µFR Nano Online Log and Access Control Mode #
How to enable log mode? #
- Log in to the µFR Online Log and Access Control Module Online WEB configurator GUI.
- Enable Master mode if it is not already enabled.
- Click the Save and Restart option to apply the changes.
- Enable log mode (only visible after the Master mode is enabled)
How to enable access control mode? #
- Log in to the µFR Online Log and Access Control Module Online WEB configurator GUI.
- Enable Log mode.
- Enable Access Control mode (only available if log mode is previously enabled).
- Turn off µFR Online from the power supply
- Connect the Access control board.
- Turn on µFR Online from the power supply
***Access control mode has to be enabled before the access control board is connected.
Access control mode additional options #
- Relay pulse time: How many milliseconds relay outputs square wave pulse
- Relay pulse frequency: Square wave output frequency in Hz
- Relay pulse power: Square wave output power (duty cycle)
- Relay active time: How many milliseconds to stay output high after a square wave pulse
Use cases #
This section will describes two primary use case scenarios.
Log mode without access control #
Enable log mode and ensure that access control mode is disabled.
- Navigate to the log mode section and click the Edit button.
- Enter the Log server host URL.
- Click the Save button.
- Click on the Save and restart button.
- Log mode is now ready to use.
The table below will describe which cards are allowed or denied based on blacklist or whitelist.
Scenario | Allowed / Denied |
Blank both, the whitelist and the blacklist | All cards are allowed |
Whitelist blank and blacklist not blank | All cards except blacklisted ones are allowed |
Whitelist not blank and blacklist blank | Only whitelisted cards are allowed |
Both whitelist and blacklist are not blank | Only whitelisted cards that are not blacklisted are allowed |
Exclusive whitelist enabled | Only whitelisted cards that are not blacklisted are allowed (In pro mode, only whitelisted company cards are allowed except blacklisted) |
If a card is allowed, the reader will beep once and the green light will be turned on. If a card is denied, the reader will not beep and the red light will be turned on. |
Log mode with access control #
Enable log mode and make sure that access control mode is enabled.
- Navigate to the log mode section and click the Edit button.
- Enter the Log server host URL.
- Click the Save button.
- Click on the Save and restart button.
- Log mode with access control is now ready to use.
Scenario | Allowed/Denied |
Blank both whitelist and blacklist | All cards are denied (In pro mode, all company cards are allowed) |
Whitelist blank and blacklist not blank | All cards are denied (In pro mode, all company cards are allowed except blacklisted) |
Whitelist not blank and blacklist blank | Only whitelisted cards are allowed (In pro mode, all company cards are allowed except blacklisted) |
Both whitelist and blacklist are not blank | Only whitelisted cards that are not blacklisted are allowed (In pro mode, all company cards are allowed except blacklisted) |
Exclusive whitelist enabled | Only whitelisted cards that are not blacklisted are allowed (In pro mode, only whitelisted company cards are allowed except blacklisted) |
If a card is allowed, the reader will beep once and the green light will be turned on. Also, the access control board will trigger a relay, beep once and turn on the external LED ring. If a card is denied, the reader will not beep and the red light will be turned on. Also, the access control board will turn on the external LED ring. |
The table below will describe which cards are allowed or denied based on blacklist or whitelist.
How to wire the access control board? #
There is also a premade cable for connecting µFR Online and the Access control board.
NOTE: Access control mode must be enabled before the control board is connected, otherwise beeper will be enabled all the time.
In-reader log format #
All log events are stored in human-readable JSON format.
Example of the log stored in µFR Online reader:
{“log”:[ {“id”:1,”uid”:”11223344″,”time”:”2022-08-15 06:56:02″,”delta”:16,”type”:0,”reader”:1,”status”:0}, {“id”:2,”uid”:”AABBCCDD”,”time”:”2022-08-15 06:56:04″,”delta”:18,”type”:0,”reader”:1,”status”:2} ]} | |
JSON key/node name | Description |
log | Main parent node that contains log events |
id | Unique auto-increment log event id |
UID | Card unique ID |
PID | Personal ID. Only available in Pro mode |
time | Log event date/time in UTC format |
delta | Time difference between two log events |
type | Always 0, reserved for future use |
reader | 1 if the internal reader has read the card or 2 if external |
status |
|
In-reader whitelist/blacklist format #
Whitelist and blacklist are stored in human-readable JSON format.
Example of whitelist stored in µFR Online reader:
{ “whitelist”:[“11223344”, “AABBCCDD”], “timestamp”:1660492955 } | |
JSON key/node name | Description |
whitelist | A Node that contains whitelisted UIDs in comma-separated format |
timestamp | Currently stored whitelist timestamp |
Example of blacklist stored in µFR Online reader:
{ “blacklist”:[“11223344”, “AABBCCDD”], “timestamp”:1660492955 } | |
JSON key/node name | Description |
blacklist | A Node that contains blacklisted UIDs in comma-separated format |
timestamp | Currently stored blacklist timestamp |
Log and access control mode flowchart #
There are two main events in log and access control mode.
Card read event #
Reader/Server synchronization (every 60 seconds) #
HTTP(S) server request and response protocols #
Real-time event protocol #
Real-time events are sent to the server in human-readable JSON format. Example of a real-time event request from a reader to a server:
Reader HTTP(S) request to a server | |
{ “rte”: [{ “id”:83,pid”:10,uid”:”AABBCCDD”,”time”:”2022-08-16 07:45:01″,”delta”:89349,”type”:0,”reader”:1,”status”:1 }], “whitelist_timestamp”:1660492955, “blacklist_timestamp”:1660492955 } | |
JSON key/node name | Description |
RTE | Parent node that contains real-time event |
For more information about the RTE child node read in-reader log format | |
whitelist_timestamp | Current in-reader stored whitelist timestamp |
blacklist_timestamp | The current in-reader stored blacklist timestamp |
Readers’ serial numbers, IP addresses, and firmware versions are sent in the HTTP POST header as “OSN”, “SN1” “SN2”, “IP”, “FW”, “FW1”, “FW2” |
Server HTTP(S) response to the reader | |
{ “last_id”:79, “time”:1660636893, “blacklist”:[“AABBCCDD”], “blacklist_timestamp”:1660636882, “whitelist”:[“11223344”], “whitelist_timestamp”:1660636882, “update_fw”:[“2.8.2”, “5.0.71”, “5.0.70”] } | |
JSON key/node name | Description |
last_id | Last log event id that is stored on the server. The reader will send all log events that have an ID larger than last_id |
time | Optional. If the server timestamp is sent, the reader will sync internal RTC time with a server time |
blacklist | Optional. If a server blacklist is sent, the reader will replace the currently stored blacklist with a newly received one. |
blacklist_timestamp | This parameter is mandatory if a blacklist is sent. the reader will replace the currently stored blacklist_timestamp with a newly received one. |
whitelist | Optional. If a server whitelist is sent, the reader will replace the currently stored whitelist with a newly received one. |
blacklist_timestamp | This parameter is mandatory if a whitelist is sent. the reader will replace the currently stored whitelist_timestamp with a newly received one. |
update_fw | This parameter is optional. It contains requests to update in reader firmware. If this parameter is sent, the reader will trigger the firmware update procedure. The first element contains µFR Online firmware, the second contains the UART1 reader and the third contains the UART2 reader. If the array element is an empty string, the update will not be triggered. |
Log event protocol #
Log events are sent to the server in human-readable JSON format.
Example of a real-time event request from a reader to a server:
Reader HTTP(S) request to a server | |
{ “log”: [{ “id”:83,pid”:10,uid”:”AABBCCDD”,”time”:”2022-08-16 07:45:01″,”delta”:89349,”type”:0,”reader”:1,”status”:1, “id”:84,pid”:10,uid”:”AABBCCDD”,”time”:”2022-08-16 07:45:01″,”delta”:89349,”type”:0,”reader”:1,”status”:1 }]} | |
JSON key/node name | Description |
log | Parent node that contains an array of log events |
For more information about the log, child node read in-reader log format |
Log event will be sent whenever the “last_id” parameter is received from the server (Real-time event response or reader/server synchronization response).
Reader/Server synchronization protocol #
Log events are sent to the server in human-readable JSON format.
Example of a real-time event request from a reader to a server:
Reader HTTP(S) request to a server | |
{ “whitelist_timestamp”:1660636882, “blacklist_timestamp”:1660636882 } | |
JSON key/node name | Description |
blacklist_timestamp | Current in-reader blacklist timestamp |
whitelist_timestamp | Current in-reader whitelist timestamp |
PHP and MySQL server script #
There are prebuilt PHP and MySQL scripts that can be hosted on the server. It is made to easily implement the server-side part of log and access mode. It can handle real-time events, log events, and reader-server synchronization requests.
MySql database structure #
“events” table | |
Column name | Column description |
id | Unique log event id |
UID | Card UID |
PID | Personal id. Can be used to identify the same user with multiple card UIDs |
time | Event timestamp |
delta | Time difference between the two events |
type | Always 0, reserved for future use |
status | Event status |
OSN | µFR Online serial number |
sn1 | Internal connected µFR NFC reader serial number |
sn2 | External connected µFR NFC reader, serial number |
reader, |
|
RTE |
|
“readers” table | |
Column name | Column description |
OSN | µFR Online serial number |
descriptor | µFR Online reader descriptor. Default is empty |
sn2 | External connected µFR NFC reader serial number |
whitelist_on_server | Timestamp of last modified whitelist on the server. Automatically updated by user_after_update trigger |
whitelist_in_reader | Timestamp of whitelist stored in the reader. Automatically updated by HTTP POST sent by reader |
blacklist_on_server | Timestamp of last modified blacklist on the server. Automatically updated by user_after_update trigger |
blacklist_in_reader | Timestamp of blacklist stored in the reader. Automatically updated by HTTP POST sent by reader |
IP | Timestamp of blacklist stored in the reader. Automatically updated by HTTP POST sent by reader |
online_firmware | Current µFR Online firmware version. Automatically updated by HTTP POST sent by reader |
reader1_firmware | Current µFR on the UART1 firmware version. Automatically updated by HTTP POST sent by reader |
reader2_firmware | Current µFR on the UART2 firmware version. Automatically updated by HTTP POST sent by reader |
requested_online_firmware | If this field is populated and is different from online_firmware, an update request will be sent to the reader |
requested_reader1_firmware | If this field is populated and is different from reader1_firmware, an update request will be sent to the reader |
requested_reader2_firmware | If this field is populated and is different from reader2_firmware, an update request will be sent to the reader |
New readers are automatically added to every reader event. For example, if a new reader is connected to the network and the Log mode host URL is set, the new reader will be dynamically added the first time when an event is sent. **Do not add readers manually |
“users” table | |
Column name | Column description |
UID | Card unique ID |
PID | Personal ID. Can be used to identify the same user with multiple card UIDs |
description | User description. Can be used eg. to set first and last names. |
image | Binary formatted user image |
*ON123456 | Example of µFR Online reader with serial number ON123456. This field is used to whitelist or blacklist current users on this reader |
*ON654321 | Example of µFR Online reader with serial number ON654321. This field is used to whitelist or blacklist current users on this reader |
New readers are automatically added to every reader event. For example, if a new reader is connected to the network and the Log mode host URL is set, the new reader will be dynamically added the first time when an event is sent as a new column. If a new reader is added. *Example readers. **Do not add readers manually. |
“debug_log” table | |
Column name | Column description |
id | Unique debug id |
OSN | µFR Online serial number |
log | Raw POST data sent from reader to server or from server to reader |
time | Current server timestamp |
direction | FROM_SERVER – HTTP server response FROM_READER – HTTP reader request |
Debug log table is populating only if the “DEBUG” flag is set enabled in the PHP script |
PHP script flowchart #