U-PROX IP400 Access Control System Controller

Controller Description

The U-PROX IP400 controller is a device designed for managing access to residential and industrial premises, as well as for recording passage times and events. It is supplied in a housing that includes a power supply unit and operates with two readers connected via the Wiegand interface.

The U-PROX IP400 processes information from readers and uses four relays to switch actuating devices (e.g., locks, sirens). It features eight additional inputs for monitoring security zones with current control. The controller can operate autonomously or as part of a network, using an Ethernet interface to interconnect controllers in an Access Control System (ACS).

Network settings can be programmed and firmware updated via a standard USB port (micro USB B). The controller is powered by a 12V source.

Purpose of the Device

The U-PROX IP400 controller is intended for use in access control and management systems (ACS) of various scales, from small offices to large enterprises. In an ACS, controllers are networked together via a computer network.

It enables the organization of access to two separate premises or a single premise with control over both entry and exit. It can also be installed to manage an alarm system for premises associated with access points. The "Anti-passback" function is provided when both entry and exit of a space are controlled simultaneously.

Controller Construction and Diagram

The controller unit comprises:

• 1. Device housing
• 2. Housing doors
• 3. Tamper (opening sensor)
• 4. Controller unit
• 5. Power supply unit

The controller board features a layout of jumpers, buttons, and removable terminal blocks with connectors for various functions. Key connection points include inputs for readers (Wiegand interface), Ethernet, RS-45, USB, and power.

Contact Assignment

The controller provides numerous contacts for connecting various devices and sensors. These include inputs (Z1-Z8), common ground (GND), relay contacts (NC, NO, C for Relays 1-4), and specific connections for reader 1 (1BZ, 1GN, 1RD, 1D1, 1D0, +12V) and reader 2 (2BZ, 2GN, 2RD, 2D1, 2D0, +12V).

Additional connections include power inputs (E+, GND), battery status (ACG), mains power (PWG), tamper sensor (TMP), factory reset (FACT), access request buttons (BUT1, BUT2), and a USB Micro B port for configuration and updates.

Audio-Visual Indication

Controller Indications

The indication of access modes is performed by the controller's readers, which can be individually configured via ACS software using combinations of sound and light indications.

Controller Operation

Controllers are shipped with factory settings, indicated by the controller's yellow LED blinking once per second. For ACS operation, network settings must be loaded using the "Configurator" software. It is recommended to install supplied resistors on all controller inputs.

After settings are loaded and inputs are intact, the controller enters "Normal" mode. The controller can manage two independent access points, each configurable in one of four modes: "Normal", "Alarm", "Lockout", and "Free Passage". "Free Passage" has the highest priority, followed by "Lockout", "Alarm", and "Normal".

"Normal" Mode

This is the primary operating mode where the controller grants or denies access based on identifier presentation.

Access on Presentation of an Identifier

Presenting a registered contactless identifier to the reader allows entry if access is permitted. The controller activates the actuating mechanism (e.g., door lock).

Access on Presentation of an Identifier and PIN Code

If a PIN code is required, the user enters it via the reader's keypad. Correct entry unlocks the door and grants access.

Access via an Access Request Button (Remote Door Opening)

An access request button can be used for exit from single-sided access points or for visitor entry. Pressing and releasing the button opens the access point.

Access Denial on Presentation of an Identifier

Access may be denied for several reasons, including:

• Controller in unprogrammed state
• Card not registered
• Card validity period expired
• Access prohibited by schedule
• "Anti-passback" function active during re-entry attempt
• Identifier registered as lost or blocked
• Controller in "Alarm" or "Lockout" mode
• Temporary card validity period not yet begun
• Visitor's temporary card passage counter exhausted

"Alarm" Mode

An access point enters "Alarm" mode due to unauthorized entry, tampering, lost identifier presentation, prolonged door open time, or identifier selection activation. In this mode, ALARM and SIREN outputs are activated. Passage is blocked, and the door can only be opened via an exit request button. "Alarm" mode can be deactivated by a specific identifier or computer command.

"Free Passage" Mode

This mode is used for situations requiring free passage, such as fire or earthquake emergencies. It can be activated by an operator command or a break in the designated FREE PASSAGE cable. The lock remains open continuously. This mode is useful for tracking personnel presence during emergencies.

When using mechanical locks, the controller monitors door status and re-activates the lock after closure. Using an "impulse" output type for unlocking without a door contact is not recommended, as it may prevent opening without an identifier.

"Lockout" Mode

This mode blocks access for all system users, except for identifiers with the "Security Service" attribute. Access cannot be gained via the exit request button. "Lockout" mode is activated by a computer command or a break in the LOCKOUT cable.

Usage Options and Operating Modes of the Outputs

Controller outputs can be programmed for various uses like controlling locks, sirens, alarms, or as programmable outputs. Operating modes include continuous, impulse (timed activation), trigger (event-based activation), and manual.

Operation of Identifiers (Cards)

Code (Electronic Card Code)

Each card has a unique 10-digit hexadecimal code assigned during manufacturing.

PIN Code

An optional six-digit decimal PIN code can be used with readers featuring a keypad for enhanced security.

Validity Period

This indicates the expiration date of the card's validity.

Alarm Cancellation

A card designated for alarm cancellation can deactivate an alarm state. Presenting a card without this right maintains the current state.

Security Service

This attribute grants access through locked doors, even in "Lockout" mode. Regular cards are denied in "Lockout" mode, while cards with "Security Service" are granted access.

VIP

VIP cards allow access at all times and in all areas, except in "Lockout" mode. They can have custom schedules and are not subject to anti-passback or validity restrictions.

Anti-passback Disabled

This setting allows access irrespective of the previous passage direction, subject only to the assigned schedule and other card attributes.

Operation of the Communicator

The U-PROX IP400 controller operates in automatic mode, enforcing access rules based on loaded server data and sending event notifications to the ACS server. The communicator works in notification mode, transmitting data upon events like passage or zone violations.

The controller connects to a computer network via Ethernet, supporting both local network and Internet operation for distributed access control systems.

Network Diagram Description

The system can be configured via auto-configuration or manually using the "Configurator" software. This ensures devices are assigned IP addresses (static or DHCP) and can operate with IP or DNS addresses for the ACS server. It supports Internet operation with redundant Internet paths.

The controller enforces access rules and sends notifications. It ensures network security through 256-bit encryption and serial number verification.

Local Network Operation Algorithm

1. Upon power-up, the controller checks DHCP status or static IP.
2. If DHCP is enabled, the dynamic IP assignment procedure starts.
3. IP address status is periodically updated.
4. ACS server and U-PROX IC A controller availability is determined.
5. Periodic test signals are sent.
6. Access events are transmitted.
7. The controller waits for commands.

Internet Network Operation Algorithm (Local Wired Network)

1. Upon power-up, the controller checks DHCP status or static IP.
2. If DHCP is enabled, the dynamic IP assignment procedure starts.
3. IP address status is periodically updated.
4. Internet access possibility is determined.
5. ACS server and U-PROX IC A controller availability is determined.
6. Periodic test signals are sent.
7. Access events are transmitted.
8. The controller waits for commands.

Auto-Configuration of Controllers in a Peer-to-Peer Network

Using standard network protocols like DHCP, the "plug-and-play" principle simplifies deployment. The auto-configuration mode for server address is used when no ACS server address is set. The device broadcasts its presence, the operator is notified to add it to the database, and the server address is stored. If the server address changes, the device re-auto-configures. Binding can be canceled by resetting to factory settings.

Note: This broadcast is limited to peer-to-peer local networks. For complex topologies, the ACS server's IP address must be set manually.

Global Anti-passback

The U-PROX IP400 controller can function within a global anti-passback system. A master controller tracks personnel location based on passage data from IP400 controllers. Global anti-passback is zone-based, where entering a new zone is considered an exit from the previous one.

Initially, an employee's location is "Undefined". After the first identifier presentation, their location is recorded. The "Undefined" status is assigned during new employee registration or via a "General Location Reset" command.

This system helps prevent repeated passages, card duplication, unauthorized entry, and identifier sharing.

Anti-passback Scenarios

The system manages personnel location across different zones. For example, it tracks movements between zones. If communication is lost, doors are forced open, or doors switch to free passage, access zones may be grouped. When communication is restored, zones are separated, and personnel location is updated by subsequent identifier presentations.

If communication with the U-PROX IC A controller is lost, U-PROX IP400 controllers can either block all access or grant access based on locally stored location data.

Requirements for Configuring the U-PROX IC A Controller

The controller must have a static (fixed) IP address.

Requirements for Configuring U-PROX IP400 Controllers

• Only controllers with double-sided doors participate in global anti-passback.
• The first ACS server address must be the U-PROX IP server software address.
• The second ACS server address must be the U-PROX IC A controller address.
• The ACS must have "General" anti-passback mode enabled.
• The access controller must specify the master anti-passback controller and its reaction to communication loss.

U-PROX IP400 controllers send notifications to two addresses simultaneously: the ACS server for storage and the U-PROX IC A controller for access decisions. Access granting or denial may have a delay of up to 1 second.

Operating Procedure for the Device

The controller is supplied in a metal housing with its power source. The overall dimensions are detailed in the accompanying technical drawings.

Mounting Recommendations

The controller should be installed in an accessible location for maintenance. To mount on a wall:

• Open the housing cover.
• Hold the housing against the intended mounting location and mark drill holes.
• Run cables through the housing wall holes.
• Secure the controller housing.
• Connect the cables.

Connection Procedure

1. Perform initial configuration (network parameters) via USB using the "Configurator" utility.
2. At the installation site, mark and drill necessary holes.
3. Run cables from the power supply unit if required.
4. Connect the cable from the actuating device (lock).
5. Install external readers and connect their cables.
6. Run cables from sensors/buttons.
7. Connect the Ethernet cable.
8. Route installation cables within the wall.
9. Mount and secure the controller housing.
10. Connect wiring for power supply, lock, reader, and controller inputs as specified.
11. Connect the Ethernet cable.
12. Close the cover and secure with a screw.
13. Register the controller in the ACS (follow ACS instructions).
14. Perform a full load in the ACS (configure inputs, outputs, schedules, identifiers, etc.).
15. The device is ready for operation.

Connecting the Readers

The controller has two Wiegand interface ports for connecting readers. Readers with a Wiegand interface are compatible.

Wire Color Correspondence

The standard wire color correspondence for reader connections is:

• White – Data 1
• Green – Data 0
• Blue – Buzzer activation
• Brown – Red indicator activation
• Orange – Green indicator activation
• Black – GND
• Red – +12V

Note: Wire colors may differ with readers from other manufacturers; consult the reader's manual.

The current consumption of each external reader connected to the "+12V" terminal must not exceed 150 mA. Long-range readers with higher consumption require a separate power source.

Connecting the Cables (Inputs)

The controller has eight inputs with current monitoring. Input functions are set during programming and can include:

• Passage sensor (door contact)
• Exit request button
• Passage sensor (door contact) + exit request button
• Free Passage (A, B, A+B)
• Lockout (A, B, A+B)
• Monitoring the sensor status (alarm sensor)

All cables function as normally closed or normally open. Load resistors are mandatory. Normal cable resistance is between 1.4 kΩ and 3 kΩ; short circuit is <1.4 kΩ; open circuit is >3 kΩ.

Access Request Button

Used for single-sided door control. Opens the door when pressed and released. Can also be used as a remote door opening button. Example: Z1 and Z2 assigned as exit request buttons for access points A and B respectively.

Note: Door release buttons or turnstile exit buttons may trigger a "DOOR FORCE" event. Cables must be assigned as exit request cables for proper operation.

Passage Sensor (Door Contact)

Determines door state (open/closed) or turnstile rotor position. Without it, unauthorized access or prolonged open doors might not be detected. Example: Z3 and Z4 assigned as door contacts for access points A and B respectively.

Recommendation: Doors controlled by ACS should have door closers. Door contacts must be assigned correctly during programming.

Combined Cable – Exit Request Button and Passage Sensor (Door Contact)

Inputs can serve simultaneously as an exit request button and door contact sensor. An open circuit indicates a fault; a short circuit indicates the button press. Example: Z5 and Z6 assigned as combined inputs for access points A and B.

Any of the 8 inputs can be assigned as a combined input.

Integration with Fire and Security Alarm Systems

Inputs programmed as "Free Passage" and "Lockout" allow integration with fire and security alarm systems. Configuring an input as "Free Passage" for a fire alarm system will automatically unlock all doors upon a fire alarm event, allowing personnel to exit safely.

Example: Z7 assigned to "Lockout A+B", Z8 assigned to "Free Passage A+B". "Lockout" and "Free Passage" can be assigned to access points A, B, or both (A+B). These types operate on both short-circuit and open-circuit conditions.

Connecting Actuating Devices

Electric Locks

The controller's relay contacts (normally closed/open) and programmable activation times (1-255 seconds) allow operation of various electric locks and strikes. A time setting of 0 applies a 200 ms pulse. Example: one device opens with voltage, another with voltage removal.

When switching inductive loads (e.g., electromagnetic locks), use a diode to prevent damage to relay contacts. Inexpensive electromagnetic strikes may not allow prolonged voltage; program relay times accordingly to avoid overheating.

For proper lock operation, relay outputs must be assigned as lock outputs during programming.

Sirens and Bells

Electric bells, being inductive loads, require a protection diode. Follow the siren's user manual for connection. Siren current draw must not exceed 1 A.

For non-standard devices, consult the supplier. For proper siren operation, assign the relay output as the siren (or alarm) output during programming.

Connecting Ethernet

The Ethernet interface networks system components (PC and controllers) with data transmission speeds up to 100 Mbps over distances up to 100 meters.

Direct Crimping – Connection to a Switch or Router

Wiring pairs:

1. White-yellow – white-yellow
2. Yellow – yellow
3. White-green – white-green
4. Blue – blue
5. White-blue – white-blue
6. Green – green
7. White-brown – white-brown
8. Brown – brown

Crossover Wiring – Connection to a Computer

Wiring pairs:

1. White-yellow – white-green
2. Yellow – green
3. White-green – white-yellow
4. Blue – blue
5. White-blue – white-blue
6. Green – yellow
7. White-brown – white-brown
8. Brown – brown

Factory Settings

• Communicator: DHCP enabled, ACS server addresses not specified.
• Inputs (Cables): Z1 – Z8: Disabled.
• Outputs: Relays 1 – 4: Disabled.
• Readers: Wiegand 42bit.

Warranty

The warranty period for U-PROX devices (excluding power sources) is 2 years from the date of sale. For operational issues, contact support@u-prox.systems for potential remote resolution.

Device supply, training, installation, commissioning, and warranty service are provided by the manufacturer or authorized organizations. Commissioning by unauthorized entities voids the warranty.

Warranty repairs are not performed for issues arising from:

• Improper connection
• Non-compliance with operating instructions
• Physical damage
• Force majeure events

Warranty and post-warranty service is exclusively provided by authorized entities. The manufacturer reserves the right to make design changes that do not affect core technical characteristics or reliability.