Setting up the WI-Q Gateway with PremiSys
With the release of PremiSys version 4.8, support has been added for communication between the LP-4502 and BEST Wi-Q gateway.
- Maximum 64 Wi-Q Locks per Wi-Q Gateway
- Maximum 10 Wi-Q Gateways per LP-4502
- Maximum 64 locks per Mercury Panel Including Onboard readers
In order to set up the Dormakaba wireless locks to work with PremiSys we first have to make sure we have the required components:
1. PremiSys software version 4.8 or higher.
2. Mercury LP-4502 with OverWatch firmware 1.30.2.665 loaded.
3. Best Wi-Q Gateway FW 4.1.1.7
LP-4502 Setup and Configuration
You will need to program the 4502 controller(s) and set it up in the PremiSys Software. You will then load the Over-Watch package and create an Over-Watch Username and Password on the controller. The controller will then be enabled to communicate securely with the Wi-Q gateway.
Click below to expand the step-by-step instructions.
Programming the LP4502 and adding the LP4502 in PremiSys.
***Note If the 4502 was purchased through Matrix the default address is 192.168.10.20 and uses port 6005. Controllers purchased elsewhere will be subject to OEM licensing fees***
2. Log in to PremiSys and add the LP4502 Controller to a new site. The controller in the drop-down is PREM-CTRL4502LP
3. You want to make sure the controller is online and you can download it. Take note of the controller's IP Address.
4. Reset and download the controller through PremiSys.
Click below to expand the step-by-step instructions.
Loading the Overwatch into LP4502 and Creating the Over-Watch Username
Click here to download the PremiSys Overwatch Package, this file is also located on the Firmware download page.
1. Login to the LP4502 Web Configuration Manager Page.
2. Click on the diagnostic tab on the left-hand menu.
3. Under the Update Firmware - Click Browse and select the Overwatch Package you have downloaded. Next, Click Load file. The overwatch firmware will now install on the board. The board will reboot when finished.
4. Log back into the LP4502 again and look for the Overwatch tab at the bottom of the left menu.
5. Click the Overwatch tab. Leave the Broker configuration set for Port 1883. Below in the New User section, Create a Username and a Password. Confirm your Password and click Add User. The user will be added to the Authorized Users section. ***Note: The Username and Password are case sensitive.***
IMPORTANT****Make sure you remember the username and password you create. The Username and Password are case sensitive. You will use the Overwatch User in the Wi-Q gateway setup and the PremiSys setup as well.
6. After you create the Overwatch user and you see it in the Authorized User list. Click the Apply Settings tab. Click the Apply Settings, Reboot button.
Obtaining the Certificate from your LP4502 Panel.
We will need to obtain the certificate from the LP4502 and load it into the gateway later on. This makes the connections between the controller and the gateway secure.
Click one of the browser instructions below.
Using Google Chrome browser to obtain the Mercury Certificate.
2. This will open the certificate, click the Details tab at the top of the window. Click Copy to File...
3. The Certificate Export Wizard page opens, Click Next.
4. Select the Base 64 encoded x.509(.CER) option and click Next.
5. Browse to where you would like to save the certificate file and name it: PremisysCert.cer Click Save.
6. It will show you the name of the file and the file path where the certificate is going to save. Click Next.
7. It will show you the settings you have selected. Click Finish.
8. The export is successful.
Keep the certificate file handy as we will need it to setup the Wi-Q Gateway to acheive successful secure communications to the LP4502
Using Microsoft Edge browser to obtain the Mercury Certificate.
1. Open Microsoft Edge and browse to your LP4502's IP Address. Once on the splash screen click Not Secure between the red triangle and the IP address on the address bar. Next Click Your connection to this site isn't secure.
2. Click the certificate icon on this window. Shown in the red box in the image below.
3. This will open the Certificate, click the Details tab at the top of the window. Click Copy to File...
4. The Certificate Export Wizard page opens, Click Next.
5. Select the Base 64 encoded x.509(.CER) option and click Next.
6. Browse to where you would like to save the certificate file and give it a name. Click Save.
7. It will show you the name of the file and the file path where the certificate is going to save. Click Next.
8. It will show you the settings you have selected. Click Finish.
9. The export is successful.
Keep the certificate file handy as we will need it to setup the Wi-Q Gateway to acheive successful secure communications to the LP4502
Wi-Q Gateway Setup and Configuration
You will need to set up the Wi-Q Gateway and configure the network settings. You will then configure the Over-Watch connection to the LP4502 and load the security certificate file you created earlier.
IMPORTANT! (The Wi-Fi connection cannot be used to wirelessly connect the Gateway to a customer network for use with the Access Control Software.) The Wi-Fi radio is used to configure the Gateway and the Ethernet connection is for communication on the customer’s network.
Click your setup method
Setting up the Wi-Q Gateway via WI-FI Connection
1. Power up the Wi-Q gateway. Connect the power supply to the Gateway and plug the transformer into a wall outlet if Power over Ethernet is unavailable. The gateway will start flashing a purple light as its booting up. The light on the front will show solid red when the gateway bootup is complete. See below for a complete list of the various LED indications and what they mean.
2. Insert the Ethernet cable into the Ethernet connection at the underside of the Gateway.
IMPORTANT! (Ethernet Connection Required -The Wi-Fi connection cannot be used to wirelessly connect the Gateway to a customer network for use with the Access Control Software.) The Wi-Fi is only used for the configuration setup.
3. Push the Wi-Fi enable button on the side of the WI-Q Gateway. The Gateway is equipped with a wireless network used to access the Gateway and configure it.
4. Using a laptop, phone, or tablet that is Wi-Fi enabled, open the Wi-Fi settings and look for the WI-Q SSID network.
NOTE: The Gateway’s last 6 of the MAC address will correlate to the Wi-Fi SSID (connection name) and more than one portal’s wireless network may appear in the list at a time.
Example ---> Mac address of new Gateway: 0014F52090F3
Wi-Fi SSID to use: WiQ-2090f3
Click on the network for the portal that is to be configured.
5. Click connect on the Wi-Q SSID you are configuring. You will be prompted for a password the first time connecting to WI-Q SSID. The password is password all lower case.
6. After you are connected to the Wi-Q SSID. Open a web browser and go to 192.168.3.200 The Wi-Q Portal Gateway screen opens. Login with the default Wi-Q username and password and click the Login button.
Wi-Q Default Username: admin
Wi-Q Default Password: password
7. After the first-time log in you are required to change the default password for security reasons. Click the red pencil next to the username or password to change them. Type the original password and then create your new password. The new password MUST be between 8-63 characters. Only the password is required to be changed. You can change the username if desired. Next, click the UPDATE button after the password has been changed.
8. Confirm the update of the password, click UPDATE. It will show the changes were successful.
9. The Wi-Q gateway will reboot and you have to reconnect your Wi-Fi connection with the new Wi-Q password you created. Open the network connections and connect to The Wi-Q SSID once again, enter the new password once prompted.
10. Once Connected back to Wi-Q SSID open the browser and go back to the default Wi-Fi IP address 192.168.3.200. Login to the Wi-Q Portal gateway with the new password and username if you created a new one.
11. The gateway Status screen will load after logging in. Click the Gateway Icon on the top menu.
12. On the Gateway screen you are required to configure an IP address, subnet, and default gateway. The portal service port should be set for PORT:8000 Click the SAVE button at the bottom after changing your IP settings.
13. The following changes will be applied in this update. Showing the IP changes. Click the UPDATE button. You will be logged out of the config page. Go back to your Wi-Fi and disconnect from the Wi-Q network SSID. In a web browser on a network-connected PC go to the IP address you just assigned. You must log back into the newly assigned IP address to continue configuring the gateway.
14. After you can log in with the IP address you assigned go to the next step in this tutorial configuring Wi-Q the Overwatch connection.
Setting up the Wi-Q Gateway via LAN Connection
2. Insert the Ethernet cable into the Ethernet connection at the underside of the Gateway.
IMPORTANT! (Ethernet Connection Required -The Wi-Fi connection cannot be used to wirelessly connect the Gateway to a customer network for use with the Access Control Software.) The Wi-Fi is only used for the configuration setup.
3. The Gateway may initially be configured via wired Ethernet using the default Ethernet IP (192.168.1.200), which is displayed on the bottom of the Gateway. After the Gateway IP address is configured the new Gateway IP address can now be used to connect to the Gateway web interface.
4. You will have to assign an IP address to your network adapter, and assign your computer 192.168.1.100. Plug the ethernet cable into the computer and the other end into the Wi-Q gateway.
Open a web browser and go to the default IP Address: 192.168.1.200 The Wi-Q Portal Gateway screen opens.
5. Login with the default Wi-Q username and password and click the Login button.
Wi-Q Default Username: admin
Wi-Q Default Password: password
6. After the first-time login you must change the default password for security reasons. Click the red pencil next to the username or password to change them. Type the original password and then create your new password. The new password MUST be between 8-63 characters. Only the password is required to be changed. You can change the username if desired. Next, click the UPDATE button after the password has been changed.
7. Confirm the update of the password, click UPDATE. It will show the changes were successful.
8. Login back into 192.168.1.200 with the new password and username if you created one.
9. The gateway status screen will load after logging in. Click the Gateway Icon on the top menu.
10. On the Gateway screen you must configure an IP address, subnet, and default gateway. The portal service port should be set for PORT:8000 Click the SAVE button at the bottom after changing your IP settings.
11. The following changes will be applied in this update. They are showing the IP changes. Click the UPDATE button.
12. Plug the WI-Q gateway back into the customer's ethernet network. Open a web browser and go to the IP address you assigned. After the Gateway's IP address is configured the new Gateway IP address can now be used to connect to the Gateway web interface. Note: 192.168.1.200 will no longer work after assigning the IP address or DHCP.
13. After you can log in with the IP address you assigned go to the next step in this tutorial configuring Wi-Q Overwatch connection.
Click below to expand the step-by-step instructions.
Configuring the Wi-Q Overwatch Connection and Loading the Certificate.
1. Login to the Wi-Q portal gateway with your custom IP Address. The Status screen loads, click the INTERFACE icon.
a. You will check Enable Mercury Mode. Mercury Mode Changed pop-up window will appear. Click close.
b. Enter your LP-4502 IP address.
c. Enter Port 1883 for the Port.
d. Enter your Overwatch Username.
e. Enter your Overwatch Password.
f. Click Update.
2. Confirm the changes and Click Update. The Wi-Q gateway will reboot and will be offline for 2 to 3 minutes after enabling Mercury mode and adding your settings.
3. Login back into the Wi-Q gateway portal with your custom IP address. Click the Interface Icon again. Check the Enable SSL checkbox and click Load Certificate.
4. Click Browse
5. Browse and select the certificate file you created earlier.
6. The select the certificate file to be applied window will open. Click Apply.
4. You can confirm it loaded properly by looking at the Current Certificate beside Subject: You will see the MAC Address of the LP4502 Controller if the certificate is loaded properly.
Configuring the PremiSys Software.
You will now have to configure PremiSys software. You will add the WI-Q gateway as an I/O board, and add and configure the lock in the PremiSys software. You will then connect the Lock in the Wi-Q portal.
Setting up PremiSys Software for OverWatch and Adding the Wi-Q gateway as an I/O board.
2. Now you will add the WI-Q gateway as an I/O board. Right-click the I/O folder under the 4502 controller and add I/O Board.
3. Name the Wi-Q gateway and then select WI-Q Gateway as the I/O board type. Select an MSP port. Port 1 or 2 may be used. Add the MAC address of the Wi-Q gateway with no spaces or dashes. Click OK. The MAC Address can be found on the WI-Q gateway status page or the LAN MAC on the underside of the gateway. ***Note after adding the WI-Q gateway on an MSP port the MSP port is locked down to only adding another Wi-Q gateway.***
4. Click the reader(s) folder under the Wi-Q gateway you just added you will notice 64 readers have been added under the Wi-Q gateway.
5. Reset and download the controller. The light on the Wi-Q gateway should turn green if all the settings are correct. You can confirm your connection in the Wi-Q gateway portal. Log in to the Gateway IP Address and go to the interface icon. You will see the connection status at the top, If the status is Green the connection is established.
Gateway green on successful connection.
You can also confirm the connection in the Wi-Q portal under the Interface Icon.
The OverWatch connection is complete you can now add a reader in PremiSys.
Adding the Lock in PremiSys and Obtaining the ACR ID of the door.
1. Login into PremiSys go to Tasks - Hardware Configuration and click on the Door(s) folder under you LP-4502 you added. Right-click the doors folder and select Add Door.
2. The door window will open. Give the door a name, and select the reader from the dropdown under Primary Reader Configuration. You may choose any of the 64 readers available on that gateway.
3. Click the format tab and enable the card format for the door.
4. Click OK at the bottom of the window and the door is added.
5. Obtain the ACR ID from the door. Right-click the door that was just added and select properties. In the Properties you will see ACR ID you will need this when you connect the lock in the Wi-Q interface.
6. Add the door(s) to an Access Group. Open Tasks - Hardware Configuration - Globals Tab - Access Groups folder. Add a time zone to the lock you just configured.
Connecting the lock in the Wi-Q gateway interface.
1. Login to the Wi-Q gateway and click on the status tab.
2. You will see the current sign-on key take note of the current sign-on key on the status screen. You need the key to program the lock on the keypad.
3. You will now go to the lock and press 1234# the door should unlock. This shows the lock is in factory default mode and ready to be connected to the Wi-Q gateway. Now you will press the on the keypad 5678# you will then enter the sign-on key and #
You would press 5678#313678# this is if 313678 was your sign-on key.
4. The lock will do a series of flashes and you will hear 3 beeps confirming the gateway connected to it. This may take a minute or two. If it does not connect the first time give it a minute and try again.
5. On the WI-Q page go to the CONTROLLERS tab. You should see the lock in the list of connected controllers. It will show Status, ACR ID, Description, MAC Address firmware, and Actions. You will see a yellow status for the lock you just connected to the Wi-Q gateway via the keypad.
6. Click the ACR ID box and enter the ACR ID you got from the properties of the door in the PremiSys hardware configuration.
6. Click the green check box Next to the ACR ID value to save. You will receive a pop-up about changing the ACR ID. Click Confirm.
7. Log into the PremiSys software again and Download the LP4502 Controller.
8. After a few moments the status of the lock/controller should turn green in the Wi-Q portal. This shows the lock is ready to accept card or PINs if using them.
Enabling a Keypad reader to work in PremiSys.
There are four components of setting up a keypad reader.
A. Setup the PIN Digits in the Card Database
B. Enable the reader to accept PINs
C. Set the Door Mode - for example, PIN only, Card and PIN, Card or PIN.
D. Assign the PINs to Cardholders
You will have to enable the PIN digits in the Cardholder database that gets downloaded to the controller.
1. First you will check what card database is assigned to the controller. While logged into PremiSys, click Tasks - Hardware Configuration - Hardware Tab - Right-click the LP4502 controller and select edit controller.
2. The Controller configuration window opens up. Click the Card Database tab. Take note of the Card Database name and click OK.
3. Now you need to make sure to enable PIN digits in the card database. Open the Card Database by clicking Tasks - Hardware Configuration - Access Settings Tab - Card Database(s) folder. You will see the Card Database you just took note of, right-click the card database and select edit.
4. The Card Database Window opens up, on the Card Number Info Tab, look for PIN Digits. Enter the number of digits you would like the system to use for PINs. Using 4 digits is pretty standard, the max is 15 digits. Click Ok to close the Card Database window.
5. Enable the reader port in PremiSys to use a keypad. While logged into PremiSys, click Tasks - Hardware Configuration - Hardware Tab. Expand the tree to the Wi-Q gateway. Expand it and click the Readers folder. On the right-hand side of the window, you will see the readers. Right-click and select edit on the reader you would like to enable.
6. On the righthand side of the window you will see the readers. Right-click and select edit on the reader you would like to enable.
7. The reader properties window opens. Click the Keypad Mode dropdown box, and Select HID 4-bit keypad format. Click OK.
8. Next you will set the door mode on the door. You need to edit the door by clicking, Tasks - Hardware Configuration - Hardware Tab. Expand the Door(s) folder under the controller you are working with. Double-Click the Door you would like to change the mode.
9. The door properties window opens, under the modes section on the reader tab, click the dropdown for Default Mode: Select the mode. Click Ok to close the Door properties window.
There are multiple door modes you may choose from. The image below describes these door modes.
10. Add a PIN to a Cardholders record. Open the Navigator and open a cardholder record. Right-click and select edit card on the card number in the card configuration section at the bottom. The Card Properties window opens up. Under the Card Options tab click the check box next to PIN Number and enter the PIN for that cardholder. Click Ok to close the Card Properties window.
11. Click the Save icon at the top to save the changes and send them to the panel.
After the lock is set up and functioning it is recommended to create a Manager card and a Programming card
PremiSys Wi-Q - Setup and Usage of Manager Mode - A cardholder with Manager authority is always allowed access to a reader regardless of the current operating mode. In addition to unlocking a “locked” door, a Manager can change the current operating mode at a door lock with a keypad.
PremiSys Wi-Q - Setup and Usage of Programmer Mode - A cardholder with Programmer authority is always allowed access to a reader regardless of the current operating mode. In addition to unlocking a “locked” door, a Programmer can perform a motor test or various reset operations.