the Ethernet cable of the IP-ACM v2 to the port that requires authentication.
a. If the cable is not moved, the IP-ACM v2 retains network access even when it's configured for 802.1X.
b. Once plugged into the required port, the IP-ACM v2 attempts to authenticate.
8. Check the radius server to ensure that the IP-ACM v2 is authenticated.
a. If authentication fails due to an invalid configuration, move the Ethernet cable back to a non-authenticated port
and re-configure the 802.1X settings that confirm to the radius server.
b. A factory reset disables 802.1X and removes all configuration information.
9. The IP-ACM v2 firmware version can be verified by accessing the IP-ACM Status/Control page by entering the IP
address of the IP-ACM into a browser address bar.

Software House IP-ACM Ethernet Door Module v2: Installation and Configuration Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Software House IP-ACM Ethernet Door Module v2: Installation and Configuration Guide

Uploaded by

Copyright:

Available Formats

Software House

IP-ACM Ethernet Door Module v2

Installation and Configuration Guide

PART NUMBER: 8200-1466-02

Canadian Radio Emissions Requirements

FCC Digital Device Limitations

Radio and Television Interference

Chapter 1 - Overview and Introduction 1

Chapter 2 - Site Requirements and Installation 7

Chapter 4 - IP-ACM Web Page Configuration 27

Chapter 1 - Overview and Introduction

The maximum number of readers can be accomplished as follows:

The IP-ACM Ethernet Door Module v2 supports the following features:

■ Four supervised Inputs and two Outputs

IP-ACM Ethernet Door Module v2 Chapter 1 1

Part Number Description

IP-ACM2A-MB IP-ACM V2, 2 Reader, board only

IP-ACM2A-EM IP-ACM V2, 2 Reader in metal enclosure

IP-ACM2A-EP IP-ACM V2, 2 Reader in plastic enclosure

IP-ACM2-CAN IP-ACM metal enclosure without board

IP-ACM2-CAN-P IP-ACM plastic enclosure without board

IP-ACM2A-MB-5PK IP-ACM V2, 2 Reader, board only five pack box

IP-ACM v2 Ethernet Door Module features

2 Chapter 1 IP-ACM Ethernet Door Module v2

Switches and jumpers

Table 2 on Page 3 describes the positions of switch SW1.

SW1-1 OFF: Normal Operation

SW1-2, SW1-3, and SW1-4 Not used. Must be in the OFF position.

SW2 used for factory reset

1. Switch the position of the rotary switch SW2 to position D.

Ports and connectors

Specific requirements for the second RJ45 port are:

IP-ACM Ethernet Door Module v2 Chapter 1 3

■ 10/100 speed (Gigabit Ethernet not provided)

4 Chapter 1 IP-ACM Ethernet Door Module v2

Figure 3: Full duplex and half duplex wiring

Normally Closed (NC) when the enclosure is secure.

Output Relay Wet or Dry Jumpers

■ 12 VDC Wet sourced from Jumper 1 to 2

IP-ACM Ethernet Door Module v2 Chapter 1 5

Figure 4: Wet/Dry Relay Jumper

Readers and accessory modules

6 Chapter 1 IP-ACM Ethernet Door Module v2

Chapter 2 - Site Requirements and Installation

Requirements and Specifications

IP-ACM Ethernet Door Module v2 Chapter 2 7

ELECTROSTATIC SENSITIVE DEVICES:

FOR BURGLAR ALARM INSTALLATIONS:

8 Chapter 2 IP-ACM Ethernet Door Module v2

IP-ACM Ethernet Door Module v2 power and wiring requirements

Signal Power Requirements To AWG Shield Maximum Length

RS-485 Comm, RM & I/O modules 22 Yes 4000ft (1212m)

RJ45-Ethernet Level 3 Switch, Hub, or CAT-5E No 328ft. (100m)

Request to Exit Switch Contact 22/18 No 2000ft. (606m)

Door State Switch Contact

Supervised Input Input 22 Yes 2000ft. (606m)

Reader Data 4 Proximity/Wiegand 22 Yes 200ft. (60.96m)

Wet Relay 12 or 24Vdc (jumper 2000ft. (606m)

Dry Relay 0 to 30Vdc , 5A max. NO, 2000ft. (606m)

IP-ACM Ethernet Door Module v2 Chapter 2 9

Signal Power Requirements To AWG Shield Maximum Length

Local Power 12 or 24Vdc 25.5W P1 18 No Maximum length depends on

Ambient temperature rating 32° to 120° F (0 to 49°C)