You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
The acre security offices are closed September 4th, 2023 in observation of Labor Day.
announcement close button
Home > Access It! > Integrations > Locksets > BEST > BEST Wi-Q Locksets
BEST Wi-Q Locksets
print icon
Apr 18, 2023

Overview

With the release of Access It! v7.3, support has been added for communication between the LP-4502 and BEST Wi-Q gateway. Communication between the devices is done via the CIA (Controller Interface API) protocol.

  • Maximum 62 Wi-Q Locks per Wi-Q Gateway
  • Maximum 62 locks per Mercury Panel
  • When determining how many LP4502 panels will be needed to support a Wi-Q system, please consider the total credentials associated with locks downstream of the LP4502 panel
    Maximum Credential Count Per LP4502 200 400 1000 4000 8000 16000
    Maximum Supported Gateways Per LP-4502 12 10 6 4 3 2

Access It! Licensing

The following licensing option must be enabled within the Access It! License and is a per lock count license.

  • BEST Wi-Q Lock Count - 1/x

Required Components

The following components are required to complete the integration.

  • Access It! min s/w v7.3
  • LP-4502 with Over-Watch add-on min f/w v1.292
  • BEST Wi-Q Gateway pre-programmed with an IP address min f/w v4.1.0.7
    Consult BEST documentation for IP address programming.

Primary LP-4502 Configuration

Over-Watch Software

The Panel Utility is required to download the necessary firmware file. To obtain the firmware required for the Over-Watch service contact Access It! Technical Support.

  1. On the LP-4502 set S1 - Configuration DIP Switch DIP 2 ON
  2. Apply power to the LP-4502 controller
  3. Manually configure a computer to 192.168.0.100
  4. Using a crossover cable, connect computer to the on-board NIC of the LP-4502
  5. Open the Panel Utility (Start | Programs | Access It! | Client Utilities)
  6. Click the Attach button
  7. Select model LP-4502 96Mb
  8. Select Comm Type TCP/IP
  9. Select Address 0
  10. Enter IP Address 192.168.0.251
  11. Select TCP Port 3001
  12. Click OK
    Once connected, the lower right icon will report Online
  13. Select Download SCP Firmware
  14. Navigate to the Over-Watch firmware
  15. Click Open
  16. Wait 90 seconds for firmware download to complete
  17. Click Detach

LP-4502 Web Browser

  1. On the LP-4502 set S1 - Configuration DIP Switch DIP 2 ON
  2. On the LP-4502 set S1 - Configuration DIP Switch DIPs 1, 3 & 4 OFF
  3. Apply power to the LP-4502 controller
  4. Manually configure a computer to 192.168.0.100
  5. Using a crossover cable, connect computer to the on-board NIC of the LP-4502
  6. Open a web browser and navigate to 192.168.0.251
  7. On the LP-4502 set S1 - Configuration DIP Switch DIP 1 ON
  8. Click Click Here to Login
  9. Click Continue to this website (not recommended).
  10. Enter a Username of admin
  11. Enter a Password of password
  12. Click Network from the left hand menu
  13. Under the section Interface 1, select Use Static IP configuration:
    • IP Address:
    • Subnet Mask:
    • Default Gateway:
  14. Click Apply
  15. Click Security Options from the left hand menu
  16. Select (check) Enable Encrypted Partition
  17. Click Save Configuration
  18. Click Auto-Save from the left hand menu
  19. Set the Card Database Size accordingly
  20. Click Over-Watch from the left hand menu
  21. Enter a valid Listening port and click Save Configuration
    Default port used is 1883.
  22. Enter a username/password to be used by the Over-Watch service
  23. Click Add User
  24. Click Load Certificate from the left hand menu
  25. Confirm the Issued To field begins with "MAC", if not then proceed with these steps and then follow the Loading Certificate Section
  26. Confirm the Issued By field is "Mercury Security Certificate Signer Root CA", if not then proceed with these steps and then follow the Loading Certificate Section
  27. Confirm the Valid Time field ends in a year greater than 2040, if not then proceed with these steps and then follow the Loading Certificate Section
  28. Click Apply Setting from the left hand menu
  29. Click Apply, Reboot button
  30. Wait 60 seconds for LP controller to reboot
  31. Remove power from the LP controller
  32. Set all S1 - Configuration DIP Switch DIPs OFF
  33. Apply power to the LP controller

Loading Certificate
The following steps are only required when variables in steps 25, 26, or 27 with the LP-Web Browser settings indicate a non-standard certificate.

A customer generated certificate/key pair must be used. A valid certificate/key pair is available from ACRE or by dormakaba upon request. The certificate can be loaded to the LP-4502 via the Panel Utility which is located off of the start menu of every Access It! installation. The Panel Utility is also available as a standalone executable within the RS2 Technologies dealer portal.

  1. Open the Panel Utility
  2. Select Attach
  3. Set Panel Type to LP-4502
    Specific memory selections are irrelevant for this task.
  4. Set Comm Type to TCP/IP
  5. Set Address to 0
  6. Enter the IP address of the LP-4502
  7. Set port to 3001
  8. Set SIO port speed to 38400
  9. Click OK
    Panel will report Online in lower right hand corner when connected.
  10. Select Download Custom Certificate from the toolbar
  11. Navigate to the folder containing the PEM and CRT files
  12. Select the CRT file
  13. Click Open
    The certificate will install without any confirmation.
  14. Click Detach
  15. Close Panel Utility
  16. Power cycle the LP-4502

Access It! Configuration

  1. Install and configure the LP-4502 controller to communicate with Access It!
  2. Navigate to the Hardware menu
  3. Select SCPs
  4. Edit the LP-4502 controller
  5. Set Protocol to Controller Integration API for either port 4 or 5
  6. Select the Web Logins tab
  7. Click New
  8. Select the next valid Login number
  9. Select Login type Over-Watch login
  10. Enter the username and password for the Over-Watch service configured within this LP-4502's web configuration
  11. Enter the IP address of this LP-4502
  12. Enter the listening port of the Over-Watch service configured within this LP-4502's web configuration
  13. Select (check) the Enable controller integration API messages option
  14. Click OK
  15. Click Save
  16. Click Save
  17. Within the hardware tree, expand the LP-4502
  18. Select SIOs
  19. Edit the first available uninstalled SIO
  20. Assign SIO name as needed
  21. Set model to BEST Wi-Q Gateway
  22. Within the Unique ID field enter the MAC address of the Wi-Q gateway
    This can be found within the Wi-Q web interface.
  23. Select the Options tab
  24. Set number of readers as needed
  25. Click Save

BEST Wi-Q Gateway Configuration

  1. Login to the Wi-Q Gateway's web interface
  2. Select the Inerface tab
  3. Select (check) Enable Mercury Mode
  4. Enter the IP address of the LP-4502
  5. Enter the Over-Watch port
  6. Enter the username and password for the Over-Watch service configured within the LP-4502's web configuration
  7. Select (check) Enable SSL
  8. Click Use Mercury Certificate
  9. Click Update
  10. Click Update

Sign On/Pairing Lock to Gateway

Lock With Keypad

  1. Login to the Wi-Q Gateway's web interface
  2. Under Status note the current Sign On Key
  3. For each lock to sign on/pair, perform the following sequence
    • Enter 5678#
    • Within 3 seconds enter the 6 digit sign on key followed by a pound (#) sign
    • Sign-on is confirmed with a three tone increasing frequency beep1-beep2-beep3 and will then display in the Status page of the web interface.
      If sign-on fails it will be a three tone with decreasing frequency.

Lock Without Keypad

  1. Login to the Wi-Q Gateway's web interface
  2. Create a sign-on card
    The raw card number should be entered. For magstripe this is the full decimal number and for prox cards enter the complete octal card representation.
  3. Using the temporary card that came with the lock, present it followed by the sign-on card to begin the sign-on process
    If sign-on fails it will be a three tone with decreasing frequency.

Assigning Reader Numbers to Locks

  1. Within Access It!, navigate to the hardware tree and select Installed Readers
  2. If the column ACR Number is not displayed, add it by right clicking in the readers grid and selecting Column Chooser
    Columns are added by double clicking or drag-and-drop.
  3. For each BEST Wi-Q reader/lock, note the ACR number
  4. Login to the BEST Wi-Q gateway
  5. Select the Controllers tab
  6. For each lock, select edit within the ACR ID column and select the readers ACR number
  7. Click the green check mark to save settings
  8. Select Confirm

More Information

For more on configuring the BEST Wi-Q gateway, please refer to the WI-Q™ Mercury Setup And User Guide.

Troubleshooting

WQXM-PG Interface page shows no communication status message/color

  • Validate the Over-Watch configuration
  • Ensure matching certificate is used between LP-4502 and Wi-Q gateway
  • Press UPDATE after making any configuration changes on the Interface page

WQXM-PG Interface page reports Connection Missing

This indicates that the gateway cannot communicate with Over-Watch on the LP4502 panel. Things to check during this state include:

  • Panel power and network connectivity
  • Gateway network connectivity
  • Ensure that Over-Watch is installed and configured on the LP4502 panel
  • Validate that the Over-Watch configuration in the WQXM-PG Interface page matches exactly what is configured in the LP4502
  • Validate the IP address configured for Over-Watch in the WQXM-PG Interface page matches the IP address of the LP4502 panel
  • Ensure that both the WQXM-PG and the LP4502 panel are configured with the same certificate – either the default or the customer/dormakaba provided.
  • Ensure port 1883 (or the configured port) is open on the customer network
  • Ensure the IP addresses for the WQXM-PG and the LP4502 panel are either on the same subnet or the customer network allows routing between the subnets.

With WQXM-PG firmware version 4.1.0.9 or later, the TEST CONNECTION button can be used to assist with basic connectivity. When the button is pressed, the gateway will validate that the IP address and the port of the LP4502 panel are reachable. One of three responses will be shown:

  • Action Successful – Connection is available: This indicates that the IP address and port are good. The communication status should change to Yellow – Connection In Progress when this configuration is used.
  • Action Error – Ping Failure. Check IP Address.: This indicates that the specified IP address of the LP4502 panel could not be reached. Check that the LP4502 panel is powered on, connected to the network, configured with the correct IP address, and ensure the IP addresses for the WQXM-PG and the LP4502 panel are either on the same subnet or the customer network allows routing between the subnets
  • Action Error – Bad or Blocked Port. Check Port Number.: This indicates that the specified port number could not be accessed. Check that the port number entered matches the port number configured in the LP4502 panel Over-Watch page. Ensure that the customer network is not blocking this port. Ensure that the specified IP address is for the LP4502 panel and not for some other device on the customer network.
close button
scroll to top icon