Secure Network Interface Board (SNIB, SNIB2, and SNIB3)

MX

SNIB

The SNIB provides both RS-232 and RS-485 SCRAMBLE*NET ports. If you need to connect the host to the master SNIB via RS-485, you can only use the SNIB; otherwise, you have a choice of either SNIB or SNIB2. An example of the SNIB is shown in Figure 1-1.

When installed, the SNIB, SNIB2, or SNIB3 expansion board enables a DIGI*TRAC or Mx controller to be programmed, monitored, and controlled from a properly-configured IBM-compatible host PC running the Velocity software. Communication is secured by Hirsch’s proprietary Hirsch Encrypted Standard (HES) protocol SCRAMBLENET network.

• An optically isolated RS-232 port is provided on the original SNIB and the SNIB2.

• An optically isolated RS-485 port (required for multi-drop or long hardwired connections) is provided on the SNIB, the SNIB2, and the SNIB3.

• An RJ-45 Ethernet port (which requires a host-to-master controller TCP/IP connection) is provided on the SNIB2 and the SNIB3.

The M1N controller does not require the addition of a SNIB or SNIB2 because it already has SNIB circuitry integrated into its main board. The Mx controller’s main board includes SNIB2 functionality on a daughterboard, which can be removed to enable using a SNIB3.

The following subsections provide installation instructions for the “SNIB”, the “SNIB2” , and the “SNIB3”.

SNIB Board

Open

An example of the possible SNIB connections is shown in Figure 1-2.

SNIB Connections

Open

SNIB Cabling Distance

The power and data lines are fully isolated from the controller, providing immunity from transients and common-mode ground voltages between the SNIB-connected controller(s) and a host PC. Maximum SNIB cabling lengths are shown in Table 1-1:

For a single controller network, connect to the S*NET via either an RS-485 or RS-232 port. If connecting more than one controller on the network and the first controller is within 50 feet (15 meters) of the Host PC, connect the PC to the first controller via the RS- 232 connector and the rest of the controllers to the RS-485 S*NET connector on the first controller.

Alternatively, simply connect to the RS-485 connector and daisy-chain the wire to the multiple controllers. The M1N does not require a SNIB to network because SNIB circuitry with both RS-232 and RS-485 connectors is embedded on the controller board.

SNIB Design

When installed in a DIGI*TRAC Controller, the SNIB enables the Controller to be programmed, monitored, and controlled from a PC. For a one-controller network, you can connect to either the SNIB’s RS-485 connector (up to 4000 feet/1220 meters) or the RS-232 connector (up to 50 feet/15 meters).

If you are connecting to more than one controller on the network and the first controller is within 50 feet (15 meters) of the Host PC, you can connect the PC to the first controller via the RS-232 connector and the rest of the controllers to the RS-485 S*NET connector on the first controller. Alternatively, simply connect to the RS-485 connector and daisy-chain the wire to the multiple controllers.

Figure 1-4 provides examples of how the SNIB can be used to connect two controllers to a host PC using either an RS-232 or RS-485 connection.

Installing The SNIB

This section includes installation instructions for the original SNIB.

SNIB Setup

The wiring and settings of the SNIB are shown in Figure 1-5.

MD1 - 2

Because the M1N has integrated SNIB circuitry, the DIP switches are located on the controller itself, to either side of the network connections. (Refer to Figure 2-1 in section “Mx Controller Main Board”.)

Model 1N Design

The M1N has one heavy-duty door relay with associated line module input for supervision and door functions. This relay is capable of powering two keypads. The M1N also has three additional inputs for door contacts and alarm sensoring and four control relays to monitor and activate various relay circuits. Relay 4 can double as an alarm relay but it is not dedicated to that task.

In addition, the M1N includes an integrated SNIB for direct connection via either RS-232 or RS-485 to a SCRAMBLE*NET network, a keypad connector, and a printer port.

The M1N is shown in the below Figure:

Set these switches as you would a normal SNIB. There are no SNIB jumpers on the M1N.

The board has two jumpers, MD1 and MD2. Both are explained here:

There are also a number of DIP switches on the SNIB which can configure the board.

SW1/SW2

The last controller on any network cable run, or any single controller connected to a modem through the RS-232 port, must have its terminating resistors set to ON. To do this, set both SW1 and SW2 on switch bank S1 to ON.

SW3/SW4

The switch bank at S2 has 9 switches which configure a number of properties for the SNIB. SW3 determines the Modem Mode.

SW5/SW6

SW5-6 determines the SNIB’s baud rate. The rates you can select depend on the SNIB version you have.

Older (pre-1998) SNIBs have a ‘16450’ or ‘16C450’ serial port. Look for ‘16450’ or ‘16C450’ on the big rectangular chip. This works with 2400 and 9600 bps and may work with 19200 bps as well (depending on the SNIB date). DIP switch settings for this are:

Current production SNIBs have a ‘16550’ or ‘16C550’ serial port processor. Look for ‘16550’ or ‘16C550’ on the big rectangular chip. This configuration should work on all three baud rates.

DIGI*TRAC 7.0 supports 19,200 bps SCRAMBLENET. This means that while 9600 and 2400 are supported by both the 1200 and 300 baud rates are supported by the older SNIB.

To do this, set the SNIB DIP switch 5 (the third one on the second set of dip switches) to ON, and set the Test Tool or equivalent host software (or Xbox) to 19200 bps

If you’re using an Xbox with your controllers, the SNIB baud rate on all controllers must match the XBox’s ‘Net Speed’ baud rate. Current production XBoxes only allow 2400 or 9600 bps baud rates. When changing baud rates, you must stop and restart all controllers on the network as well as all XBoxes.

SW7 - SW12

SW7-12 are used to set the Network Address. Each switch represents a binary value in this way:

The only exception to this scheme is Network Address 64 where SW7-12 are all OFF. (This is currently not supported by SAM.) Table 1-2 provides a complete list of all network addresses and their corresponding switch setup:

^a. Velocity software does not recognize Address 64.

SNIB Mounting

The SNIB should always be the top board installed on the standoffs. Install all other boards first (underneath the SNIB), then the SNIB.

To install the SNIB expansion board:

1. Turn all system power off, remove connectors to the standby battery, then remove connectors to the AC power.

2. Install the board on the supplied standoffs and connect the EBIC5 cable as described in “Connecting Expansion Boards”.

SNIB Wiring

To connect SCRAMBLE*NET to this board:

1.Turn all system power off, remove connectors to the standby battery, then remove connectors to the AC power.

2. Connect the wires on one end of the cable to the terminal block you require – either the RS-232 or S*NET (RS-485) port. Both RS-232 and RS-485 use SCRAMBLE*NET protocol. If necessary, you can remove the terminal blocks and replace them after you’ve wired them.

The wires are connected in this way:

For RS-485 S*NET Cabling:

3.Connect the other end of the cable to the RS-485 of a NET*ADAPT, NET*MUX4, or to the serial port of the PC (with NAPC installed).

SNIB Pinout Information

The following tables provide pinout information on connections between the SNIB and a number of devices and connectors.

SNIB Testing

After installing the board and connecting to a PC, you can test the SNIB using Host PC software.

SNIB2

The SNIB2 is a high-security encryption Secure Network Interface Board. The main components of the SNIB2 are shown in Figure 1-7.

SNIB2 Board

SNIB2 Connections

The SNIB2 includes an RS-232 and RS-485 as well as an Ethernet port. In addition, SNIB2 supports full encryption from the host to the last downstream controller. The SNIB2 also offers XBox functionality with support for global I/O from the master SNIB2 downstream to all attached slave SNIB2s. The SNIB2 supports both an Ethernet or RS-232 connection between the host PC and the master SNIB2. Downstream connections from the master SNIB2 to slave SNIB2s must be RS-485.

The SNIB2 is a controller-resident communication board that enables a host PC running Velocity (version 2.6 SP2 or higher) to program, monitor, and control up to 63 SNIB2-resident controllers per SNIB2 Ethernet port. A NET*MUX4 is required whenever there are more than 16 controllers. Additional NET*MUX4s may be required to ensure that there are never more than 16 controllers per port.

For more information, see “SNIB2 Cabling”. Each connected controller must have its own SNIB2 (or SNIB3) board installed. The SNIB2 provides RS-485, RS-232, and 10/100BaseT Ethernet ports. The SNIB2 supports the XNET2 protocol.

Physically, the SNIB2 board differs from the original SNIB in that it has:

• Three switch banks (SW1, SW2, and SW3)

• An Ethernet RJ-45 connector with its accompanying daughterboard

• Three pairs of status LEDs (see “Controller and SNIB2 LED Diagnostics”)

With the SNIB2 board, a host PC running Velocity can program, monitor, and control up to 63 controllers with NET*MUX4 (as shown in Figure 1-8), or up to 16 without NET*MUX4. The SNIB2 provides a downstream/multi-drop RS-485 port as well as an upstream 10/100 Mbps Ethernet port and an RS-232 port for direct host connections (not dial-up).

If required, you can add a second level of NET*MUX4s to create additional controller runs; however, Hirsch does not support more than two levels of NET*MUX4s.

SNIB2 Design

The SNIB2 is a drop-in replacement for the original SNIB. It is intended for those installations that require high security over Ethernet.

The SNIB2’s major components are shown in Figure 1-10:

The SNIB2 is a controller-resident communication board that enables a host PC running Velocity to program, monitor, and control up to 63 SNIB2-resident controllers per SNIB2 Ethernet port. A NET*MUX4 is required whenever there are more than 16 controllers. Additional NET*MUX4s may be required to ensure that there are never more than 16 controllers on a single hard copper wire segment.

For more information see, “SNIB2 Cabling”.

Each connected controller must have its own SNIB2 board installed. The SNIB2 provides an RS-485 port as well as a 10/100BaseT Ethernet port. The SNIB2 supports the XNET 2 protocol.

Physically, the SNIB2 board differs from the original SNIB in three obvious respects. The SNIB2 has:

• Three switch banks (SW1, SW2, and SW3)

• An Ethernet RJ-45 connector with its accompanying daughterboard

• Three pairs of status LEDs

The SNIB2 provides these functional advantages over the SNIB:

• AES-Rijndael encryption

• Globalization functionality without an XBox

• Higher serial communication speeds

• Ethernet connectivity

Communications become less robust as baud rates increase, wire gauge decreases, and distances increase. Most tables in the DIGI*TRAC Systems Design and Installation Guide for wire gauge and distance are based on 9600 baud. At higher baud rates, maximum distances are decreased and minimum wire gauge is increased.

It may not be possible to implement the higher baud rates supported by the SNIB2 if you have long wire runs or small wire gauges. Higher baud rates are also more dependent on the number of twists per foot, so capacitance specifications must be strictly followed: total wire run per port is not to exceed acceptable total capacitance of 100,000 pf.

The SNIB2’s Ethernet port provides high-speed TCP/IP communication over an Ethernet network between the host computer and the controller.

The Ethernet connection enables communication between the controller with the master SNIB2 and host PC at 10/100BaseT. Speeds between the master SNIB2 and other connected downstream slave SNIB2s range up to 115200 bps.

A simple configuration connecting a single SNIB2-installed controller to the host might look like the example in Figure 1-12.

A more typical configuration that connects multiple controllers to the host, might look like the example in Figure 1-13:

For more information, see “SNIB2 Cabling”. Before the Velocity server can communicate over Ethernet with a SNIB2, you must first configure the SNIB2 through Velocity.

Whenever an Ethernet connection is employed between the host and the SNIB2, Velocity views the SNIB2 as an XNET port because the SNIB2 includes XBox functionality. The host communicates with the Ethernet-connected SNIB2 using AES-encrypted XNET 2.

Controller-to-controller speeds range from 9600 to 115200 bps. For each string of controllers, the first (master) SNIB2 with the Ethernet connection must be assigned the same address as the XNET port. No matter how many master SNIB2s are assigned Address 1, Velocity will be able to identify them appropriately using the SNIB2’s ROM ID and IP addresses assigned to them.

You can also use the SNIB2 with the NET*MUX4. The NET*MUX4 consists of a single input for either RS-232 or RS-485 and four outputs to which a series of controllers or additional NET*MUX4s can be wired as shown in Figure 1-14:

If required, you can add a second level of NET*MUX4s to create additional controller runs; however, Hirsch does not support more than two levels of NET*MUX4s.

For information about setting up and installing the SNIB2, refer to “Installing the SNIB2”.

Benefits of SNIB2

The SNIB2 provides these functional advantages over the original SNIB:

• AES encryption

• Ethernet connectivity (if required)

• XBox functionality

• Higher serial communication speeds

Each of these features is explained below.

AES Encryption
The SNIB2 employs AES-Rijndael asymmetric 128-bit block data encryption.

The National Institute of Standards and Technology (NIST) has awarded the SNIB2 AES Certificate #280.

Ethernet Connectivity
A standard RJ-45 Ethernet port is included on the SNIB2. This enables the connected controller installed with a SNIB2 to communicate with the server using TCP/IP over 10BaseT or 100BaseT Ethernet networks. This eliminates the need for external device servers for LAN connectivity.

XBox Functionality
The SNIB2 also incorporates full XBox gateway functionality, thereby eliminating the need for an XBox. This enables the SNIB2 to function as a gateway for up to 63 controllers (with inclusion of the NET*MUX4), and provides the ability to globalize certain features.

Globalizing is the task of connecting two or more controllers so credential user management and control zone information can be shared amongst all connected controllers.

Globalization can only be performed within a local XBox node. One SNIB2 acting as an XBox cannot talk to and share information with another XBox or another master SNIB2.

Higher Serial Communication Speeds
Communications between multidropped SNIB2s are now supported at speeds up to 115,200 bps with Cat5/Cat6 cable.

When using one or more NET*MUX4s, the maximum SNIB2 speed is limited to 9600 bps. When combining SNIBs and SNIB2s, the maximum speed is limited to the lower SNIB speed – that is, the lowest speed that all connected devices have in common.

Communications become less robust as baud rates increase, wire gauge decreases, and distances increase. Most tables for wire gauge and distance in this document are based on 9600 bps.

At higher baud rates, maximum distances are decreased and minimum wire gauge is increased. It may not be possible to implement the higher baud rates supported by the SNIB2 if you have long wire runs or small wire gauges.

For more information about setup and wiring of any SNIB board, see “Secure Network Interface Boards (SNIB2 or SNIB3)”. For installation instructions, see “Secure Network Interface Board (SNIB2 or SNIB3) Installation”.

Installing the SNIB2

This section includes setup and installation instructions for the SNIB2.

To install the SNIB2:

1. If necessary, download CCM 7.3.08 or later firmware to the required controllers.

For instructions about doing this, refer to “Firmware Updates > Updating CCM Firmware” in the main Velocity help.

2. Make sure each controller in the sequence shows the CCM version as 7.3.08 or later, and the BIOS as Version 7.2.19 or later.

If these version numbers do not appear, replace the controller’s CCM.

3. Remove the original SNIBs from each required controller.

4. Run the required network cable to the controller(s) with the master SNIB2s.

The Ethernet cable you are connecting to each master SNIB2 should be connected to the Velocity host through a hub or switch.
5. Run RS-485 cable downstream from the master SNIB2.

The run between the master SNIB2 and the second SNIB2 should be wired according to the instructions in “SNIB2 Cabling”.

6.Set the DIP switches on each SNIB2, which vary depending on whether it is the master, one in the middle, or the last one.

In general, use the settings shown in the following tables.

Refer to “Setting Up the SNIB2” for more configuration options.

7. Install the new SNIB2s into their controllers. For detailed instructions, see “SNIB2 Mounting”.

8. Plug the RJ-45 connector from the cable into the Ethernet connector on the SNIB2.

9. Connect the RS-485 cables to their respective SNIB2.

10. Reconnect and power up the controllers.

11. At the host, open Velocity and configure the new SNIB2s.

For more about this, refer to the Velocity online help.

SNIB2 Mounting

To mount the SNIB2 expansion board:

1.Turn all system power off: remove the connector for the standby battery, and then disconnect the AC power connector or the power supply fuse.

2.Install the new SNIB2 board into the upper left corner of the enclosure using the supplied screws. If there are additional expansion boards to install, install them first using the supplied standoffs. Install the SNIB2 board last so that it is at the top of the stack, as shown in Figure 1-15. (This enables you to wire the board, configure its DIP switches, view the status LEDs, and more easily access the Ethernet connector.)

3. Connect the EBIC5 connector, as described in “Connecting Expansion Boards”.
4. Reconnect the AC power connector (or power supply fuse), then reconnect the standby battery connector. The controller board’s yellow test LED should light; the other lights go through a start up sequence. When the sequence is complete, the yellow test LED goes out and the other lights stabilize.
5. If required, connect an RJ-45 network cable to the SNIB2 Ethernet connector.

SNIB2 Cabling

The cable linking the first controller (master) to the second (subordinate) in a multi-dropped RS-485 series must crossover the RX± and TX± wires in this manner:

If more than two controllers are connected in the series, the wiring would look like this:

At 9600 baud, the maximum allowed cable run between controllers is shown in the following table:

In general, communications become less robust as baud rates increase, wire gauge decreases, and distances increase. For this reason, it may not be possible to implement the higher baud rates supported by the SNIB2 if you have long wire runs or small wire gauges.

Higher baud rates are also more dependent on the number of twists per foot, so capacitance specifications must be strictly adhered to: total wire run per port is not to exceed acceptable capacitance of 11-17 pf and a total of 100,000 pf.

Setting Up the SNIB2

Switch Bank 1 (SW1)

The SNIB2 includes three DIP switch banks. The first bank (SW1) and second bank (SW2) have four DIP switches each. The third bank (SW3) possesses eight DIP switches.

SNIB2s can be used throughout a multidrop run; however, you must specify whether a specific SNIB2 is connected to a controller that is in the beginning, middle, or at the end of a run.

To do this, set S1-S4 on switch bank SW1 to all ON or all OFF in this way:

Switch Bank 2 (SW2)

The second switch bank at SW2 has 4 switches which configure such properties as the type of XNET protocol you are using, and the SNIB2’s location in the multidrop run.

Switch Bank 3 (SW3)

Switch bank SW3 is used to specify the SNIB2 speed (S1-S2) and the SNIB2 address (S3-S8). DIP switch settings for this are:

This controls the baud rate for the RS-485 multi-drop line and the RS-232 connection. 57,600 and 115,200 bps are only available if your RS-485 cables are made from Cat5/Cat6 data grade wire. These speeds are not recommended for installations using:

• RS-232 connections to host

• 18-gauge to 22-gauge shielded twisted-pair cable

• NET*MUX4s

• Mixed SNIBs/SNIB2s

Baud rates only apply to the SNIB2’s RS-485 and RS-232 ports. The SNIB2’s Ethernet port is used for host-to-controller connections and runs at 10/100 BaseT speeds. All SNIBs/SNIB2s in an RS-485 multi-drop sequence must be set to the same speed, and if connected to a host PC using RS-232 direct connection, the same speed must also be used. For example, if one SNIB2 in the sequence is set to 9600, all other SNIBs and SNIB2s (and the RS-232 host connection, if used) must be set to the same baud rate.

The remaining DIP switches on SW3 set the SNIB2’s address:

SNIB2 Network Configuration Options

The SNIB2’s Ethernet port provides high-speed TCP/IP communication over an Ethernet network between the host computer and the controller as shown in Figure 1-18.

In a multiple controller sequence, the configuration can look like Figure 1-19.

This enables communication between the controller with the master SNIB2 and host PC at 10/100BaseT. Speeds between the master SNIB2 and other connected downstreamSNIB2s range up to 115200 bps when using Cat5/Cat6 cable. Speeds between a master SNIB2 and downstream SNIBs are limited by the top speed of the older SNIBs (38400 bps).

Higher baud rates are also more dependent on the number of twists per foot, so capacitance specifications must be strictly followed: total wire run per port is not to exceed acceptable capacitance of 11-17 pf and a total of 100,000 pf.

Before the Velocity server can communicate over Ethernet with a SNIB2, you must first configure the SNIB2 through Velocity. For more about this, refer to “Configuring a Master SNIB2 in a Different Subnet”.

Whenever an Ethernet connection is employed between the host and the SNIB2, Velocity views the SNIB2 as an XNET port because the SNIB2 includes XBox functionality. The host communicates with the Ethernet-connected SNIB2 using AES-encrypted XNET 2.

Controller-to-controller speeds range from 9600 to 115200 bps. For each string of controllers, the first (master) SNIB2 with the Ethernet connection must be assigned the same address as the XBox port.

For more about this, refer to “Configuring a Master SNIB2 in a Different Subnet”.

You can also use the SNIB2 with the NET*MUX4. The NET*MUX4 consists of a single input for either RS-232 or RS-485 and four outputs to which a series of controllers or additional NET*MUX4s can be wired, as shown in the following illustration:

For more information, see “SNIB2 Cabling”. If required, you can add a second level of NET*MUX4s to create additional controller runs; however, Hirsch does not support more than two levels of NET*MUX4s.

NET*MUX4 speeds are dictated by wire gauge and distance. We recommend using Cat5/ Cat6 cable.

Deploying SNIB2

Each master SNIB2 (Velocity port) must be assigned a unique IP address so it can communicate with Velocity on the host PC. Depending on the network location of the master SNIB2, this is accomplished in one of two ways:

• If the SNIB2 is located within the same subnet as the host PC, then you can use Velocity to assign the IP address. For more about this, refer to “Configuring a Master SNIB2 on the Same Subnet”.

• If the master SNIB2 is located outside the host PC’s subnet, you must use the SNIB2 Configuration Utility. For more about this, refer to “Configuring a Master SNIB2 in a Different Subnet”.

What is a subnet? Put simply, a subnet is any group of PCs and other devices, such as printers and scanners, connected by network cable to a network router. Anything behind the router is considered part of the subnet. Anything beyond this router is not part of the subnet.

In the preceding illustration, the master SNIB2 and controller labeled 1 is located in the same subnet as the host PC (Subnet A). This SNIB2 can therefore be configured using Velocity; however, the master SNIB2 and controller labeled 2 is located behind a different router, in a different subnet (Subnet B), and must be configured using the SNIB2 Configuration Utility.

Any number of computers and devices can be behind a single router, but for reasons of security and speed, a company network often incorporates many routers. It isn’t uncommon to find that each department within a company has its own router. Routers not only find the quickest way to ferry packets of information between two points, but also could serve as a rudimentary firewall against potential intrusion.

Configuring a Master SNIB2 on the Same Subnet

When a master SNIB2 is connected via Ethernet to the host PC sharing the same subnet, configure and assign a new IP address through the Velocity port properties dialog.

To do this:

1.Open Velocity.

2. In the System Tree pane, click and expand the DIGI*TRAC Configuration system folder, .

Three port folders are currently available: SNET, XNET, or Dial-Up.
3. Expand the XNET Port folder.
When the Velocity host is connected to a SNIB2 via Ethernet, it treats it as an XNET port.
4. Double-click Add New XNET Port in the Components pane.
The Port Properties dialog appears:

5. Click to select the TCP/IP radio button.
The dialog changes to show the ‘IP Address’, ‘Port’, and ‘Max Attempts’ fields.

6. Check the XNET 2 Protocol checkbox, to indicate this port is using encrypted
XNET 2 protocol.

7. Click the Search button.
Velocity searches on the subnet for all SNIB2s that Velocity is not using.

A dialog listing all new SNIB2s appears:

Although a newly-detected SNIB2 does not possess an IP address, port number, or name, it should have a unique MAC address. To see this MAC address, drag the slide bar at the bottom of the dialog to the right. The MAC address for each SNIB2 is printed on a white label located on the left side of the SNIB2’s daughterboard. This label contains both a barcode and a six-digit number. This number is the last six digits
of the MAC address.

8. From this list, double-click the SNIB2 entry you want to configure.
The SNIB Configuration dialog appears:

9. In the ‘Name’ field, enter the name you want to assign to the SNIB2.

10. In the ‘IP Address’ field, enter the IP address for the SNIB2 connected to this Velocity PC.
In version 5.95 and later, all SNIB2s have a factory default IP address in the format 10. x.y.z where the variables are supplied from a hash of the MAC address. For versions earlier than that, you must enter the required IP address.

11. In the ‘Port’ field, enter the correct port number.
All network ports possess an address used to identify the SNIB2’s physical port address. The default Velocity port is 10001.

12. Click OK. The Searching screen reappears.

13. Click OK.
The Port Properties screen reappears with the Name, IP Address, and IP Port fields populated.

14. In the ‘Max retry attempts’ field, specify the maximum number of retries this PC will attempt. Increment or decrement the value using the counter buttons.
If you get port errors, increase this number.

15. Check the ‘Enable this Port’ box if this port is currently active. Clear this box if the port is not currently active.

16.If required, click the Advanced button to access the Advanced Settings dialog to specify additional options for this port.

17. When you’re finished, click OK.
The new SNIB2 port appears in the Components pane.

Configuring a Master SNIB2 in a Different Subnet

To connect a master SNIB2 via Ethernet to a host PC residing outside the host PC’s subnet, configure and assign a new IP address for the master SNIB2 on its own subnet using the SNIB2 Configuration Utility.

To configure a master SNIB2 using the SNIB2 Configuration Utility:

1.If you haven’t already done so, install the SNIB2 Configuration Utility on a PC in the same subnet as the master SNIB2 you want to configure. To do this:
a. Insert the Velocity CD or DVD in your PC’s optical drive, or go to the \Velocity folder.
b. Using Windows Explorer, navigate to the \SNIB2 folder. The file SNIB2CONFIG.EXE should be located here.

2. Double-click SNIB2CONFIG.EXE.
The SNIB2 Configuration Utility appears:

3. Select one of these radio buttons:

4. Click the Search for SNIB2 button.
The utility scans the network within the current subnet, and returns a list of all devices meeting the criterion specified by the radio button.

5. Click the ‘Devices’ pick list to display all devices currently detected by the utility, like the following example:

6. Select the correct SNIB2.

You can identify which SNIB2 you need by its MAC address (id=). The MAC address for each SNIB2 is printed on a white label located on the left side of the SNIB2’s daughterboard. This label contains both a barcode and a six-digit number. This number is the second half of the MAC address.

7.Select the Get Configuration From Device button.
A list of variables specific to this SNIB2 appear in the ‘Variable Name’ window.
The three options used for SNIB2 configuration are: Device_IP_Address, Device_Port, and Device_Hostname, as shown in the following example:

8. From the ‘Variable Name’ pick list, select Device_IP_Address.
A screen like this appears:

9. In the ‘Value’ field, enter the IP address you require for this SNIB2.
A screen like this appears:

Consult your IT or Security Administrator for the proper address.

10. From the ‘Variable Name’ pick list, select Device_Port.

11. In the ‘Value’ field, enter a port address for this SNIB2.
All network ports possess an address used to identify the SNIB2’s physical port address. The default Velocity port is 10001.

12. From the ‘Variable Name’ pick list, select Device_Hostname.

13. In the ‘Value’ field, enter a name for this SNIB2.

14. Click the Send Configuration to Device button to send the information to the SNIB2.

15. Click the Search for SNIB2 button again to verify that the SNIB2 has correctly received the information.

Make sure to write down the address, port, and host name you assigned for each SNIB2.
These values are required when you configure the SNIB2 in Velocity.

After the installer has assigned the remote master SNIB2 an IP address and port, use Velocity on the host PC to identify it to the system. To do this:

1.Create a new XNET port, as specified in Steps 1–5 of “Configuring a Master SNIB2 in a Different Subnet”.

2. the ‘Name’ field, enter the name you assigned to the SNIB2 using the SNIB2 Configuration Utility (Device_Hostname).

3. In the ‘IP Address’ field, enter the IP address you assigned to this device using the SNIB2 Configuration Utility (Device_IP_Address).

4. In the ‘Port’ field, enter the port number you assigned to this device using the utility (Device_Port). The default value is 10001.

5. Make sure the ‘Enable this Port’ box is checked.

6. Click OK.
This enables Velocity to find and monitor the remote SNIB2.

Resetting SNIB2 Encryption Keys

After Velocity creates the encryption keys required for secure Host-to-SNIB2 communication, it continues to use those keys. If for some reason you need to change these keys, there are several ways to do it.

After you have reset the encryption key to its default value (set SW2-1 to ON, recycle controller power, then reset SW2-1 to OFF), you must assign a new key so that Velocity and the master SNIB2 can talk to each other. To do this:

1.From the Velocity Administrator system tree, click and expand the DIGI*TRAC
Configuration system folder until the master SNIB2 port you require appears.

2. Right-click on the SNIB2 port and select Properties.

The Port Properties dialog appears. The master SNIB2 Properties should look like
this:

3. Check the ‘Reset encryption’ box, and click OK.
This resets and syncs the encryption key at host SNIB2.

Resetting the SNIB2 to its Factory Default Values

Starting with version 6.42 of the SNIB2 firmware, a SNIB2 board can be reset to the factory default values for its encryption keys and network settings. To reset a SNIB2 board to have an IP address based on its unique MAC address, perform the following steps:

1.Set all four DIP switches in Switch Bank 2 to ON, and set all eight DIP switches in Switch Bank 3 to OFF.

2. Cycle power to the controller containing this SNIB2 board.

3. Watch the status LEDs on the SNIB2 board, to ensure that they display the Lamp Test start up pattern, and then display the following SNIB2/CCM Synchronization pattern:

4. Turn off power to the controller.
You can then reconfigure the SNIB2 board as needed, using its DIP switches and Velocity.

Controller and SNIB2 LED Diagnostics

The SNIB2 has three pairs of LEDs that show you how the SNIB2 is communicating with the Velocity Server.

Special Light Patterns: Start Up

This consists of the following light patterns during start up.

First comes the Lamp Test.

Power-up might include the first two patterns. If you’ve just reflashed the SNIB2, the sequence starts with the ones in the box.

This pattern is followed by:

This is the SNIB2/CCM Synchronization. This pattern repeats until the CCM and SNIB2 are synchronized. This light pattern should not persist longer than four minutes if there are no memory expansion boards on the controller.

Normal Operation

This table illustrates the various light patterns displayed during normal operation for both the master and subordinate SNIB2s:

For more about the status LEDs, especially for the patterns displayed during a firmware reflash or during data trouble, refer to the SNIB2 Troubleshooting Guide included with the SNIB2.

The SNIB2 also causes certain changes to the way the controller LEDs display as shown
below:

SNIB3

The Secure Network Interface Board v3 (SNIB3) is an update to the previous SNIB2 board. The SNIB3 is based on a new, more powerful hardware platform that supports IPv6 as well as IPv4.

SNIB3 Board

The SNIB3 also supports more robust encryption (with a 256-bit key length) through the XNET3 protocol. For compatibility with older SNIB2-equipped controllers, the SNIB3 can run in XNET2 mode using 128-bit AES encryption. (If you are using SNIB2 boards in some of your controllers, you cannot use the XNET3 protocol, and those controllers must be downstream slaves to a master SNIB3, connected using the RS-485 port, as
shown in Figure 1-21.)

The SNIB3 includes one available RJ-45 Ethernet port (connector 1) that is used to connect the Velocity host to this board. When the SNIB3 is in a master configuration, it supports RS-485 serial connectivity to downstream SNIB2 or SNIB3 slave controllers.

The main components of the SNIB3 are shown in Figure 1-20.

Benefits of SNIB3

The SNIB3 provides these functional advantages over the previous SNIB2:

Faster Ethernet Speed
The standard RJ-45 Ethernet port included on the SNIB2 enables the connected controller to communicate with the Velocity host using TCP/IP over 10BaseT or 100BaseT Ethernet networks. The SNIB3’s RJ-45 Ethernet port is capable of 10BaseT, 100BaseT, or 1000BaseT (gigabit) speeds.

IPv6 Addressing
The SNIB3 supports version 6 of the Internet Protocol, which uses 128-bit addresses to identify and locate devices on the Internet. (The previous IPv4 used 32-bit addresses.)

AES Encryption with 256-bit key length
The SNIB3 supports more robust encryption (with a 256-bit key length) through the XNET3 protocol. For compatibility with older SNIB2-equipped controllers, the SNIB3 can run in XNET2 mode using 128-bit AES-Rijndael asymmetric data encryption.

FIPS 140-2 Certification
The SNIB3’s cryptographic modules use the OpenSSL library, which has been certified by the National Institute of Standards and Technology (NIST) to meet their Federal Information Processing Standard (FIPS) 140-2, Security Requirements for Cryptographic Modules. (The Velocity software uses Microsoft’s BCRYPTPRIMITIVES library, which also has been certified by NIST to meet FIPS 140-2.)

Hardware Security Authentication Module (SAM)
The SNIB3 has a Security Authentication Module (SAM) for securely storing keys. One application for this module is to secure firmware downloads, using a TRN format as used on Touch Secure readers. In this method the firmware is first verified for authenticity by using the SAM keys before downloads are allowed.

SNIB3 power ratings

SNIB3 Design

The Secure Network Interface Board v3 (SNIB3) is an update to the previous SNIB2 board. The main components of the SNIB3 are shown in Figure 1-20 in section “SNIB3”. The SNIB3 is based on a new, more powerful hardware platform that supports:

• Faster Ethernet speeds. The SNIB3’s RJ-45 Ethernet port is capable of 10BaseT, 100BaseT, or 1000BaseT (gigabit) speeds.

• Version 6 of the Internet Protocol, which uses 128-bit addresses to identify and locate devices on the Internet. (The previous IPv4 used 32-bit addresses.)

• More robust encryption (with a 256-bit key length) through the XNET3 protocol.
  (For compatibility with older SNIB2-equipped controllers, the SNIB3 can run in XNET2 mode using 128-bit AES encryption.)

When installed in a DIGI*TRAC or Mx controller, the SNIB3 communications board enables a host PC running Velocity to program, monitor, and control up to 63 controllers per SNIB3 Ethernet port. Each controller must have its own SNIB2 or SNIB3 board.

The SNIB3 is not backwards compatible with the original SNIB. You cannot use the SNIB3 with the M1N controller, because it does not support any expansion boards.

The Mx controller can be ordered with either SNIB2 or SNIB3 functionality. To upgrade an Mx controller which has the SNIB2 daughterboard to use a SNIB3 expansion board, you must first remove the SNIB2 daughterboard from the Mx controller’s main board, as explained in “Preparing an Mx Controller with a SNIB2 to Use a SNIB3”.
(SNIB3 capability is built onto the main board of an Mx-1 or Mx-1-ME controller.)

The SNIB3 provides both an RS-485 port and a 10/100/1000BaseT RJ-45 Ethernet port, which enables you to choose the security network configuration that is most appropriate for your situation:

• If you are using only SNIB3 boards in all of your controllers, you can use either the XNET2 or the XNET3 protocol, and the downstream controllers in your security network can either be connected directly using the RJ-45 Ethernet port, or be connected to a master SNIB3 using the RS-485 port. (These options are
  shown in Figure 1-21 in section “SNIB3”).

• If you are using SNIB2 boards in some of your controllers, you cannot use the XNET3 protocol, and those controllers must be downstream slaves to a master SNIB3, connected using the RS-485 port. (This option is shown in Figure 1-22 in section “SNIB3”).

• The SNIB3 also supports connections to the NET*MUX4, as explained in “Using NET*MUX4s with SNIB3s”.

The SNIB3’s RS-485 connector enables wire runs of up to 4000 feet (1220 meters). Higher baud rates are more dependent on the number of twists per foot, so capacitance specifications must be strictly followed: total wire run per port is not to exceed acceptable total capacitance of 11-17 pf and a total of 100,000 pf.

A NET*MUX4 is required whenever there are more than 16 controllers. Note that using a NET*MUX4 enables more controllers to be managed through a single network port, but it limits the data communication speed to 9600 baud.

Whenever an Ethernet connection is employed between the host and the SNIB3, Velocity views the SNIB3 as an XNET port because the SNIB3 includes XBox functionality. The host communicates with the Ethernet-connected SNIB3 using either XNET 2 or XNET 3. For each string of controllers, the first (master) SNIB3 with the Ethernet connection must be assigned the same address as the XBox port.

Prerequisites for SNIB3

The SNIB3 board has the following prerequisites or dependencies:

• The CCM/CCMx firmware must be version 7.5.37 (or later).

• The Velocity software must be version 3.6 SP1 (or later).

• The Mx controller can be ordered with either SNIB2 or SNIB3 functionality. To upgrade an Mx controller which has the SNIB2 daughterboard to use a SNIB3 expansion board, you must first remove the SNIB2 daughterboard from the Mx controller’s main board. For more information, see “Preparing an Mx Controller with a SNIB2 to Use a SNIB3”.

Although the SNIB3 supports dynamic IP addressing using the Dynamic Host Configuration Protocol (DHCP) for both IPv4 and IPv6, Identiv strongly recommends using static or reserved IP addresses for your SNIB3 boards.

• IPv6 is generally not compatible with IPv4, so if you want to use IPv6 addressing for a SNIB3, it must be installed on a network which supports IPv6.

• Upgrading the firmware of downstream SNIB3s must be done one at a time. In a master-slave configuration, you must upgrade the master SNIB3 board’s firmware first, and then upgrade each slave SNIB3 board’s firmware in sequence. Don’t start the download for the next SNIB3 board until the firmware upgrade for the previous SNIB3 board has completed.

SNIB3 Network Configuration Options Overview

Be aware that the SNIB3 is backwards compatible with the SNIB2, but not with the original SNIB. Each connected controller must have its own SNIB2 or SNIB3 board installed. The SNIB3 provides both an RS-485 port and a 10/100/1000BaseT RJ-45 Ethernet port.

If you are using only SNIB3 boards in all of your controllers, you can use either the XNET2 or the XNET3 protocol, and the downstream controllers in your security network can either be connected directly using the RJ-45 Ethernet port, or be connected to a master

SNIB3 using the RS-485 port. These options are shown in Figure 1-20.

If you are using SNIB2 boards in some of your controllers, you cannot use the XNET3 protocol, and those controllers must be downstream slaves to a master SNIB3, connected using the RS-485 port, as shown in Figure 1-22.

The SNIB3 also supports connections to the NET*MUX4, as explained in “Using NET*MUX4s with SNIB3s”. This enables more controllers to be managed through a single network port, but it limits the data communication speed to 9600 baud.

Using Ethernet

The SNIB3’s RJ-45 Ethernet port provides high-speed TCP/IP communication over an Ethernet network between the Velocity host computer and the controller, using either IPv4 or IPv6. With multiple controllers, each one can have an independent communication path with a unique IP address, as shown in Figure 1-23:

After an Ethernet connection has been established between the Velocity host and the SNIB3, Velocity views the SNIB3 as an XNET3 port. By default, the host communicates with the Ethernet-connected SNIB3 using AES 256-bit encrypted XNET3. However, before the Velocity server can communicate over Ethernet with a SNIB3, the SNIB3 must be configured through Velocity, as explained in “Configuring a SNIB3”.

Using Serial RS-485

The SNIB3’s RS-485 port provides support for downstream serial connectivity, where the master of each chain must be a SNIB3 which is connected to the Velocity host using Ethernet. This master SNIB3 must be assigned the same address as the XBox port.

Velocity views the master SNIB3 as both a controller and an XBox residing on an XNET port. (Subsequent multidropped controllers in the sequence do not appear as XBox controllers.)

• If every controller has a SNIB3, the XNET3 protocol can be used.

• If any downstream controller has a SNIB2, the XNET2 protocol must be used, and the top speed is limited to 38,400 bps.

The SNIB3’s RS-485 connector enables wire runs of up to 4000 feet (1220 meters). Higher baud rates are more dependent on the number of twists per foot, so capacitance specifications must be strictly followed: total wire run per port is not to exceed 100,000 pf per foot.

An example of connecting downstream slave controllers using serial RS-485 is shown in Figure 1-24:

RS-485 Cabling for SNIB3s

As noted in Figure 1-24, the RS-485 cable linking the first (master) controller to the second (slave) controller in a multidropped RS-485 series must cross over the RX± and TX± wires. The cable for each subsequent slave controller is wired straight through. The details of this wiring is shown in Figure 1-25:

For an RS-485 chain, the maximum total cable run (from the master SNIB3 to the last downstream SNIB2 or SNIB3) is 4,000 feet (1,220 m). Higher baud rates are more dependent on the number of twists per foot, so capacitance specifications must be strictly followed: total wire run per port is not to exceed acceptable capacitance of 11-17 pf and a total of 100,000 pf.

In general, communications become less robust as baud rates increase, wire gauge decreases, and distances increase. For this reason, it may not be possible to implement the higher baud rates supported by the SNIB3 if you have long wire runs or small wire gauges.

Using NET*MUX4s with SNIB3s

Like the SNIB2, the SNIB3 can be used with NET*MUX4s to enable a host PC running Velocity to program, monitor, and control up to 63 controllers on a port. This type of network configuration is shown in Figure 1-26:

Note that:

• The master SNIB3 is connected to the Velocity host using Ethernet.

• All of the cables leading into and out of a NET*MUX4 are crossovers, where the RX± and TX± wires must be swapped.

• Only two levels of NET*MUX4s are supported.

• Each connected controller must have its own SNIB3 board installed.
  The NET*MUX4 has a single RS-485 input and four RS-485 outputs to which a series of controllers or additional NET*MUX4s can be wired. However, the baud rate is limited to only 9600 bps.

Installing and Configuring the SNIB3

This section includes installation and configuration instructions for the SNIB3.

Because the SNIB3 board is sensitive to discharges of static electricity, you must observe the normal anti-static precautions (of using grounded wrist straps and anti-static devices) when handling the board.

Providing Surge Protection for a Master SNIB3

The current version of the SNIB3 board (which has a serial number of the form SNIB3- nnnnn) includes protection against extreme power surges, such as those caused by nearby lightning strikes, which might damage the Ethernet port. This surge protection is provided on a small printed circuit board which is mounted on the underside of the communications daughterboard. The presence of the surge protection is indicated by a jumper wire on the lower back of the SNIB3’s main board:

If a SNIB3 board does not have this jumper wire, then it is the initial version (sold only to a few US federal government agencies) which did not include surge protection. When using the initial version of the SNIB3 board (which has a serial number of the form SNIB3-S-nnnnn), surge protection must be provided for the master SNIB3 in each chain of connected controllers, using the Sankosha Guardian Net LAN-CAT5e-P+ surge protection device.

The specifications for this device are shown in the following table:

To be effective, this surge protection device (hereafter referred to as the “Guardian Net SPD”) must be properly installed so it is securely grounded to the controller’s metal enclosure. If this was not already done by Identiv, you can do it by performing the following steps.

1.Make sure the controller shows its CCM/CCMx firmware version as 7.5.37 or later.
(This information can be found in the controller’s Properties dialog within Velocity.)
If necessary, update the CCM/CCMx firmware. For details, see the “Firmware Updates > Updating CCM Firmware” topic in the Velocity help system.

2. Power down the controller.
a. Disconnect the battery backup power from the controller.
b. Disconnect the AC power cables to the controller.

3. If this controller still has a SNIB or SNIB2 board installed, remove it.

4. Install the SNIB3 board using the last connection on the EBIC5 ribbon cable, so it is the topmost board on this controller’s stack of expansion boards.

5. Connect one end of the green ground wire to the underside of the Guardian Net SPD (using its ground screw), and connect the other end of the green ground wire to one of the controller’s mounting screws.

• For a small controller cabinet (used for an M2, M16, MSP, Mx-2, Mx-4, or Mx-8), see Figure 1-27.

• For a large controller cabinet (used for an M8 or M64), see Figure 1-28.

6. Connect one end of the included Cat5 STP Ethernet cable to the Ethernet connector 1 RJ-45 jack on the SNIB3 board, and connect the other end of the cable to the RJ-45 jack marked EQUIP of the Guardian Net SPD.

7. Peel the protective covering off one side of the adhesive-backed Velcro strip, and press the exposed adhesive firmly against the appropriate side of the Guardian Net SPD, as shown in either Figure 1-27 or Figure 1-28.

8. Peel the protective covering off the other side of the adhesive-backed Velcro strip, and press the exposed adhesive firmly against either the:

• inner top side of a small controller cabinet, or the

• inner left side of a large controller cabinet.

9. Route the incoming Cat5 Ethernet cable through a knockout hole in the controller's cabinet and connect it to the RJ-45 jack marked LINE of the Guardian Net SPD.

10. Restore power to the controller.
a. Reconnect the AC power cables to the controller.
b. Reconnect the battery backup power to the controller.

11. At the Velocity host, use Velocity to configure the SNIB3 as explained in “Using Velocity to Configure a SNIB3 on the Same Subnet”.

Preparing an Mx-Controller to Use a SNIB3

Before the SNIB3 board was available, every Mx controller provided SNIB2 functionality using a daughterboard (with an Ethernet connector) attached to the main board, as shown in Figure 2-2 in section “Mx Controller Main Board”. Now when you order a new Mx controller, you have the option to instead have a SNIB3 board installed in an expansion slot.

But if you want to use the SNIB3 with an existing Mx controller that has a SNIB2 daughterboard, you must first remove that daughterboard from the Mx controller’s main board.

To do so, perform the following steps:

1.Make sure the controller shows its CCM firmware version as 7.5.37 or later. (This information can be found in the controller’s Properties dialog within Velocity.)
If necessary, update the CCM firmware. For details, see the “Firmware Updates > Updating CCM Firmware” topic in the Velocity help system.

2. Power down the Mx controller.
a. Disconnect the battery backup power from the controller.
b. Disconnect the AC power cables to the controller.

3. Remove the screw in the middle of the SNIB2 daughterboard.
The SNIB2 daughterboard is mounted on the Mx controller’s main board above the Mx logo, and it includes one RJ-45 Ethernet connector.

4. Carefully unplug the daughterboard from the Mx controller’s main board.
This usually requires holding opposite corners or ends of the daughterboard, and carefully rocking it out of its socket.

5. After the daughterboard has been removed, see “Providing Surge Protection for a Master SNIB3”to determine whether you have an initial version of the SNIB3 (sold only to a few US federal government agencies) which did not include surge protection.

• If so, follow the procedure in that topic.

• Otherwise, install the SNIB3 expansion board in the normal way, as explained next in “Installing the SNIB3 in a Controller without a SNIB or a SNIB2”.

Installing the SNIB3 in a Controller without a SNIB or a SNIB2

The SNIB3 can be used with most DIGI*TRAC or Mx series controllers, except for the Mx-1 (which has a compact plastic case without room for any expansion boards). If you want to use a SNIB3 with an Mx controller that has a SNIB2 daughterboard, be sure to see “Preparing an Mx Controller with a SNIB2 to Use a SNIB3”.

To install the SNIB3 in a controller which does not already have a SNIB or a SNIB2, perform the following steps:

1.Make sure each controller in the sequence shows its CCM/CCMx firmware version as 7.5.37 or later. (This information can be found in the controller’s Properties dialog
within Velocity.)
If necessary, update the CCM/CCMx firmware. For details, see the “Firmware Updates > Updating CCM Firmware” topic in the Velocity help system.

2. Power down the controller.
a. Disconnect the battery backup power from the controller.
b. Disconnect the AC power cables to the controller.

3. Run a network cable to the controller. Make sure that:

• The network cable is in good condition and is Cat 5 at a minimum; otherwise, run new cable.

• The network cable is properly connected to the Velocity host through a hub or switch.

4. Set the DIP switches on the SNIB3 to its appropriate address and other parameters.
For details, see “Setting the DIP Switches on a SNIB3”.

5. If necessary, run RS-485 cable downstream from the master or slave SNIB3.
For details, see “RS-485 Cabling for SNIB3s”.

6. Connect the necessary cables and wires to the controller and the SNIB3, including:

• The EBIC5 ribbon cable between the SNIB3 and the controller

• The network cable into the SNIB3’s RJ-45 Ethernet 1 port

• Any RS-485 wires connecting to a downstream controller

7. Mount the SNIB3 on the expansion board standoffs and secure the screws.
For details, see “Mounting and Connecting Expansion Boards to the Controller”. Restore power to the controller.
a. Reconnect the AC power cables to the controller.
b. Reconnect the battery backup power to the controller.

9. At the Velocity host, use Velocity to configure the SNIB3 as explained in “Using Velocity to Configure a SNIB3 on the Same Subnet”.

Replacing a Controller's SNIB or SNIB2 by a SNIB3

SNIB3s can communicate with SNIB2s, but they cannot communicate with original SNIBs. Any SNIBs existing on your security system must be replaced with SNIB2s or SNIB3s to use the faster speeds and greater encryption available with SNIB3s.

If you have an M1N controller (which has built-in SNIB functionality and does not support any expansion boards), you must replace it with a different model of controller.

If you want to use a SNIB3 with an Mx controller that has a SNIB2 daughterboard, be sure to see “Preparing an Mx Controller with a SNIB2 to Use a SNIB3”.

To replace a controller’s existing SNIB or SNIB2 board by a SNIB3, perform the following steps:

1.Make sure the controller shows its CCM/CCMx firmware version as 7.5.37 or later.
(This information can be found in the controller’s Properties dialog within Velocity.)
If necessary, update the CCM/CCMx firmware. For details, see the “Firmware Updates > Updating CCM Firmware” topic in the Velocity help system.

2. Power down the controller.
a. Disconnect the battery backup power from the controller.
b. Disconnect the AC power cables to the controller.

3. Disconnect the cables and wires attached to the existing SNIB or SNIB2 board, including:

• The EBIC5 ribbon cable between the controller and the SNIB or SNIB2

• The network cable into the SNIB2’s RJ-45 Ethernet port

• Any RS-485 wires connecting to a downstream controller

4. Unscrew the expansion board standoff screws, and remove the existing SNIB or SNIB2 board.

5. If necessary, run a network cable to the controller. Make sure that:

• The network cable is in good condition and is Cat 5 at a minimum; otherwise, run
  new cable.

• The network cable is properly connected to the Velocity host through a hub or
  switch.

6. If necessary, run RS-485 cable downstream from the master or slave SNIB3.
For details, see “RS-485 Cabling for SNIB3s”. Note that in an RS-485 array that includes a SNIB3, the master must be a SNIB3.

7. Set the DIP switches on the SNIB3 to its appropriate address and other parameters.
For details, see “Setting the DIP Switches on a SNIB3”.

8. Connect the necessary cables and wires to the controller and the SNIB3, including:

• The EBIC5 ribbon cable between the SNIB3 and the controller

• The network cable into the SNIB3’s RJ-45 Ethernet 1 port

• Any RS-485 wires connecting to a downstream controller

9. Mount the SNIB3 on the expansion board standoffs and secure the screws.
For details, see “Mounting and Connecting Expansion Boards to the Controller”.

10.Restore power to the controller.
a. Reconnect the AC power cables to the controller.
b. Reconnect the battery backup power to the controller.

11. At the Velocity host, use Velocity to configure the SNIB3 as explained in “Using Velocity to Configure a SNIB3 on the Same Subnet”.

Setting the DIP Switches on a SNIB3

Switch Bank 1 (SW1):

The SNIB3 includes three DIP switch banks. The first bank (SW1) and second bank (SW2) have four DIP switches each. The third bank (SW3) has eight DIP switches.

SNIB3s can be used throughout an RS-485 multidrop run; however, you must specify whether a specific SNIB3 is connected to a controller that is at the beginning, middle, or end of a run.

To do this, set S1-S4 on switch bank SW1 to either all ON or all OFF in this way:

Switch Bank 2 (SW2):

The second switch bank at SW2 has four switches, where S1 configures encryption properties and S4 configures the SNIB3’s location in the multidrop run. (S2 and S3 are used to reset a SNIB3 to its factory default settings.)

Switch Bank 3 (SW3):

Switch bank SW3 is used to specify the SNIB3 speed (S1-S2) and the SNIB3 address (S3-S8). The DIP switch settings for the speed are:

This controls the baud rate for the RS-485 multi-drop line. 57,600 and 115,200 bps are only available if your RS-485 cables are made from Cat5/Cat6 data grade wire. These speeds are not recommended for installations using:

• 18-gauge to 22-gauge shielded twisted-pair cable

• NET*MUX4s

Baud rates only apply to the RS-485 ports for SNIB2s and SNIB3s. The SNIB3’s Ethernet port is used for host-to-controller connections and runs at 10/100/1G BaseT speeds. All SNIB2s and SNIB3s in an RS-485 multi-drop sequence must be set to the same speed.

The remaining DIP switches (S3-S8) on SW3 set the SNIB3’s address, just like for the SNIB2:

Configuring a SNIB3

The location of a SNIB3 on your network relative to the Velocity host will determine the method you must use for configuring that SNIB3:

• If the SNIB3 is on the same subnet, then you will configure it using Velocity. See “Using Velocity to Configure a SNIB3 on the Same Subnet”.

• If the SNIB3 is on a different subnet, then you will configure it using the SNIB Configuration Tool. See “Configuring a SNIB3 on a Different Subnet”.

Overview of Network Subnets 

Each SNIB3 that is connected to the network using Ethernet (instead of being a downstream controller in a serial RS-485 chain) must be assigned a unique IP address so it can communicate with the Velocity host. The method for doing that depends on the location of that SNIB3 on your network relative to the Velocity host. The determining factor is whether they are both on the same subnet.

What is a subnet? Put simply, a subnet is any group of PCs and other devices, such as printers and scanners, connected by network cable to a network server, router, or hub. Anything behind the router/hub is considered part of the subnet. Anything beyond this router/hub is not part of the subnet. This concept is illustrated in Figure 1-29.

In Figure 1-29, the SNIB3 and its attached controller labeled 1 are located in the same subnet as the host PC (Subnet A). This SNIB3 can therefore be configured using Velocity;however, the SNIB3 and controller labeled 2 are located behind a different router, in a different subnet (Subnet B), and must be configured using the SNIB Configuration Tool.

Any number of computers and devices can be behind a hub or router, but for reasons of security and speed, a company network often incorporates many network servers, hubs, and routers. It is fairly common to find that each department within a company has its own server connected to its own hub and/or router. Routers and hubs not only find the quickest way to ferry packets of information between two points, but also can serve as a rudimentary firewall against potential intrusion.

Using Velocity to Configure a SNIB3 on the Same Subnet

If a SNIB3 is on the same subnet as the Velocity host, then you will configure it using Velocity. (If the SNIB3 is on a different subnet, then you will configure it using the SNIB Configuration Tool, as explained in “Configuring a SNIB3 on a Different Subnet”).
To configure a SNIB3 which is on the same network subnet as the Velocity host:

1.If you have not yet done so, install the SNIB3 board in the controller. For details, see either:

• “Installing the SNIB3 in a Controller without a SNIB or a SNIB2”,
  or

• “Replacing a Controller’s SNIB or SNIB2 by a SNIB3”.

2. If you have not yet done so, connect the controller to the network. For guidance, see “SNIB3 Network Configuration Options”.

3. In Velocity’s Administration window, double-click the Add New XNET Port item.

The resulting Port Properties dialog varies according to whether your network is using IPv4 or IPv6 addressing. For IPv4 addressing:

For IPv6 addressing:

4. On the Port Properties dialog:
a. If necessary, for the ‘Network Type’ select either the IPv4 or the IPv6 option.
b. For the ‘Protocol’, select either the XNET2 or XNET3 option.
c. Click the Search button.

The results depend on the options you specified for the Network Type and the Protocol. Here is an example for an IPv4 network using the XNET2 protocol:

Here is an example for an IPv6 network using the XNET3 protocol:

Note that although the SNIB2 and the SNIB3 support dynamic IP addressing using the Dynamic Host Configuration Protocol (DHCP) for both IPv4 and IPv6, Identiv strongly recommends using static or reserved IP addresses. For this reason, all SNIB2s and SNIB3s that have the value of Yes in the DHCP Enabled column should be changed to have assigned fixed IP addresses before they are added to the Velocity
network.
5. To change the settings for one of the displayed ports, perform these steps:
a. Double-click on an entry in the Searching dialog’s results table.

b. In the resulting SNIB Configuration dialog, make the necessary changes.

For example:

• If you need to change the Port number from the default value of 10001, then make sure to stay within the range from 1024 to 32767. Outside of this range, SNIB3 cannot communicate with the Velocity host.

• If you plan to assign a fixed address to this port, then clear the check box for the ‘DHCP Enabled (ignored for SNIB2)’ option.

c. When you are finished, click OK to close this dialog.

6. Back in the Searching dialog, click on the appropriate row to select the desired SNIB3 board, and click OK.

Velocity starts communicating with the specified SNIB3, and its port appears in the Ports folder within the Administration window.

Configuring a SNIB3 on a Different Subnet

If a SNIB3 is on a different subnet than the Velocity host, you will configure it using the SNIB Configuration Tool. (If the SNIB3 is on the same subnet, then you will configure it using Velocity, as explained in “Using Velocity to Configure a SNIB3 on the Same Subnet”).

To configure a SNIB3 which is on a different network subnet than the Velocity host:

1.If you have not yet done so, install the SNIB3 board in the controller. For details, see either:

• “Installing the SNIB3 in a Controller without a SNIB or a SNIB2”,

or

• “Replacing a Controller’s SNIB or SNIB2 by a SNIB3”.

2. If you have not yet done so, connect the controller to the network. For guidance, see “SNIB3 Network Configuration Options”.

3. If you have not yet done so, download the SNIB Configuration Tool to a PC which you will use to configure the SNIB3:

On that PC, download the SNIBConfigTool.exe file from the Identiv website. (Use your Web browser to go to the identiv.com/support page, click the Support: Hirsch Products link, click the SNIB3 - Documents and Downloads link, and click on the link to download the SNIB Configuration Tool.)

4. Connect that PC to the same network subnet as the SNIB3 being configured.

5. Locate and double-click the SNIBConfigTool.exe file.

6. On the resulting SNIB Hunt and Configure window:

a. Select one of these options:

• All Devices in network, to search for all SNIB2s or SNIB3s on this network subnet. (If a SNIB2 or SNIB3 is currently logged on, this utility will not detect it.)

• Specific Device in network, to search for a specific SNIB2 or SNIB3 on this network subnet. If you select this option, enter a search term such as an IP address in the text field which appears after this option. (This option works for both IPv4 and IPv6.)

b. Click the Search button.
c. From the resulting list of previously-undetected SNIB2s or SNIB3s displayed in the Devices list, double-click on the entry for the desired SNIB3, so its information appears in the subsequent fields on this window.

Note that the Device_IP_Address, Device_Subnet_Mask, and Device_Default_Gateway fields are specific to IPv4. The Device_IPv6_Multicast_Address, Device_IPv6_Address, Device_IPv6_Prefix_Len, and Device_IPv6_Gateway fields are specific to IPv6.

d. Enter the values required for this SNIB3 in the relevant fields. For example:

• In the Device_Hostname field, enter the SNIB3 name that the Velocity host will use to identify this SNIB3.

• In the Device_Port field, enter the network port number for this SNIB3. If you need to change this from the default value of 10001, then make sure to stay within the range from 1024 to 32767. Outside of this range, SNIB3 cannot communicate with the Velocity host.

• Enter the necessary IP address in either the Device_IP_Address field (for IPv4) or in the Device_IPv6_Address field (for IPv6).

• If you follow our recommendation to use static or reserved IP addresses, then clear the check box for the Enable DHCP Mode option.

e. Click the Send to Device button, to send the updated values to this SNIB3.
f. Click the Search button again, to verify that the SNIB3 has correctly received the updated information.
g. Record this SNIB3’s device hostname, port number, and IP address.
You will need this information to finish configuring the SNIB3 in Velocity.
h. When you are finished, click the Close button.

After you have used the SNIB Configuration Tool to assign the device hostname, port number, and IP address to a remote SNIB3, you must use Velocity to assign that SNIB3 to a new port.

To assign a remote SNIB3 to a new port on Velocity:

1.In Velocity’s Administration window, double-click the Add New XNET Port item.

The resulting Port Properties dialog varies according to whether your network is using IPv4 or IPv6 addressing. For IPv4 addressing:

For IPv6 addressing:

2. On the Port Properties dialog:
a. If necessary, for the ‘Network Type’ select either the IPv4 or the IPv6 option.
b. For the ‘Protocol’, select either the XNET2 or XNET3 option.
c. In the ‘Name’ field, enter the value you assigned as the Device_Hostname (when using the SNIB Configuration Tool).

d. In the ‘IP address’ field, enter the value you assigned as either the Device_IP_Address or the Device_IPv6_Address (when using the SNIB Configuration Tool).
e. In the ‘IP Port’ field, enter the value you assigned as the Device_Port (when using the SNIB Configuration Tool).
f. Make sure the ‘Enable this Port’ option is checked.
g. Click OK.

Velocity should then be able to find and monitor this remote SNIB3.

Velocity Server and Mx Controller SNIB3

The Velocity Server communicates with Mx Controller SNIB3 in the following ways:

• UDP

  1. The Server sends the discovery request to the Mx Controller through UDP broadcast on Port 19002.

  2. The Mx Controller listens for UDP packets on 19001.

  3. The controller responds to the server discovery and IP configuration requests through UDP broadcast on ports 19001 for IPv4 and 19003 for IPv6.

• TCP

  • The Server initiates and holds a TCP socket open with the server through Port 10001. The socket is long lived and should not be forcibly timed out or severed by a firewall.

Resetting SNIB3 Encryption Keys

After Velocity creates the encryption keys required for secure Host-to-SNIB3 communication, it continues to use those keys. If for some reason you need to change these keys, there are several ways to do it.

After you have reset the SNIB3’s encryption key to its default value (by setting SW2-1 to ON, recycling controller power, then resetting SW2-1 to OFF), you must perform the following steps to assign a new key:

1.In the Velocity Administration system tree, expand the DIGI*TRAC Configuration system folder until the master SNIB3 port you require appears.

2. Right-click on that SNIB3 port, and select Properties from the pop-up menu.

3. On the resulting Port Properties dialog, check the box for the ‘Reset encryption’ option, and then click OK.

This resets the encryption key at the Velocity host.

Resetting a SNIB3 to its Factory Default Values

A SNIB3 board can be reset to the factory default values for its encryption keys and network settings. To reset a SNIB3 board to have an IP address based on its unique MAC address, perform the following steps:

1. Set all four DIP switches in Switch Bank 2 to ON, and set all eight DIP switches in Switch Bank 3 to OFF.

2. Cycle power to the controller containing this SNIB3 board.

3. Watch the status LEDs on the SNIB3 board, to ensure that they display the Lamp Test start up pattern, and then display the following SNIB2/CCM Synchronization pattern:

4. Turn off power to the controller.
   You can then reconfigure the SNIB3 board as needed, using its DIP switches and Velocity.

Resetting CCM Blue Button

The CCM blue button on the Mx panel board can be reset to the factory default values and settings.

To reset the CCM blue button on the Mx panel other than the Mx-1 board, perform the following steps:

1. Press and hold the 'Blue button' in the Mx panel.

2. Test the LED blinking 15 times, and then the factory default procedure will begin.

3. 'Controller logged off,' and velocity event viewer displays the 'Controller offline' events.

4. LEDs will flicker in a clockwise pattern during the reset process.

5. Wait until the LEDs are steady (circular blinking pattern should disappear).

6. The user resets the encryption using Velocity if the Reset encryption dip switch is ON.

7. The Event Viewer displays the 'Encryption broken, poling halted' event.

8. If the Reset encryption dip switch is 'Off,' the panel will come online automatically; resetting Velocity encryption is unnecessary.

9. Once the Controller is online, the event viewer displays the 'Cold start detected' DIGI*TRAC Miscellaneous event.

10. If 'Download controller settings' and 'Download credentials' under Cold-start/CCM replacement options in Velocity Advanced settings are enabled, controller settings and credentials will be downloaded from the Velocity server to the CCM on Controller cold start. If not, the user must manually download the configuration and controller credentials.

Perform the following steps to reset the CCM blue button on the Mx-1 panel:

1. Press and hold the 'Reset Cred/Cfg button' in the Mx-1 panel.

2. The Alarm - Door LED(G5) blinks 15 times, and the factory default process begins. Refer to the image in this section below.

3. The Velocity event viewer displays the 'Controller logged off' and 'Controller offline' events.

4. LEDs will flicker in a clockwise pattern during the reset process.

5. Wait until the LEDs are steady (circular blinking pattern should disappear).

6. If the Reset encryption dip switch is 'ON,' the user must reset the encryption using Velocity.

7. The Event viewer displays the ''Encryption broken, poling halted' event.

8. If the Reset encryption dip switch is 'OFF,' the panel will come online automatically; resetting Velocity encryption is unnecessary.

9. Once the Controller is online, the event viewer displays the Cold start detected' DIGI*TRAC Miscellaneous event.

10. If 'Download controller settings' and 'Download credentials' under Cold-start/CCM replacement options in Velocity Advanced settings are enabled, controller settings and credentials will be downloaded from the Velocity server to the CCM on Controller cold start. If not, the user must manually download the configuration and controller credentials.
    
    

    
    Holding the reset button for a few seconds has the following purposes:

• One second - Resets any active alarm relay. Clears the alarm buffer.

• Five seconds - Resets System Code to 123. Resets ScramblePads to original programming parameters.

• Thirty seconds - Resets System. Clears all memory and returns all values to factory default.

Resetting the Encryption keys on Velocity to Default

If the master SNIB2 or SNIB3 is reassigned, fails, or swapped, or the panel is power recycled, the encryption keys on Velocity must be reset to default.

The encryption key stored in the SNIB2 or SNIB3 will differ from that in the Velocity configuration, which breaks Encryption. To resolve this problem, you will have to reset the Encryption on the master SNIB2 or SNIB3 and then reset the Encryption of the port in Velocity.

This Checkbox is active and available only if it is a SNIB2 or SNIB3 running in XNET 2 or XNET 3 protocol.

To reset the keys on the Velocity application, follow these steps:

1. On the SNIB2\SNIB3 board, turn ON switch one on bank 2 (SW2).

2. Recycle the power on the controller.

3. Turning switch one on bank 2(SW2) to OFF resets the encryption key to its default value.

4. Go to Velocity and right-click on the SNIB2\SNIB3 port you just reset.

5. Select Properties. Check the Reset Encryption checkbox and Click OK.

6. The reset AES encryption confirmation dialog box pops up.

7. Click OK.
   
   

   After resetting the Encryption for SNIB2 or SNIB3, Velocity, and the master SNIB2 or SNIB3 agree on a randomly selected encryption key, then resume polling. Once polling resumes, the 'Reset encryption' box is automatically unchecked. The selected SNIB2 or SNIB3 now normally resumes XNET 2/XNET 3 encryption.

Controller and SNIB3 LED Diagnostics

The SNIB3 has three pairs of LEDs that show you how the SNIB3 is communicating with the Velocity Server.

Special Light Patterns at Startup

At startup, the following pattern may be observed:

This indicates the SNIB3/CCM Synchronization. This pattern repeats until the CCM and SNIB3 are synchronized. This light pattern should not persist longer than four minutes if there are no memory expansion boards on the controller.

Light Patterns for Normal Operation

This table illustrates the various light patterns displayed during normal operation for SNIB3s:

Like the SNIB2, the SNIB3 also causes certain changes to the way the controller LEDs display, as shown below: