Reader Expanders

• Ethernet Card Data AES Encryption Key: Salto SALLIS and Aperio cards can be encoded with site/card information via the ICT Encoder Client.

  This field defines the decryption key for locks connected to the ethernet network so that Protege X can decrypt data from these cards.

  This option applies to the ethernet implementation of SALLIS only.

  For more information, see the relevant application note for your integration.

• Offline Operation: This field defines what user access the reader expander will allow when it loses connection with the controller. The options are:

  • No Users: The reader expander will not grant access to any users.

  • Any Card: The reader expander will grant access to any card that can be read.

    This will allow anyone with a card in the correct format to gain access to the door, even if the card is not programmed in the system.

  • First 10 Users Plus Cache: When this option is enabled the reader expander will store a specific number of cards and grant access to those cards when it is offline.

    All other cards will be denied access.

    • The reader expander will grant access to the first 10 users downloaded to the controller. These are the first 10 users by database ID with access to anything on the controller, regardless of whether they have access to the doors on this expander. Only the first programmed card will be recognized.
    • In addition, the reader expander will store the most recent 150 cards which have gained access at this expander. These users will have access to both doors, regardless of their normal level of access.

  When the reader expander is offline, each time access is granted the reader will beep four times. PIN use is not supported by offline reader expanders, and all doors will allow card only access.

• Physical Address: The network address of the module on the controller network. Connected expander modules can be addressed with the controller's Module Addressing function.

  The maximum physical address available for reader expander modules is 64.

• Port 1/2 Network Type: These fields determine how each reader port will operate (i.e. what kind of data it will send and receive). The options are:

  • ICT RS485: Used for card readers wired in RS-485 configuration (recommended).

  • OSDP: Used when connecting OSDP readers. For more information, see Application Note 254: Configuring OSDP Readers in Protege.

  • Aperio: Used to connect up to 15 Aperio communication hubs via RS-485, which can control up to 60 wireless locks (configured as smart readers).
  • Salto SALLIS: Used to connect a SALLIS RS-485 router, which can control up to 16 wireless locks (configured as smart readers).
  • Allegion: Used to connect Allegion PIMs (supporting up to 16 wireless locks) or wired locks.

  • Third Party Generic: This option is currently not supported.

  • Wiegand: Used for any standard Wiegand reader.

• Ethernet Network Type: When this reader expander record is used for the controller's onboard reader expander you can set the function of the ethernet port here. This is used when a third-party system is sending reader data to the controller.

  The options are:

  • Disabled: The ethernet port is not used for reader data. This does not affect the controller's connection to the IP network.
  • SALLIS: Used to connect a SALLIS POE router, which can control up to 64 wireless locks (configured as smart readers). Smart readers are required to configure door control.
  • Third Party Generic: Allows you to connect custom data sources to the controller for use as readers, via the IP network. Any data input that can be configured as a credential type can be used, along with a smart reader to configure door control.
• SALLIS Router IP: When the Ethernet Network Type above is set to SALLIS this field defines the IP address used to communicate with the SALLIS router.

• Ethernet Port:

  • When the Ethernet Network Type above is set to SALLIS this field defines the port used to communicate with the SALLIS router.
  • When the Ethernet Network Type above is set to Third Party Generic this field defines the TCP/IP port which the controller will communicate over. This port is used by smart readers to receive data from third-party 'readers'.

  If the controller needs to listen on multiple ports for different data sources, enter the command SmartReaderPortOffset = true in the Commands field below. The port used by each smart reader corresponds to the Ethernet Port plus the Configured Address in the smart reader programming.

• Multiple Reader Input Port 1/2: When the Port 1/2 Network Type is set to Wiegand, select these options to enable multiple reader processing for each reader port. This allows you to connect two readers to the specified reader port to act as entry and exit readers.

  • When these options are disabled the reader port will only process a single connected reader.

  This setting is not required for RS-485 connections. For wiring instructions, see the relevant installation manual.

• Virtual Module: Enable this option to register the module as a virtual module. Virtual modules act as placeholders in the system, allowing you to program virtual inputs and outputs for use with programmable functions and other advanced features.

• Invert Device Tamper: When this option is enabled the module's tamper input will be inverted. This should be enabled when the tamper switch has a normally open configuration.

• This field is used to send programming commands to the device. It should only be used when specifically advised by ICT documentation or technical support.

• Reader 1/2 Format: This field defines the type of data the reader port will receive from the connected readers. Protege reader expanders support a wide variety of publicly available protocols, as well as some special protocols. Any 26 or 37 bit reader that conforms to the standard format specification will function with the reader expander.

  Ports on reader expanders also support custom credentials provided by third-party devices:

  • The Custom Format option uses the format programmed in Controller Records | Controllers | Custom Reader Format.
  • The Custom Credential option uses a credential type programmed in Credential Types. The credential type used is determined by the door type.

• Reader 1/2 Location: For Wiegand readers the location informs the reader expander whether the connected reader is installed at the entry or exit side of the door. This is only relevant when the Port 1/2 Network Type above is set to Wiegand. For RS-485 connections the reader address configuration is used to determine location.

  When multiple readers are connected to a port in Wiegand configuration the reader that is wired to the secondary port is always counted as the exit reader.

• Reader 1/2 Mode: Each reader port can be configured for one of the following operation modes:

  • Access: Controls access through a door. Set the Reader 1/2 Door as required. This mode should also be used for controlling an elevator call button.
  • Elevator: Controls floor access in an elevator car. Set the Reader 1/2 Elevator as required.

  • Area Control: Controls area arming and disarming only. Set the Reader 1/2 Area Control Area as required.

    • In this mode the card reader will accept either card or PIN credentials. Users with appropriate permissions can arm the area using the method defined in Reader 1/2 Arming Mode, and disarm the area by entering their credentials once (when the Disarm Area For Door On Access option is enabled).

    Reader ports used for door access can also be used for area control by setting the Area Inside Door and Area Outside Door (Programming | Doors | General).

• Reader 1/2 Door: When the Reader 1/2 Mode is set to Access this field defines the door that is controlled by this reader port. The same door may be controlled by more than one reader port (entry and exit).

• Reader 1/2 Keypad Type: The reader port supports a number of different PIN pad formats connected in Wiegand configuration.

  When configured for RS-485 operation only the ARK-501 and LCD keypad options are supported.

  • LCD Keypad: This option allows you to associate an LCD keypad module with this reader port (the Reader 1/2 Keypad to use for PINs below). When a user badges at the reader the keypad will prompt them to enter their PIN and press the [FUNCTION] key to unlock the door.

    To unlock the door the user must not press [ENTER] after entering their PIN. The [FUNCTION] key must immediately follow the PIN code. If the user presses [ENTER] the keypad will log them in (see below).

    In addition, this option allows you to use two factor authentication for keypad access. This is required when Keypad Login Requires Card (Controller Records | Keypads | Options 2) is enabled. When the user badges their card they can enter their PIN and press [ENTER] to log in to the keypad.

  • ARK-501: The standard Motorola® format used by ICT card readers. Each keypress is encoded as 8 bits of data, with the first 4 bits inverted from the remaining 4. The user must press the [ENTER] or # key to complete the PIN.

  • 26 Bit Site 0: 26 bit Wiegand format used by a PIN pad connected in parallel with the reader. The PIN pad data has a site code of 0.

    PIN codes cannot begin with 0. The maximum PIN for this format is 65535.

  • 36 Bit IEI Site 0: 36 bit Wiegand format typical of an IEI keypad, which can be set to decode PIN codes from 0-999999

    PIN codes cannot begin with 0. The maximum PIN for this format is 999999.

  • 4 Bit: 4 bits of data for each keypress.
  • 4 Bit Parity: 4 bits of data plus a parity bit for each keypress.
  • 4 Bit Buffer: 4 bits of data per keypress. The data is buffered and sent only when the user presses the [ENTER] or # key to complete the PIN.
  • 4 Bit Buffer and Parity: 4 bits of data plus a parity bit for each keypress. The data is buffered and sent only when the user presses the [ENTER] or # key to complete the PIN.

• Reader 1/2 Keypad to use for PINs: If the Reader 1/2 Keypad Type above it set to LCD Keypad this keypad can be used for PIN entry at the door.

• Reader 1/2 Arming Mode: The function set in this field allows users to arm areas or control outputs by entering their credentials at the card reader. All credentials required by the door type must be entered each time. The reader will beep twice to signal that the function has succeeded.

  The options are:

  • Arm Area On 2 Reads: Users can enter their credentials twice to arm the associated area.

  • Read And REN Input Of Port: Users can hold input 4 (for reader port 1) or input 8 (for reader port 2) and enter their credentials to arm the associated area.

    If input 4/8 is monitored by the area that is being armed, arming may fail because the input is open. To prevent this ensure that Exit Alley Input Do Not Test It is enabled in the input type (Programming | Input Types | Options 1).

  • Arm Area On 3 Reads: Users can enter their credentials three times to arm the associated area.
  • Toggle Function Output On 3 Reads: Users can enter their credentials three times to toggle (on/off) the function output or output group.

  • Activate Function Output On 3 Reads: Users can enter their credentials three times to activate the function output or output group.

    The output(s) will not be deactivated by this function.

  When the Reader 1/2 Mode is set to Access the entry reader controls the Area Inside Door and the exit reader controls the Area Outside Door (set in Programming | Doors | General).

  When set to Area Control both readers control the Reader 1/2 Area Control Area below.

  For output control options, both readers control the Reader 1/2 Function Output/Output Group.

  The user must have Enable Multi-Badge Arming enabled in Access Levels | General (regardless of whether the function is area or output control). If inputs in the area may be open, Always Force Arm Using Card Reader may be enabled in Programming | Areas | Options 2.

• Reader 1/2 Area Control Area: When the Reader 1/2 Mode is set to Area control this field sets the area that is controlled by this reader port.

• Reader 1/2 Elevator: When the Reader 1/2 Mode is set to Elevator this field sets the elevator car that is controlled by this reader port.

• Reader 1/2 Secondary Format: The secondary reading format is used when the reader expander cannot decode a card read using the primary format. This option is useful for sites with multiple card types in use.

  For more information on available formats, see Reader 1/2 Format above.

• Reader 1/2 Function Output/Output Group: This output or output group can be activated when the user enters their credentials multiple times, based on the Reader 1/2 Arming Mode above.

• Reader 1/2 Dual Authentication Pending Output: This output is activated when the first user enters their credentials at a door which requires dual authentication. It is deactivated when the Reader 1/2 Dual Authentication Wait Time below expires or the second user enters their credentials.

  For doors connected to the controller's ethernet port, use the command DualAuthOutputEth = #, where # is the Database ID of the output.

• Reader 1/2 Dual Authentication Wait Time: When a door is configured to require dual authentication the reader expander will allow this duration after the first user enters their credentials. The second user can enter their credentials during this period to unlock the door. If this period expires the door will not unlock and the process must be restarted.

  For doors connected to the controller's ethernet port, use the command DualAuthTimeEth = #, where # is the wait time in seconds.

  Dual authentication settings are configured in Programming | Door Types | Options.

• Allow Reading Opened/Unlocked: When this option is enabled (by default) the reader expander will process card reads even when the door is already open or unlocked. This is useful for correct operation of antipassback, time and attendance, muster reports and area control, as it allows users to register at the door even when it is already open or unlocked.

  When this option is disabled, any card reads received when the door is unlocked or open will not be processed and no events will be generated.

• Send Format Errors: When this option is enabled the reader expander will send detailed information to the controller if it reads a card with a format error. Format errors include bit count, byte count, parity, checksum and LRC calculation failures. This information will appear in the event log.

  The Log Reader Events option must also be enabled.

• Intelligent Reader Tamper Mode: ICT card readers offer intelligent reader tamper operation. When this feature is enabled in both the reader and the reader expander, the card reader will check in with the reader expander every 30 seconds. When the connection is lost the Reader 1/2 Tamper/Missing trouble input is opened to generate a tamper alarm.

• Card Data AES Encryption Key: Salto SALLIS and Aperio cards can be encoded with site/card information via the ICT Encoder Client.

  This field defines the decryption key for locks connected to this reader port so that Protege X can decrypt data from these cards.

  This option applies to the RS-485 implementation of SALLIS only.

  For more information, see the relevant application note for your integration.

The options below are used to define the structure of generic serial data being sent to the reader port. This can be used for third-party readers and other devices.

This section is only displayed when the Port 1/2 Network Type is set to Third Party Generic.

• Reader 1/2 Baud Rate: The rate at which generic serial data is transferred between the third-party device and the reader expander.

• Reader 1/2 Parity: The method of calculating the parity for the block of generic serial data. This can be even, odd or none.
• Reader 1/2 Stop Bits: The stop bits for generic serial data. This is either 1, 1.5 or 2.
• Reader 1/2 Inter-Byte Time Out: This field defines the time allowed between receiving bytes of generic serial data.
• Reader 1/2 Log Invalid Data Received: Enable this option to allow the reader expander to log detailed information about any invalid data packets received from a generic third-party reader.

• Disarm Area For Door On Access: When this option is enabled the associated area will be automatically disarmed when a user enters valid credentials, provided the user has access to disarm the area.

  • When the reader is used for door control the area behind the door will be disarmed.
  • When the reader is used for area control the control area set above will be disarmed.

• Allow Access When Area Armed: When this option is disabled (by default), users can be denied access to a door when the area behind it is armed. They will only be allowed access if they have the ability to disarm the area.

  • This option can be enabled to allow users through any door they have access to regardless of the area status.

    Be aware that this can easily cause false alarms as users will be able to enter areas that they cannot disarm.

• Disarm Users Area On Valid Card: This option allows users to disarm a personal area when they gain access at the reader. For example, this could be used to allow a single reader to service a row of personal offices which users can arm and disarm individually.

  The User Area is assigned in Users | General. The user must have this area available in Access Levels | Disarming Area Groups.

• Log Reader Events: Enable this option to allow the reader to send format error information to the controller (with the Send Format Errors option enabled above). Other reader events are always sent to the controller.

• Activate Access Level Output: When this option is enabled the output or output group assigned to the user's access level will be activated when the user gains access to the door.

  The outputs are assigned in the Outputs or Output Groups section of the user's Access Levels.

  The Reader Access Activates Output option must be enabled in Access Levels | General, and further configuration is available there.

• Display Card Detail When Invalid: When this option is enabled (by default) the reader expander will send the details of any unrecognized card (facility and card number) to the controller. The event log will display a 'Read Raw Data' event, which can be used to identify unassigned cards to assign to users.

  • When this option is disabled the card data will not be saved and a 'Card Not Found' event will be displayed in the event log.

• Arm Users Area: This option allows users to arm a personal area at the card reader on this reader port. For example, this could be used to allow a single reader to service a row of personal offices which users can arm and disarm individually.

  The action the user must take to arm the area depends on the Reader 1/2 Arming Mode setting above.

  The User Area is assigned in Users | General. The user must have Enable Multi-Badge Aarming enabled in Access Levels | General.

• Enable Enhanced Smart Reader Outputs: This feature is used when the readers are wired in RS-485 configuration. The reader expander's BZ, L1 and L2 outputs are not used to control the beepers and LEDs on RS-485 readers, but by default they are reserved and cannot be used. You can enable enhanced smart reader outputs to 'free up' these physical outputs for other functions and gain independent control over the outputs on the RS-485 reader itself.

  This feature is not related to the smart readers that can be programmed in Smart Readers.

The options below determine the operation of the reader expander when it is offline with the controller. They have no effect on online behavior. Note that no events will be recorded while the expander is offline.

• Door Sense Enabled: When this option is enabled the reader expander will process door sense functions from input 1 (port 1) or 5 (port 2) while it is offline.

• Bond Sense Input Enabled: When this option is enabled the reader expander will process bond sense functions from input 3 (port 1) or 7 (port 2) when it is offline.

• REX Enabled: When this option is enabled the reader expander will process REX functions from input 2 (port 1) or 6 (port 2) when it is offline. This can be used to unlock the door without credentials when the expander is offline.

• REN Enabled: When this option is enabled the reader expander will process REN functions from input 4 (port 1) or 8 (port 2) when it is offline. This can be used to unlock the door without credentials when the expander is offline.

• Enable Beam Function On Input 3/7: When this option is enabled the reader expander will process beam sense functions from input 3 (port 1) or 7 (port 2) when it is offline.

  The Door Sense Enabled option must also be enabled.

• Invert Door State Control: With this option enabled the door sense input (input 1 or 5) will be inverted when the reader expander is offline.

• Invert Sense State Control: With this option enabled the bond sense input (input 3 or 7) will be inverted when the reader expander is offline.

• Invert REX Input: With this option enabled the REX input (input 2 or 6) will be inverted when the reader expander is offline.
• Invert REN Input: With this option enabled the REN input (input 4 or 8) will be inverted when the reader expander is offline.

• Always Allow REX: When this option is enabled an offline reader expander will always process REX and unlock the door, even when the door is already open.

  For online operation, see the equivalent option in Programming | Doors | Inputs.