4_AccessControl

RFIDACCESSCONTROL门禁使用说明关键信息项：1、门禁系统名称：RFIDACCESSCONTROL2、适用范围：＿___________________________3、系统组成：＿___________________________4、操作步骤：＿___________________________5、注意事项：＿___________________________6、维护与保养：＿___________________________7、故障处理：＿___________________________11 系统概述RFIDACCESSCONTROL 门禁系统是一种基于射频识别技术的安全控制设备，旨在提供高效、便捷和可靠的门禁管理解决方案。

111 工作原理该系统通过读取用户携带的 RFID 卡或标签中的信息，与预先设定的权限进行比对，从而决定是否允许用户进入特定区域。

12 适用范围本门禁系统适用于各类企业、办公场所、住宅小区、学校、医院等需要进行人员出入控制的场所。

121 限制使用场景在强电磁干扰、高温、高湿度等极端环境下，可能会影响系统的正常运行。

21 系统组成211 读卡器负责读取 RFID 卡或标签中的信息。

212 控制器处理读卡器读取的信息，并控制门锁的开关。

213 门锁执行开关门动作。

214 电源为整个系统提供电力支持。

215 通信线路用于传输数据和指令。

31 操作步骤311 用户注册新用户需向管理员提供相关身份信息，由管理员将用户信息录入系统，并为用户配发相应的 RFID 卡或标签。

312 刷卡操作用户将 RFID 卡或标签靠近读卡器，保持适当距离和角度，等待系统响应。

313 系统响应若用户权限合法，门锁将自动打开，同时系统记录用户的进入时间。

若权限不合法，系统将发出警报声，并拒绝用户进入。

41 注意事项411 保持卡片清洁避免卡片沾染污渍、水渍或受到划伤，以免影响读取效果。

The Bosch Access Easy Controller (AEC) is your choice for web-based entry level out of the box access control. The web interface is hosted from the Access Easy Controller hardware. Easy to install, easy to deploy, easy to operate.The Bosch Access Professional Edition (APE) is your choice for small andmedium sized access control solutions such as offices or hospitals. Theflexible APE client-server architecture grows with your needs and caneven be upscaled to the Bosch Access Engine without replacement ofaccess control hardware components, protecting your investment.The Bosch Access Engine (ACE) is your choice for enterpriseaccess control solutions such as airports or metro stations. The BoschAccess Engine is part of the Building Integration System (BIS) fromBosch which allows you to fully integrate access control with your othersecurity, safety and building management systems.AEC APE BIS / ACE AEC AMC (Wiegand or RS485) AMC Wiegand, AMC RS485Microsoft Windows XP SP3 Microsoft Windows Vista Microsoft Windows 7 (32 and 64 bit) Linux OS *Microsoft Windows 7 (32 and 64 bit)Windows 10 Professional or Enterprise (32 or 64 bit)Microsoft Windows Server 2012 R2 SP1 (64 bit, Standard, Datacenter)Windows Server 2016 Standard (64 bit)Microsoft Windows Server 2008 R2 SP1 (64 bit, Standard, Datacenter)Microsoft Windows Server 2012 R2 (64 bit, Standard, Datacenter)Microsoft Windows Server 2016 (64 bit, Standard, Datacenter)Microsoft Windows 7 (32 and 64 bit, Pro, Enterprise)Microsoft Windows 8.1 (64 bit, Pro, Enterprise)Microsoft Windows 10 (from version 4.3 on)Yes No YesUnlimited (in multi-server configuration)Fingerpint with second source softwareApprox 80,000 outputs per server512 (Entrance with 1 reader)Approx 10,000 entrances per serverCard only, PIN only, PIN and / or card, fingerprint and card, fingerprintYes, configurable for Action Plans or Video Engine / BVMS Yes, configurable for Action Plans or Video Engine / BVMS。

Fine Grained Access ControlArup Nanda, Proligence, Inc.IntroductionJust as a picture is worth thousand words, it’s my belief that even the most complex of concepts or features can be easily explained through an example, where the reader has the ability to test out the concepts while reading them online. Following my own convictions, I will explain the concepts and uses of this powerful feature of the database using an example of a hospital database.The application that the hospital uses must adhere to the HIPAA regulations and one of the mandates is to allow viewing of patient data only to the people who need them and have authorization for. This means the doctors can access the data on just those patients they are treating, not all. In the old days, this could have been done using a simple filtering predicate in the application queries. This is not practical for a variety of reasons – the primary of which is the modification of a large number of SQL statements inside the application. In case of third party canned applications, this is even more difficult, with the source code controlled in a different place outside the control of the hospital.The other problem is security – what if the user just bypasses the applications and queries the data directly from the database? This sidesteps the filtering predicate inside the code, allowing full access to the data. Obviously the solution calls for the filtering predicate to be applied automatically, regardless of how the access is made.One of the approaches is to use a view on the table with a filtering predicate built in, and allowing users to access the view instead of the base table. This accomplishes the security requirement, but with the proliferation of the views, it might be impractical to maintain this setup. In addition, if the need ever comes to restrict the access by the owner itself, this solution will not work, since the owner can select from the base table. Using views also forces us to use a predicate that is static, not generated at the runtime.The perfect solution comes from Oracle’s implementation of Fine Grained Access Control (FGAC). It is also known as Row Level Security (RLS) or Virtual Private Database (VPD). In this article we will explore the use of this powerful feature in the form of an example setup, to bolster the understanding. We will also learn how to use another advanced feature – application contexts in a database setup.SetupYou can download the scripts to create all the objects used in this article and populate the data from my website, /pubsupp.In our example, we have used the case of an overly simplified hospital database. Typically hospitals have several doctors and each patient is assigned a doctor. The tables are owned by the schema HOSPITAL. The table DOCTORS holds the information on doctors as follows.Name Null? Type----------------- -------- ------------DOCTOR_ID NOT NULL NUMBERDOCTOR_NAME VARCHAR2(20)GROUP_ID NUMBERThe primary key of the table is DOCTOR_ID. It’s assumed that the column DOCTOR_NAME contains the doctor’s login id to the database. A group may consist of several doctors. The column GROUP_ID specifies the group the doctor belongs to.The other important table holds information on patients visiting the hospital, named PATIENTS, shown below.Name Null? Type----------------- -------- ------------PATIENT_ID NOT NULL NUMBERDOCTOR_ID NUMBERPATIENT_NAME VARCHAR2(20)DISEASE VARCHAR2(20)The column PATIENT_ID is the primary key of the table. The column DOCTOR_ID is a foreign key to the table DOCTORS shown above. For the purpose of simplicity, let’s assume that the relationship between DOCTORS to PATIENTS is one-to-many, whereas in the real life, it is probably many-to-many.Here is how the data looks like in the table DOCTORS.DOCTOR_ID DOCTOR_NAME GROUP_ID---------- -------------------- ----------1 DRADAM 12 DRBARB 23 DRCHARLIE 2And here is the data in table PATIENTS.PATIENT_ID DOCTOR_ID PATIENT_NAME DISEASE---------- ---------- -------------------- -----------1 1 LARRY EGO2 1 BILL CONTROL3 2 SCOTT FICKLENESS4 3 CRAIG LOWVISION5 3 LOU GREEDCorresponding to all the names of the doctors, we need to have the userids created in Oracle in the same name. Therefore, we have the users named DRADAMS, DRBARB and DRCHARLIE, all with SELECT, INSERT, UPDATE and DELETE privileges on the tables DOCTORS and PATIENTS.Building the FGAC SetupIn the existing application, the following statement is a call made to the database to see the patient data.SELECT * FROM PATIENTS;With the new requirements in mind, the call must be changed toSELECT * FROM PATIENTS WHERE DOCTOR_ID = <id of the doctor logged in>We somehow have to make a system where the application need not be changed, and the first call will automatically select only the records related to the doctor currently logged in, not all. In other words, we have to generate a filtering predicate,i.e. a WHERE clause to be appended to he query automatically. Building this predicate is the first step. The following function returns a string that can be applied to the query as a WHERE clause.create or replace function get_doctor_id(p_schema_name in varchar2,p_table_name in varchar2)return varchar2isl_doctor_id number;beginselect doctor_idinto l_doctor_idfrom doctorswhere doctor_name = USER;return 'doctor_id = '||l_doctor_id;end;Note how the function returns the string DOCTOR_ID =<id> where <id> is the numerical ID of the doctor who is logged in now, as returned by the function call USER above.This special function is called a policy function and is the building block of a FGAC setup. Note that this has exactly two input arguments, for the schema and the table on which it will be applied and has exactly one return value, the string that will be used as a WHERE clause. The structure of the policy function must be exactly this and is not flexible. The logic can be changed inside, though.Next step is to build a policy to be placed on a table. This policy is the one that restricts the rows accessible to the users. It does so by applying the output of the policy function. The following code segment sets up a policy on the table PATIENTS.begindbms_rls.add_policy(object_schema => 'HOSPITAL',object_name => 'PATIENTS',policy_name => 'PATIENT_VIEW_POLICY',policy_function => 'GET_DOCTOR_ID',function_schema => 'HOSPITAL',statement_types => 'SELECT, INSERT, UPDATE, DELETE',update_check => true,enable => true);end;Here we have defined a policy named PATIENT_VIEW_POLICY on the table PATIENTS in schema HOSPITAL. The policy calls the function GET_DOCTOR_ID as shown in the parameter policy_function. This policy is applied to all types of DML statements on the table – SELECT, INSERT, UPDATE and DELETE. The other options will be explained later.Once the policy is in place, logon to the database as the user DRADAM and select from the tableSQL> select * from hospital.patientsPATIENT_ID DOCTOR_ID PATIENT_NAME DISEASE---------- ---------- -------------------- --------1 1 LARRY EGO2 1 BILL CONTROLWell what happened? There are only two rows selected from the table; but we know for a fact that the table has five rows. However, only patients 1 and 2 are supposed to be seen by the user DRADAM, and only those were displayed. The most important point to note here is that the user did not specify any where clause. Yet, the filtering predicate was applied automatically, by the policy using the output from the policy function.The user’s original querySELECT * FROM PATIENTSwas rewritten toSELECT * FROM(SELECT * FROM PATIENTS)WHERE DOCTOR_ID = 1What if the user deletes the table, as seen below?SQL> delete hospital.patients;2 rows deleted.Note, only 2 rows are deleted, not all the five. The same principle hold true – the filtering predicate is applied automatically to the query. If the user updates the table,SQL> update hospital.patients set disease = null;2 rows updated.Again, only 2 rows are updated, not all five.Another user, DRBARB is allowed to see only patient 2. If she logs in and uses the same query:SQL> select * from hospital.patients;PATIENT_ID DOCTOR_ID PATIENT_NAME DISEASE---------- ---------- -------------------- ------------3 2 SCOTT FICKLENESSNotice how only one row was returned, even though the table has 5. Dr Barb was authorized to see patient 3 only and that is what she saw.The policy is applied regardless of how the table is accessed – through a trigger, a procedure, an application, anything. It is as if the table contains only two rows for the user DRADAMS, not the five which are actually there. This facility creates a window where the user always sees the rows he is supposed to see, not all, something akin to a private view of the table. By applying the same policy to all the tables in a database, the users can see the data which they are authorized to see only, as if they have a private database inside a real database. Hence the Fine Grained Access Control is also known as Virtual Private Database feature.Note how the content of the table changes depending upon the user logged in, eliminating the need for application changes. This powerful feature makes applications developed only once; the policy dictates the filtering predicate.In addition to example given above, FGAC has other uses in hosting companies, where multiple users share the same database and in some cases the same table. FGAC allows the creation of several virtual databases, not physically different ones – making the setup simpler and less expensive to maintain.Bypassing the RestrictionsSometimes it might be required to bypass the restrictions. For instance, we may decide to remove restrictions from the owner of the tables. To do this, we will pass a NULL as the return value to be used as a predicate. If the value is NULL, the policy allows all rows to be visible without restrictions. The policy function can then be rewritten as follows.create or replace function get_doctor_id(p_schema_name in varchar2,p_table_name in varchar2)return varchar2isl_doctor_id number;beginif (p_schema_name = USER) thenreturn null;end if;select doctor_idinto l_doctor_idfrom doctorswhere doctor_name = USER;return 'doctor_id = '||l_doctor_id;end;Note the newly added segment shown in bold. If the current user is the schema owner of the table, then the policy function returns NULL, i.e. no filtering predicate is applied to the query.There is a special type of system privilege called EXEMPT ACCESS POLICY used to exempt a specific user from being subject to any kind of restriction on any of the tables. The DBA role is granted this system privilege by default; hence a user with DBA role accessing data will not be restricted by any policy – a very important point to keep in mind while designing applications involving FGAC.Other Dependent TablesSo far we have talked about only one table. Suppose there is another table in the database to hold information on treatments given to patients. Since a patient may be given treatment more than once, the table TREATMENTS, shown below, has column to record the dates, too.Name Null? Type----------------- -------- ------------PATIENT_ID NUMBERTREATMENT_DT DATETREATMENT VARCHAR2(30)Here are the sample data in this table.PATIENT_ID TREATMENT TREATMENT---------- --------- ------------------------------1 19-OCT-03 ASK THE ORACLE1 29-OCT-03 SELL THE SAILBOAT2 19-OCT-03 LOOK AT THE WINDOWS2 29-OCT-03 GIVE S/W AWAY3 19-OCT-03 LOOK AT THE SETTING SUN4 29-OCT-03 GENERATE INTEL-LIGENCE4 29-OCT-03 PROCESS MORE5 29-OCT-03 STOP MACHINES IN BUSINESS5 29-OCT-03 STOP INTERNATIONAL MACHINESApplying the same principle of the FGAC, a user should be able to see only the rows allowed to be seen. For instance, Dr Adam is allowed to only records for his patients, 1 and 2, not for all the other patients. Earlier we used DOCTOR_ID as a filtering condition; but this table does not have the column. Therefore we have to devise a separate filtering condition. WHERE PATIENT_ID IN (SELECT PATIENT_ID FROM PATIENTS)Since the table PATIENTS is restricted, the list of PATIENT_IDs will be restricted too and hence this filtering condition will work. We need to define a new policy function for this policy.create or replace function get_patient_id(p_schema_name in varchar2,p_table_name in varchar2)return varchar2isl_patient_id number;beginif (p_schema_name = USER) thenreturn null;end if;return 'patient_id in (select patient_id from patients)';end;This returns the predicate in the format we want. Then we need to create a policy for this table using this function.begindbms_rls.add_policy(object_schema => 'HOSPITAL',object_name => 'TREATMENTS',policy_name => 'TREAT_VIEW_POLICY',policy_function => 'GET_PATIENT_ID',function_schema => 'HOSPITAL',statement_types => 'SELECT, INSERT, UPDATE, DELETE',update_check => true,enable => true);end;This policy will restrict the table TRATMENTS in such a way that only the authorized rows are visible.Update and Insert ChecksSo far we have talked about restricting the policy on the value of a column name. The user DRBARB is allowed to see only patient id 3. However, what if she issues the following update?SQL> update hospital.patients set doctor_id = 3;update hospital.patients set doctor_id = 3*ERROR at line 1:ORA-28115: policy with check option violationNote the new type of error - ORA-28115: policy with check option violation. It’s raised since the user attempted to change the very column that the table is restricted on. The user is allowed to see only records with DOCTOR_ID = 2, changing to 3 would have removed the record from her private view of the table. The parameter update_check in the packaged procedure dbms_rls.add_policy prevents this from happening. Setting this parameter to FALSE will allow this update and place the row in a set inaccessible by the user.The same thing happens when the user tries to insert a row that will not satisfy the policy for her viewing. Dr Barb tries to insert the row with DOCTOR_ID = 3, but she is allowed to see only DOCTOR_ID = 2.SQL> insert into hospital.patients values (6,3,'CARLY','OBSESSION');insert into hospital.patients values (6,3,'CARLY','OBSESSION')*ERROR at line 1:ORA-28115: policy with check option violationThe same error is produced here, too.Multiple PoliciesIn real life, you should probably create individual procedures for each type of access. In that case the parameter statement_types should contain only the statement type it should be applied on, e.g. ‘INSERT’, not the list of all the statement types. If a table has multiple policies, the predicates are AND ed, i.e. the predicates are all appended to the original query with AND. For instance the querySELECT * FROM PATIENTSis rewritten toSELECT * FROM(SELECT * FROM PATIENTS)WHERE <predicate clause from first policy>AND <predicate clause from second policy>AND <predicate clause from third policy>………… and so on….Defining multiple policies makes administration tasks easier – you can enable or disable specific policies, based on need and each policy can have a different policy function. The latter is useful when the access patterns are different for each statement types. For instance, you could have a user perform DML on his or her patient records, but other doctors in thesame group can also have SELECT access to the records. In this case you have to define a policy for SELECT statement type and another for the other types.Policy ManagementThe previous examples showed how to add a policy. To drop the policy, the procedure dbms_rls.drop_policy can be used. It takes the schema, table and policy names as parameters. The policies can be temporarily disabled by using the API dbms_rls.enable_policy. It takes, in addition to these three, another parameter enable. To disable a policy, call this with the parameter set to FALSE. To enable it, set the parameter to TRUE and execute the function.Policy can also be managed through an Oracle Enterprise Manager component known as Oracle Policy Manager, which provides all these functions via a GUI interface. To invoke it, just issue the following in the command lineoemapp opmThis will bring up the OPM main screen. The operations are easy to follow and intuitive.Several data dictionary views are present for information on FGAC policies. The most common one is DBA_POLICIES. Here is a brief description of the most important columns of the view.Column DescriptionOBJECT_OWNER The schema owner who owns the object on which the policy is defined.OBJECT_NAME The name of the objectPOLICY_NAME Name of the policyPF_OWNER The owner of the function used to enforce security of the policy.PACKAGE Sometimes a package used to enforce the policy. This shows the name of the package if that is the case.FUNCTION The name of the function that is used to enforce security.SEL Indicates whether the policy applies to select statements. A value of YES indicates that,otherwise NO.INS Same explanation as above, but for inserts.UPD Same explanation as above, but for updates.DEL Same explanation as above, but for deletes.CHK_OPTION If the policy has been defined with an update check that will make sure the new value alsoconforms to the policy after the change. A value of YES indicates that, otherwise NO.ENABLE Indicates whether the policy is enabled. A value of YES indicates that, otherwise NO.STATIC_POLICY Indicates whether the policy is static, i.e. the function returns the same value regardless of theuser who calls it.Troubleshooting and Potential ConcernsBefore proceeding further on the advanced topics, let’s examine some of the potential problems and their resolution. Most of these errors produce a trace file in the user_dump_dest directory, which contains useful information for further diagnosis. The most common problem is a badly constructed predicate generated by the policy function throwing error ORA-28113: policy predicate has error. This occurs when the policy function generates a predicate that is syntactically incorrect and the actual statement will be visible in the trace file. For instance, the following trace file shows the problem statement.PATIENT_ID IN ()ORA-00936: missing expressionNote there is nothing inside the parentheses, which is wrong and hence the policy failed to apply. Further diagnosis must be done on the policy function on how to correct this error.Another error is “ORA-28112: failed to execute policy function”, which indicates that the policy function failed at the runtime, typically due to unhandled exceptions. Luckily, the trace files generated show the exact problem. A less common error is “ORA-28110: Policy function or package has error”, which simply indicates that the policy function is not valid. Mere recompilation of the function will resolve the problem.Since FGAC works by applying a predicate to the query at runtime, they cannot applied in operations that bypass the SQL processing layer, such as Direct Path export/import, Direct Path SQL*Loader, Direct Path Inserts, etc. In the last three cases, the operation fails with an error ORA-28116: insufficient privileges to do direct path access. The only options are using the conventional mode of these tools, temporarily disabling the policy or using a user with EXEMPT ACCESS POLICY system privilege. Direct path export does not fail but export is carried out in conventional mode, even if DIRECT=Y is given. This can be seen from the informational message on the screen while export is going on.DebuggingIt might be helpful, especially during development, to see exactly the kind of predicate returned by FGAC. You can do that in a few different ways. The simplest is to use a query like this.select sql_text, predicate, policy, object_namefrom v$sqlarea , v$vpd_policywhere hash_value = sql_hash/SQL_TEXT---------------------------------------------PREDICATE---------------------------------------------POLICY OBJECT_NAME------------------------------ --------------select * from hospital.patientspatient_id in (1,2,5)PATIENT_VIEW_POLICY PATIENTSThis shows that the predicate where patient_id in (1,2,5) was appended to the original query select * from hospital.patients. This is useful if the original query is still in the SQL area in SGA and not flushed out yet. The view v$vpd_policy also shows a lot of other details relevant for analysis, such as the group, in case of a grouped policy, etc.The other option is to use an event for throwing out the details of the rewritten query. As the user DRADAM, use the following command before selecting from the table.alter session set events ‘10730 trace name context forever, level 12';Then select from the table. A trace file will be generated in the user_dump_dest directory, an excerpt of which is shown below.*** 2003-11-19 17:32:11.508*** SESSION ID:(23.1512) 2003-11-19 17:32:11.508-------------------------------------------------------------Logon user : DRADAMTable/View : HOSPITAL.PATIENTSPolicy name : PATIENT_VIEW_POLICYPolicy function: HOSPITAL.GET_PATIENT_IDRLS view :SELECT "PATIENT_ID","DOCTOR_ID","PATIENT_NAME","DISEASE" FROM "HOSPITAL"."PATIENTS" "PATIENTS" WHERE (patient_id in (1,2,5))Note the changed query is neatly shown in the trace file. This shows exactly which predicate was generated and applied. This is particularly useful for multiple policies applied on a table – all the predicates are visible. If the trace file is not generated, try refreshing the policy using dbms_rls.refresh_policy packaged procedure.Application ContextsThe above example relies on the assumption that the user accesses are limited by userid in Oracle. In some cases, especially in web applications, the application connects to the database using a single generic userid, e.g. APPUSER. The users such as DrAdam, DrBarb and DrCharlie are users in application, not the database. As far as the database is concerned, the userid is APPUSER, in all cases. Hence the function USER in the policy functions defined above always returns APPUSER and the FGAC cannot be established.To alleviate the problem, another approach can be used using application contexts. App Contexts, simply put, are similar to global variables, whose value once set is available in the same session. Another session can have a different value. An App Context is actually a collection of such variables, known as Attributes. Attributes are to a context what columns are to a table. However, unlike columns, the attributes are not defined during creation of the context; rather anyone can set any context attribute and set a value. Also, contexts are not stored objects and they don’t consume space.To create a context, the user should have CREATE ANY CONTEXT system privilege. After granting this privilege to HOSPITAL, connect to the database as HOSPITAL and issuecreate context app_ctx using set_app_ctx;Note the clause, using set_app_ctx, which indicates that the attributes in this context can be assigned only by executing a procedure called set_app_ctx. The next step is to create the procedure.create or replace procedure set_app_ctx(p_app_user in varchar2)isbegindbms_Session.set_context('app_ctx','app_userid',p_app_user);end;Note, the above segment assigns to the attribute app_userid of the context app_ctx the value of the input parameterp_app_user. While creating the context, we have not created any attribute; it was done during the call to dbms_Session package, which is used to set the application contexts. Let’s set the value of the context as follows.SQL> exec hospital.set_app_ctx ('Context1')PL/SQL procedure successfully completed.Once an application context is set, it can be retrieved in several ways. The following query shows all the context attributes set in the session.SQL> select * from session_context;NAMESPACE ATTRIBUTE VALUE-------------- -------------- ----------------APP_CTX APP_USERID Context1Note, the attribute app_userid has been assigned the value Context1 as shown above. The context is referred to as NAMESPACE, too, as shown above. Another method to retrieve the attribute value is the following querySQL> select sys_context('app_ctx','app_userid') from dual;SYS_CONTEXT('APP_CTX','APP_USERID')-----------------------------------------------------------Context1This method of accessing context attributes is also used in other areas. Remember the function USERSelect USER from dual;It returns the current logged-in user. The above can also be written asSelect SYS_CONTEXT('USERENV','CURRENT_USER') from dual;Note the use of the SYS_CONTEXT function. USERENV is a predefined context namespace and an attribute CURRENT_USER is populated automatically.Remember, the function set_app_ctx sets the value of the attribute, which, inside, calls the packagedbms_session.set_context. If the user calls this package directly,SQL> begin2 dbms_Session.set_context('app_ctx','app_userid','Context1');3 end;4 /begin*ERROR at line 1:ORA-01031: insufficient privilegesORA-06512: at "SYS.DBMS_SESSION", line 78ORA-06512: at line 2Note the error produced - ORA-01031: insufficient privileges. Even after granting the execute privileges on the package to the user HOSPITAL, this error persists. Why so? The reason is the way the context is declared: create context app_ctx using set_app_ctx, which means the attributes of this context can only be set using its trusted procedure, set_app_ctx, no other way.This important property of the attribute is useful in securing an application. Since the only way the attribute values can be set is through the procedure, we can place all kinds of security checks inside the procedure to make sure that the context setting is valid.Application Users and FGACGoing back to the problem of the FGAC in a situation where the database user is generic, but the application users must be passed to the FGAC setup for building a correct set of rows, we can use the application contexts. In the above example of contexts, the value of the attribute APP_USERID can be set by the application to the real user and the FGAC policy function can retrieve the value to build the correct FGAC version of the table.create or replace function get_doctor_id(p_schema_name in varchar2,p_table_name in varchar2)return varchar2isl_doctor_id number;beginif (p_schema_name = USER) thenreturn null;end if;select doctor_idinto l_doctor_idfrom doctorswhere doctor_name in (USER, sys_context('app_ctx','app_userid'));return 'doctor_id = '||l_doctor_id;end;Note the line where it sayswhere doctor_name in (USER, sys_context('app_ctx','app_userid'));Here the doctor_name column is not only matched against the database userid, but against the value of the attribute APP_USERID in context APP_CTX, too.The generic userid used is APPUSER, which is then given execute privilege on the procedure set_app_ctx. Now, the application connects as APPUSER and sets the context attribute to the value of the real user, say DRBARB, and selects from the table.SQL> exec hospital.set_app_ctx('DRBARB')PL/SQL procedure successfully completed.。

Access-Control-Allow-Headers等基础常识简单总结下1、客户端orgin 服务端 Access-control-Allow-Orgin 个⼈理解允许访问2、预检请求（⾮简单请求触发） 浏览器 options 请求 跨域资源共享(CORS) (或者通俗地译为跨域资源共享) 是⼀种机制，该机制使⽤附加的 Http 头来告诉浏览器，准许运⾏在⼀个源上的 Web 应⽤访问位于另⼀不同源选定的资源。

当⼀个 Web 应⽤发起⼀个于⾃⾝所在源（域，协议和端⼝）不同的 HTTP请求时，它发起的即跨源HTTP 请求。

出于安全性，浏览器限制脚本内发起的跨源HTTP请求。

例如，XMLHttpRequest和Fetch API遵循同源策略。

这意味着使⽤这些API的Web 应⽤程序只能从加载应⽤程序的同⼀个域请求HTTP资源，除⾮响应报⽂包含了正确CORS响应头跨源域资源共享（）机制允许 Web 应⽤服务器进⾏跨源访问控制，从⽽使跨源数据传输得以安全进⾏。

现代浏览器⽀持在 API 容器中（例如或）使⽤ CORS，以降低跨源 HTTP 请求所带来的风险。

谁应该读这篇⽂章？说实话，每个⼈。

更具体地来讲，这篇⽂章适⽤于⽹站管理员、后端和前端开发者。

现代浏览器处理跨源资源共享的客户端部分，包括HTTP头和相关策略的执⾏。

但是这⼀新标准意味着服务器需要处理新的请求头和响应头。

对于服务端的⽀持，开发者可以阅读补充材料。

功能概述跨源资源共享标准新增了⼀组 HTTP ⾸部字段，允许服务器声明哪些源站通过浏览器有权限访问哪些资源。

另外，规范要求，对那些可能对服务器数据产⽣副作⽤的 HTTP 请求⽅法（特别是以外的 HTTP 请求，或者搭配某些 MIME 类型的请求），浏览器必须⾸先使⽤⽅法发起⼀个预检请求（preflight request），从⽽获知服务端是否允许该跨源请求。

服务器确认允许之后，才发起实际的 HTTP 请求。

accesscontroller门禁说明书设置开门模式门禁系统是一种用于管理人员进出特定场所的安全系统。

通过门禁系统，可以实现对人员的准确控制和管理，确保场所的安全和秩序。

在门禁系统中，门禁控制器是一个非常重要的设备，它负责对门的打开和关闭进行控制。

本说明书将介绍如何设置门禁控制器的开门模式。

一、门禁控制器的开门模式介绍门禁控制器的开门模式是指门禁系统控制门打开的方式和条件。

根据实际需求和安全要求，门禁控制器一般具有多种开门模式，包括常开、常闭、刷卡开门、密码开门等。

下面分别介绍各种开门模式的设置方法和注意事项。

1.常开模式常开模式是指门禁系统中门一直处于打开状态，人员可以自由进出。

常开模式适用于安全要求较低、高人流量的场所，如大厦的大门、商场的入口等。

要设置常开模式，首先需要进入门禁控制器的管理界面，在设置选项中找到“开门模式”选项，点击进入设置页面。

然后选择常开模式并保存设置，最后将门禁控制器连接到门禁系统中。

2.常闭模式常闭模式是指门禁系统中门一直处于关闭状态，只有通过刷卡、密码等方式验证身份后才能打开。

常闭模式适用于安全要求较高的场所，如金融机构的保险库、实验室等。

设置常闭模式的方法与设置常开模式类似，只需要选择常闭模式并保存设置即可。

3.刷卡开门模式刷卡开门模式是指人员通过刷卡验证身份后可以打开门禁系统中的门。

在设置刷卡开门模式时，需要先将刷卡卡片的信息录入门禁系统的数据库中，然后设置刷卡开门模式，并将门禁控制器与刷卡读卡器进行连接。

人员在使用门禁系统时，只需将刷卡卡片靠近读卡器，系统就会自动验证身份并打开门。

4.密码开门模式密码开门模式是指人员通过输入预设密码验证身份后可以打开门禁系统中的门。

在设置密码开门模式时，需要先将人员的密码信息录入门禁系统的数据库中，然后设置密码开门模式，并将门禁控制器与密码输入设备进行连接。

人员在使用门禁系统时，只需输入预设的密码，系统就会自动验证身份并打开门。

ACL(Access Control List，访问控制列表)技术从来都是一把双刃剑，网络应用与互联网的普及在大幅提高企业的生产经营效率的同时，也带来了诸如数据的安全性，员工利用互联网做与工作不相干事等负面影响。

如何将一个网络有效的管理起来，尽可能的降低网络所带来的负面影响就成了摆在网络管理员面前的一个重要课题。

A公司的某位可怜的网管目前就面临了一堆这样的问题。

A公司建设了一个企业网，并通过一台路由器接入到互联网。

在网络核心使用一台基于IOS的多层交换机，所有的二层交换机也为可管理的基于IOS的交换机，在公司内部使用了VLAN技术，按照功能的不同分为了6个VLAN。

分别是网络设备与网管(VLAN1，10.1.1.0/24)、内部服务器(VLAN2)、Internet连接(VLAN3)、财务部（VLAN4）、市场部(VLAN5)、研发部门（VLAN6），出口路由器上Fa0/0接公司内部网，通过s0/0连接到Internet。

每个网段的三层设备（也就是客户机上的缺省网关）地址都从高位向下分配，所有的其它节点地址均从低位向上分配。

该网络的拓朴如下图所示：自从网络建成后麻烦就一直没断过，一会儿有人试图登录网络设备要捣乱；一会儿领导又在抱怨说互联网开通后，员工成天就知道泡网；一会儿财务的人又说研发部门的员工看了不该看的数据。

这些抱怨都找这位可怜的网管，搞得他头都大了。

那有什么办法能够解决这些问题呢？答案就是使用网络层的访问限制控制技术――访问控制列表（下文简称ACL）。

那么，什么是ACL呢？ACL是种什么样的技术，它能做什么，又存在一些什么样的局限性呢？ACL的基本原理、功能与局限性网络中常说的ACL是Cisco IOS所提供的一种访问控制技术，初期仅在路由器上支持，近些年来已经扩展到三层交换机，部分最新的二层交换机如2950之类也开始提供ACL的支持。

只不过支持的特性不是那么完善而已。

在其它厂商的路由器或多层交换机上也提供类似的技术，不过名称和配置方式都可能有细微的差别。

1: UNPACKING AND DISASSEMBLY(see detail drawing in Assembly section)∙ Remove the two assemblies from packaging. Receiver side has Key Switch and Indicator .∙ Remove three(3) 5/64” Allen Screws at upper, middle, and lower points on each assembly.∙ Remove the Upper Cover . Set Upper Cover aside.(NOTE - Unplug wiring from circuit board when removing the Receiver-side Upper Cover)∙ Remove the Lower Cover and set aside.∙ Remove the two 1/4” Hex Standoffs at the top and bottom of each electronics package, then slide package up and lift off of Mounting Plate .∙ Repeat for opposite assembly.4: WIRINGDefinitions:A &B Sides - If standing between the two units and Facing the unit with the Key, Left is “A” and Right is “B.” (see diagram at right for detail)Door Prop function - Monitors Door input for a held open door. Goes into Alarm if door is not closed within 10 seconds, unless another Valid User input is seen. ACS - Access Control SystemOutput Relays:(Output contact rating: 1 Amp)Mag Lock Relay - Can be used to control an Electric Lock in response to a Valid User input. Form C (held 5 sec)Alarm Relay - Connect to remote equipment to monitor Alarm conditions. Tailgater, Door Prop, Loiter, and Tamper conditions)Alarm. Form C (2.5 second minimum duration)Door Relay (Follows Door Input)“A” & “B” Passage Complete - These relays change state upon valid passage of a user from the A or B side. Used to monitor for Time and Attendance by remote equipment. Form C (held 1 sec)Inputs:(all Inputs share 2 common GNDs on connector)Valid “A” Card Valid User approaching from the “A” side.*Valid “B” Card Valid User approaching from the “B” Side ** Enable Free Passage by shorting input for Valid A or B Card.Bypass function as Key Switch.Door - Closed Loop from Door when Door is closed. Optional, used for Door Prop monitoring and enhanced TDS operation. Power - 12-24 VDC@ 500 mA (1 Amp supply suggested )REMOTE DISPLAY CONNECTOR:Optional . Refer to ES5200-R1 or R2 InstructionsSETUP and TESTSwitches: (as shown on drawing)1) Door Prop Enable - Turns on the Door Prop function whenplaced in the ON position.2) Beep Disable - Turns Off the Valid Card beep when placed in the ON position.3) Bi-Direction Card Enable - Allows an A card input to pass in either direction when placed in the ON position. 4) Card Stacking Disable - Requires a Valid User to pass, or time out, prior to accepting another card input.Key Switch on Upper Cover - Use to Bypass the unit (held) or to Reset an alarm (momentary).Pushbuttons: (as shown on drawing)To Calibrate : Install lower covers. Verify clear beam path. Apply Power. Press Calibrate Button.Keep beam path clear until Calibrate LED is ON (up to 60 sec). That’s all it takes to set up! NOTE: If Tamper is enabled alarm may sound if cover is removed.A &B Card buttons - Press to simulate an A or B - Card input (respectively) for test and troubleshooting purposes.LEDs:Calibrate : On - Calibrated. Flashing - Beam interruption or Calibration required. Off - During Calibration. Inputs : Respective LED will illuminate when a closure is seen on any Input (A Card, B Card, Bypass, Door) Upper Cover : See “ES5200 ENTRY SENTRY - USER INSTRUCTION”Sensitivity: (as shown on drawing)Clockwise: Increase Sensitivity - Reduce loiter time to 3 sec (min), improved step-over/crawl-under detection Counter-Clockwise: Decrease Sensitivity - Increase loiter time up to 10 sec, reduce step-over/crawl-under detection.DOOR MNT. WALL MNT.A B A BCLEANING - Soft damp cloth, mild soap solution. Dry with soft cloth. Avoid using paper as this may damage the optical surface. DSI recommends: Chemtronics® ES1668 (enlarged drawing on insert)ES5200—ENTRY SENTRY TAILGATE DETECTION SYSTEM2: PHYSICAL INSTALLATIONEntry Sentry may be mounted both on a doorframe, or onto facing walls of a hallway.Wall mount on corridor walls.∙∙ Hang the Transmitter and Receiver sub-travel. (Optical Alignment Required: ± 1°)∙ Door/ Hallway Width 30” min. - 80” max.∙ Use mounting plate as Template for holes.∙level and plumb.∙floor.∙∙ Set mounting plate aside.∙ Drill 5 mounting holes as needed for yourmounting surface. (max. dia. 9/64”)∙ Drill a 1” wiring hole.∙to wiring insulation.∙ Install mounting plate using appropriatehardware for your mounting surface.∙ Repeat for second mounting plate.3: ASSEMBLYFinished FloorHEIGHTABOVEFINISHEDFLOORDOOR MOUNT。

一、概述通信是现代社会中不可或缺的一部分，而通信技术的发展也日新月异。

而在现代通信技术中，网络中的设备间如何进行数据传输，往往离不开MAC（Media Access Control）概念的应用。

本文将围绕MAC概念展开详细的介绍和解析。

二、MAC概念的起源和定义MAC是指介于数据链路层和物理层之间的协议，用于控制设备在物理媒体上的访问和传输。

其它无线通信技术也使用MAC协议，比如Wi-Fi、蓝牙等。

MAC协议决定了如何将数据帧放到媒体上以及如何从媒体上接收数据帧。

它通过定义一种访问机制，规定了各个设备在介质上的传输的规则。

三、MAC概念的功能1. 媒体访问的控制在数据链路层中，MAC协议负责对物理介质的访问进行控制。

不同的局域网技术有不同的MAC协议，比如以太网使用的是CSMA/CD协议，而无线局域网使用的是CSMA/CA协议，它们都是为了解决设备对共享媒体的竞争和协调访问。

2. 位置区域的识别和分配MAC位置区域是设备网络接口的硬件位置区域，用于在局域网中进行唯一标识。

MAC位置区域由48位二进制数组成，通常表示为12个十六进制字符。

MAC层负责通过MAC位置区域对设备进行唯一标识和寻址。

3. 帧的封装和解封MAC层将网络层传递下来的数据封装成适合物理层传输的帧，同时也负责接收物理层传输的帧并解封还原成网络层的数据。

四、MAC位置区域和MAC层的关系1. MAC位置区域MAC位置区域是设备在网络中唯一标识的位置区域，也就是说，在局域网中，不同的设备都有不同的MAC位置区域。

MAC位置区域由设备制造商分配，因此它唯一标识了设备的制造商和型号信息。

MAC位置区域是数据链路层的位置区域，用于在局域网中传输数据帧。

2. MAC层MAC层是操作系统中的一个网络协议层，它位于数据链路层之上，物理层之下。

MAC层负责将网络层的数据封装成适合物理层传输的帧，并在接收时解开帧还原成网络层的数据。

五、MAC概念的应用1. 以太网以太网是目前最流行的局域网技术，它使用CSMA/CD协议进行媒体访问控制。

Integrated Dell Remote Access Controller 9 版本 3.31.31.31 用户指南注意、小心和警告:“注意”表示帮助您更好地使用该产品的重要信息。

:“小心”表示可能会损坏硬件或导致数据丢失，并告诉您如何避免此类问题。

:“警告”表示可能会导致财产损失、人身伤害甚至死亡。

版权所有 © 2019 Dell Inc. 或其子公司。

保留所有权利。

Dell、EMC 和其他商标是 Dell Inc. 或其附属机构的商标。

其他商标可能是其各自所有者的商标。

章 1: 概览 (15)iDRAC 配合 Lifecycle Controller 一起使用的优点 (15)主要功能 (15)此发行版中的新功能 (18)如何使用本指南 (18)支持的 Web 浏览器 (18)支持的操作系统和虚拟机监控程序 (18)iDRAC 许可证 (18)许可证类型 (19)获取许可证的方法 (19)从 Dell Digital Locker 获取许可证密钥 (19)许可证操作 (20)在 iDRAC9 中的已许可功能 (20)访问 iDRAC 的界面和协议 (25)iDRAC 端口信息 (27)您可能需要的其他说明文件 (28)联系 Dell (29)从 Dell 支持站点访问说明文件 (29)章 2: 登录 iDRAC (30)使用 OpenID Connect 登录 iDRAC (31)以本地用户、Active Directory 用户或 LDAP 用户身份登录 iDRAC (31)使用智能卡作为本地用户登录 iDRAC (32)使用智能卡作为 Active Directory 用户登录 iDRAC (32)使用单一登录登录 iDRAC (32)使用 iDRAC Web 界面登录 iDRAC SSO (33)使用 CMC Web 界面登录 iDRAC SSO (33)使用远程 RACADM 访问 iDRAC (33)验证 CA 证书以在 Linux 上使用远程 RACADM (33)使用本地 RACADM 访问 iDRAC (34)使用固件 RACADM 访问 iDRAC (34)查看系统运行状况 (34)使用公共密钥验证登录 iDRAC (34)多个 iDRAC 会话 (35)使用 SMCLP 访问 iDRAC (35)安全默认密码 (35)在本地重设默认的 iDRAC 密码 (35)远程重设默认 iDRAC 密码 (36)更改默认登录密码 (37)使用 Web 界面更改默认登录密码 (37)使用 RACADM 更改系统将显示默认登录密码 (37)使用 iDRAC 设置公用程序更改默认登录密码 (37)启用或禁用默认密码警告消息 (38)IP 阻止 (38)目录3使用 Web 界面启用或禁用 OS 到 iDRAC 直通 (38)使用 RACADM 启用或禁用警报 (39)章 3: 设置受管系统 (40)设置 iDRAC IP 地址 (40)使用 iDRAC 设置公用程序设置 iDRAC IP (41)使用 CMC Web 界面设置 iDRAC IP (43)启用配置服务器 (44)使用自动配置功能配置服务器和服务器组件 (44)使用散列密码提供更高的安全性 (49)修改本地管理员帐户设置 (50)设置受管系统位置 (51)使用 Web 界面设置受管系统位置 (51)使用 RACADM 设置受管系统位置 (51)使用 iDRAC 设置公用程序设置受管系统位置 (51)优化系统性能和功耗 (51)使用 iDRAC Web 界面修改散热设置 (51)使用 RACADM 修改散热设置 (53)使用 iDRAC 设置公用程序修改散热设置 (56)使用 iDRAC Web 界面修改 PCIe 气流设置 (56)设置管理站 (57)远程访问 iDRAC (57)配置支持的 Web 浏览器 (57)配置 Internet Explorer (57)配置 Mozilla Firefox (58)配置 Web 浏览器以使用虚拟控制台 (59)查看 Web 界面的本地化版本 (62)更新设备固件 (62)使用 iDRAC Web 界面更新固件 (65)计划自动固件更新 (65)使用 RACADM 更新设备固件 (67)使用 CMC Web 界面更新固件 (67)使用 DUP 更新固件 (67)使用远程 RACADM 更新固件 (68)使用 Lifecycle Controller 远程服务更新固件 (68)从 iDRAC 更新 CMC 固件 (68)查看和管理分阶段更新 (69)使用 iDRAC Web 界面查看和管理分阶段更新 (69)使用 RACADM 查看和管理分阶段更新 (69)回滚设备固件 (69)使用 iDRAC Web 界面回滚固件 (70)使用 CMC Web 界面回滚固件 (70)使用 RACADM 回滚固件 (70)使用 Lifecycle Controller 回滚固件 (71)使用 Lifecycle Controller 远程服务回滚固件 (71)恢复 iDRAC (71)备份服务器配置文件 (71)使用 iDRAC Web 界面备份服务器配置文件 (72)使用 RACADM 备份服务器配置文件 (72)4目录计划自动备份服务器配置文件 (72)导入服务器配置文件 (73)使用 iDRAC Web 界面导入服务器配置文件 (74)使用 RACADM 导入服务器配置文件 (74)还原操作顺序 (74)使用其他系统管理工具监测 iDRAC (74)支持服务器配置配置文件—导入和导出 (75)使用 iDRAC Web 界面导入服务器配置配置文件 (75)使用 iDRAC Web 界面导出服务器配置配置文件 (75)BIOS 设置或 F2 中的安全引导配置 (76)BIOS 恢复 (77)章 4: 配置 iDRAC (78)查看 iDRAC 信息 (79)使用 Web 界面查看 iDRAC 信息 (79)使用 RACADM 查看 iDRAC 信息 (80)修改网络设置 (80)使用 Web 界面修改网络设置 (80)使用本地 RACADM 修改网络设置 (80)配置 IP 筛选 (80)密码组选择 (82)使用 iDRAC Web 界面配置密码组选择 (82)使用 RACADM 配置密码组选择 (82)FIPS 模式 (82)启用 FIPS 模式 (83)禁用 FIPS 模式 (83)配置服务 (83)使用 Web 界面配置服务 (84)使用 RACADM 配置服务 (84)启用或禁用 HTTPS 重定向 (85)配置 TLS (85)使用 Web 界面配置 TLS (85)使用 RACADM 配置 TLS (85)使用 VNC 客户端管理远程服务器 (86)使用 iDRAC Web 界面配置 VNC 服务器 (86)使用 RACADM 配置 VNC 服务器 (86)设置带 SSL 加密的 VNC 查看器 (86)设置不带 SSL 加密的 VNC 查看器 (87)配置前面板显示屏 (87)配置 LCD 设置 (87)配置系统 ID LED 设置 (88)配置时区和 NTP (88)使用 iDRAC Web 界面配置时区和 NTP (88)使用 RACADM 配置时区和 NTP (89)设置第一引导设备 (89)使用 Web 界面设置第一引导设备 (89)使用 RACADM 设置第一引导设备 (89)使用虚拟控制台设置第一引导设备 (90)启用上次崩溃屏幕 (90)目录5支持 USB NIC 的操作系统 (91)使用 Web 界面启用或禁用 OS 到 iDRAC 直通 (92)使用 RACADM 启用或禁用 OS 到 iDRAC 直通 (92)使用 iDRAC 设置公用程序启用或禁用 OS 到 iDRAC 直通 (92)获取证书 (93)SSL 服务器证书 (93)生成新的证书签名请求 (94)上载服务器证书 (94)查看服务器证书 (95)上载自定义签名证书 (95)下载自定义 SSL 证书签名证书 (96)删除自定义 SSL 证书签名证书 (96)使用 RACADM 配置多个 iDRAC (97)禁用访问以修改主机系统上的 iDRAC 配置设置 (97)章 5: 查看 iDRAC 和受管系统信息 (98)查看受管系统运行状况和属性 (98)配置资产跟踪 (98)查看系统资源清册 (98)查看传感器信息 (99)监测 CPU、内存和输入输出模块的性能指标 (100)使用 Web 界面监测 CPU、内存和输入输出模块的性能指标 (101)使用 RACADM 监测 CPU、内存和输入输出模块的性能指标 (101)检查系统的新鲜空气符合性 (101)查看历史温度数据 (102)使用 iDRAC Web 界面查看历史温度数据 (102)使用 RACADM 查看历史温度数据 (102)配置入口温度的警告阈值 (102)查看主机操作系统上可用的网络接口 (103)使用 Web 界面查看主机操作系统上可用的网络接口 (103)使用 RACADM 查看主机操作系统上可用的网络接口 (103)查看 FlexAddress 夹层卡光纤连接 (104)查看或终止 iDRAC 会话 (104)使用 Web 界面终止 iDRAC 会话 (104)章 6: 设置 iDRAC 通信 (105)使用 DB9 电缆通过串行连接与 iDRAC 进行通信 (106)针对串行连接配置 BIOS (106)启用 RAC 串行连接 (106)启用 IPMI 串行连接基本和终端模式 (107)使用 DB9 电缆时在 RAC 串行和串行控制台之间切换 (109)从串行控制台切换到 RAC 串行 (109)从 RAC 串行切换到串行控制台 (109)使用 IPMI SOL 与 iDRAC 进行通信 (109)针对串行连接配置 BIOS (109)配置 iDRAC 以使用 SOL (110)启用支持的协议 (111)6目录使用 iDRAC 设置公用程序配置 LAN 上 IPMI (114)使用 RACADM 配置 LAN 上 IPMI (114)启用或禁用远程 RACADM (115)使用 Web 界面启用或禁用远程 RACADM (115)使用 RACADM 启用或禁用远程 RACADM (115)禁用本地 RACADM (115)启用受管系统上的 IPMI (116)为 RHEL 6 引导期间的串行控制台配置 Linux (116)允许在引导后登录到虚拟控制台 (117)在 RHEL 7 中配置串行终端 (118)从串行控制台控制 GRUB (118)支持的 SSH 加密方案 (119)对 SSH 使用公共密钥验证 (120)章 7: 配置用户帐户和权限 (123)iDRAC 用户角色和权限 (123)建议使用的用户名和密码字符 (124)配置本地用户 (124)使用 iDRAC Web 界面配置本地用户 (125)使用 RACADM 配置本地用户 (125)配置 Active Directory 用户 (126)对 iDRAC 使用 Active Directory 验证的前提条件 (126)支持的 Active Directory 验证机制 (128)标准架构 Active Directory 概览 (128)配置标准架构 Active Directory (129)扩展架构 Active Directory 概览 (131)配置扩展架构 Active Directory (133)测试 Active Directory 设置 (140)配置通用 LDAP 用户 (140)使用 iDRAC 基于 Web 的界面配置通用 LDAP 目录服务 (141)使用 RACADM 配置通用 LDAP 目录服务 (141)测试 LDAP 目录服务设置 (141)章 8: 系统锁定模式 (143)章 9: 配置 iDRAC 以进行单一登录或智能卡登录 (145)Active Directory 单一登录或智能卡登录的前提条件 (145)将 iDRAC 注册为 Active Directory 根域中的计算机 (145)创建 Active Directory 对象并提供权限 (146)为 Active Directory 用户配置 iDRAC SSO 登录 (146)在 Active Directory 中创建用户以进行 SSO 登录 (146)生成 Kerberos Keytab 文件 (147)使用 Web 界面为 Active Directory 用户配置 iDRAC SSO 登录 (147)使用 RACADM 为 Active Directory 用户配置 iDRAC SSO 登录 (147)管理站设置 (147)启用或禁用智能卡登录 (148)使用 Web 界面启用或禁用智能卡登录 (148)目录7使用 RACADM 启用或禁用智能卡登录 (148)使用 iDRAC 设置公用程序启用或禁用智能卡登录 (148)配置智能卡登录 (149)为 Active Directory 用户配置 iDRAC 智能卡登录 (149)为本地用户配置 iDRAC 智能卡登录 (149)使用智能卡登录 (150)章 10: 配置 iDRAC 以发送警报 (151)启用或禁用警报 (151)使用 Web 界面启用或禁用警报 (151)使用 RACADM 启用或禁用警报 (152)使用 iDRAC 设置公用程序启用或禁用警报 (152)筛选警报 (152)使用 iDRAC Web 界面筛选警报 (152)使用 RACADM 筛选警报 (153)设置事件警报 (153)使用 Web 界面设置事件警报 (153)使用 RACADM 设置事件警报 (153)设置警报复现事件 (153)使用 RACADM 设置警报复现事件 (153)使用 iDRAC Web 界面设置警报复现事件 (153)设置事件操作 (154)使用 Web 界面设置事件操作 (154)使用 RACADM 设置事件操作 (154)配置电子邮件警报、SNMP 陷阱或 IPMI 陷阱设置 (154)配置 IP 警报目标 (154)配置电子邮件警报设置 (156)配置 WS 事件 (158)配置 Redfish 事件 (158)监测机箱事件 (158)使用 iDRAC Web 界面监测机箱事件 (158)使用 RACADM 监测机箱事件 (158)警报消息 ID (159)章 11: iDRAC 9 Group Manager (162)Group Manager (162)摘要视图 (163)管理登录 (163)添加新用户 (163)更改用户密码 (164)删除用户 (164)配置警报 (164)导出 (164)查找到的服务器视图 (165)作业视图 (165)作业导出 (166)Group Information（组信息）面板 (166)组设置 (166)在所选服务器上的操作 (167)8目录章 12: 管理日志 (169)查看系统事件日志 (169)使用 Web 界面查看系统事件日志 (169)使用 RACADM 查看系统事件日志 (169)使用 iDRAC 设置公用程序查看系统事件日志 (169)查看 Lifecycle 日志 (170)使用 Web 界面查看 Lifecycle 日志 (170)使用 RACADM 查看 Lifecycle 日志 (171)导出 Lifecycle Controller 日志 (171)使用 Web 界面导出 Lifecycle Controller 日志 (171)使用 RACADM 导出 Lifecycle Controller 日志 (171)添加工作注释 (171)配置远程系统日志记录 (172)使用 Web 界面配置远程系统日志记录 (172)使用 RACADM 配置远程系统日志记录 (172)章 13: 监测和管理电源 (173)监测功率 (173)使用 Web 界面监测 CPU、内存和输入输出模块的性能指标 (173)使用 RACADM 监测 CPU、内存和输入输出模块的性能指标 (174)设置功耗的警告阈值 (174)使用 Web 界面设置功耗警告阈值 (174)执行电源控制操作 (174)使用 Web 界面执行电源控制操作 (174)使用 RACADM 执行电源控制操作 (175)功率限额 (175)刀片服务器中的功率上限 (175)查看和配置功率上限策略 (175)配置电源设备选项 (176)使用 Web 界面配置电源设备选项 (176)使用 RACADM 配置电源设备选项 (176)使用 iDRAC 设置公用程序配置电源设备选项 (176)启用或禁用电源按钮 (177)多向量冷却 (177)章 14: 对网络设备执行资源清册、监测和配置操作 (178)资源清册和监测网络设备 (178)使用 Web 界面监测网络设备 (178)使用 RACADM 监测网络设备 (178)连接视图 (178)资源清册和监测 FC HBA 设备 (180)使用 Web 界面监测 FC HBA 设备 (180)使用 RACADM 监测 FC HBA 设备 (180)动态配置虚拟地址、启动器和存储目标设置 (180)支持 I/O 标识优化功能的卡 (181)支持 I/O 标识优化功能的 NIC 固件版本 (182)iDRAC 设置为远程分配地址模式或控制台模式时的虚拟地址/远程分配地址和持久性策略行为 (182)FlexAddress 和 IO 标识的系统行为 (183)目录9启用或禁用 I/O 标识优化功能 (184)配置持久性策略设置 (184)章 15: 管理存储设备 (188)理解 RAID 概念 (189)什么是 RAID (189)为了可用性和性能组织数据存储 (190)选择 RAID 级别 (190)比较 RAID 级别的性能 (196)支持的控制器 (197)支持的机柜 (197)支持的存储设备功能的摘要 (197)资源清册和监测存储设备 (201)使用 Web 界面监测存储设备 (201)使用 RACADM 监测存储设备 (202)使用 iDRAC 设置公用程序监测背板 (202)查看存储设备拓扑 (202)管理物理磁盘 (202)分配或取消分配物理磁盘作为全局热备用 (203)将物理磁盘转换为 RAID 或非 RAID 模式 (203)擦除物理磁盘 (204)擦除 SED 设备数据 (205)重建物理磁盘 (206)管理虚拟磁盘 (206)创建虚拟磁盘 (206)编辑虚拟磁盘高速缓存策略 (208)删除虚拟磁盘 (208)检查虚拟磁盘一致性 (209)初始化虚拟磁盘 (209)加密虚拟磁盘 (209)分配或取消分配专用热备用 (210)使用 Web 界面管理虚拟磁盘 (212)使用 RACADM 管理虚拟磁盘 (212)RAID 配置功能 (213)管理控制器 (214)配置控制器属性 (214)导入或自动导入外部配置 (217)清除外部配置 (218)重设控制器配置 (219)切换控制器模式 (219)12Gbps SAS HBA 适配器操作 (221)监测驱动器上的预测性故障分析 (221)非 RAID 模式或 HBA 模式下的控制器操作 (221)在多个存储控制器上运行 RAID 配置作业 (222)管理保留的高速缓存 (222)管理 PCIe SSD (222)对 PCIe SSD 进行资源清册和监测 (222)准备移除 PCIe SSD (223)擦除 PCIe SSD 设备数据 (224)10目录管理机柜或背板 (225)配置背板模式 (226)查看通用插槽 (228)设置 SGPIO 模式 (228)设置机柜资产标签 (229)设置机柜资产名称 (229)选择要应用设置的操作模式 (229)使用 Web 界面选择操作模式 (229)使用 RACADM 选择操作模式 (230)查看和应用挂起操作 (230)使用 Web 界面查看、应用或删除挂起操作 (230)使用 RACADM 查看和应用挂起操作 (231)存储设备 - 应用操作方案 (231)闪烁或取消闪烁组件 LED (232)使用 Web 界面闪烁或取消闪烁组件 LED (232)使用 RACADM 闪烁或取消闪烁组件 LED (233)章 16: BIOS 设置 (234)章 17: 配置并使用虚拟控制台 (236)支持的屏幕分辨率和刷新率 (237)配置虚拟控制台 (237)使用 Web 界面配置虚拟控制台 (237)使用 RACADM 配置虚拟控制台 (237)预览虚拟控制台 (237)启动虚拟控制台 (238)使用 Web 界面启动虚拟控制台 (238)使用 URL 启动虚拟控制台 (238)使用 Java 或 ActiveX 插件禁用虚拟控制台或虚拟介质启动过程中的警告消息 (238)使用虚拟控制台查看器 (239)基于 HTML5 的虚拟控制台 (239)同步鼠标指针 (241)通过 Java 或 ActiveX 插件的虚拟控制台传递所有键击 (242)章 18: 使用 iDRAC 服务模块 (245)安装 iDRAC 服务模块 (245)从 iDRAC Express 和 Basic 安装 iDRAC Service Module (245)从 iDRAC Enterprise 安装 iDRAC Service Module (246)iDRAC Service Module 支持的操作系统 (246)iDRAC Service Module 监测功能 (246)从 iDRAC Web 界面使用 iDRAC Service Module (252)从 RACADM 中使用 iDRAC Service Module (252)将 iDRAC 服务模块用于 Windows Nano OS (252)章 19: 使用 USB 端口进行服务器管理 (253)通过直接 USB 连接访问 iDRAC 界面 (253)使用 USB 设备上的服务器配置文件配置 iDRAC (253)配置 USB 管理端口设置 (254)目录11从 USB 设备导入服务器配置文件 (255)章 20: 使用 Quick Sync 2 (258)配置 iDRAC Quick Sync 2 (258)使用 Web 界面配置 iDRAC Quick Sync 2 设置 (259)使用 RACADM 配置 iDRAC 快速同步 2 设置 (259)使用 iDRAC 设置公用程序配置 iDRAC Quick Sync 2 设置 (259)使用移动设备查看 iDRAC 信息 (259)章 21: 管理虚拟介质 (260)支持的驱动器和设备 (260)配置虚拟介质 (261)使用 iDRAC Web 界面配置虚拟介质 (261)使用 RACADM 配置虚拟介质 (261)使用 iDRAC 设置公用程序配置虚拟介质 (261)连接的介质状态和系统响应 (261)访问虚拟介质 (262)使用虚拟控制台启动虚拟介质 (262)不使用虚拟控制台启动虚拟介质 (262)添加虚拟介质映像 (263)查看虚拟设备详细信息 (263)访问驱动程序 (263)重设 USB (264)映射虚拟驱动器 (264)取消映射虚拟驱动器 (265)通过 BIOS 设置引导顺序 (265)启用一次性虚拟介质引导 (265)章 22: 安装和使用 VMCLI 公用程序 (267)安装 VMCLI (267)运行 VMCLI 公用程序 (267)VMCLI 语法 (267)访问虚拟介质的 VMCLI 命令 (268)VMCLI 操作系统 Shell 选项 (268)章 23: 管理 vFlash SD 卡 (269)配置 vFlash SD 卡 (269)查看 vFlash SD 卡属性 (269)启用或禁用 vFlash 功能 (270)初始化 vFlash SD 卡 (271)使用 RACADM 获取上次状态 (271)管理 vFlash 分区 (271)创建空白分区 (272)使用映像文件创建分区 (273)格式化分区 (273)查看可用分区 (274)修改分区 (274)连接或断开分区 (275)12目录删除现有分区 (276)下载分区内容 (277)引导至分区 (277)章 24: 使用 SMCLP (278)使用 SMCLP 的系统管理功能 (278)运行 SMCLP 命令 (278)iDRAC SMCLP 语法 (279)导航 MAP 地址空间 (282)使用 show 动词 (282)使用 -display 选项 (282)使用 -level 选项 (282)使用 -output 选项 (282)用法示例 (282)服务器电源管理 (283)SEL 管理 (283)映射目标导航 (284)章 25: 部署操作系统 (285)使用远程文件共享部署操作系统 (285)管理远程文件共享 (285)使用 Web 界面配置远程文件共享 (286)使用 RACADM 配置远程文件共享 (287)使用虚拟介质部署操作系统 (287)从多个磁盘安装操作系统 (287)在 SD 卡上部署嵌入式操作系统 (288)在 BIOS 中启用 SD 模块和冗余 (288)章 26: 使用 iDRAC 排除受管系统故障 (289)使用诊断控制台 (289)重设 iDRAC 并将 iDRAC 重设为默认值 (289)计划远程自动诊断 (290)使用 RACADM 计划远程自动诊断 (290)查看开机自检代码 (290)查看引导和崩溃捕获视频 (291)配置视频捕获设置 (291)查看日志 (291)查看上次系统崩溃屏幕 (291)查看系统状态 (292)查看系统前面板 LCD 状态 (292)查看系统前面板 LED 状态 (292)硬件故障指示灯 (292)查看系统运行状况 (293)在服务器状态屏幕上检查错误消息 (293)重新启动 iDRAC (293)使用 iDRAC Web 界面重设 iDRAC (293)使用 RACADM 重设 iDRAC (293)擦除系统和用户数据 (294)将 iDRAC 重设为出厂默认设置 (294)目录13使用 iDRAC Web 界面将 iDRAC 重设为出厂默认设置 (294)使用 iDRAC 设置公共程序将 iDRAC 重设为出厂默认设置 (295)章 27: iDRAC 中的 SupportAssist 集成 (296)SupportAssist 注册 (296)安装服务模块 (297)服务器操作系统代理信息 (297)SupportAssist (297)服务请求门户 (297)集合日志 (297)生成 SupportAssist 收集 (297)使用 iDRAC Web 界面手动生成 SupportAssist 收集 (298)设置 (298)收集设置 (299)联系信息 (299)章 28: 常见问题 (300)系统事件日志 (300)网络安全性 (301)Active Directory (301)单一登录 (302)智能卡登录 (303)虚拟控制台 (304)虚拟介质 (306)vFlash SD 卡 (308)SNMP 验证 (308)存储设备 (308)iDRAC 服务模块 (308)RACADM (310)永久设置默认密码至 calvin (310)其他 (311)章 29: 使用案例场景 (315)排除受管系统不可访问的故障 (315)获取系统信息和访问系统运行状况 (315)设置警报和配置电子邮件警报 (316)查看并导出系统事件日志和生命周期日志 (316)用于更新 iDRAC 固件的界面 (316)执行正常关机 (316)创建新的管理员用户帐户 (316)启动服务器远程控制台和挂载 USB 驱动器 (317)使用连接的虚拟介质和远程文件共享安装裸机操作系统 (317)管理机架密度 (317)安装新的电子许可证 (317)在一次主机系统重新引导中为多个网卡应用 I/O 标识配置设置 (317)14目录1概览Integrated Dell Remote Access Controller (iDRAC) 设计用于提高系统管理员的工作效率和 Dell EMC 服务器的整体可用性。

Access软件的基本使用教程Access是微软公司推出的一款数据库管理软件，它是微软Office套件的一部分。

Access可以用来创建和管理数据库，包括建立数据库表、查询数据库信息、设计报表和表单等功能。

Access的使用相对简单，但是功能强大，可以满足不同用户的各种需求。

本文将介绍Access的基本使用教程，帮助读者快速入门和掌握该软件的基本操作。

一、Access的安装和启动1.下载和安装Access首先，我们需要下载并安装Access软件。

Access通常是作为Office套件的一部分提供的，所以只需要安装Office套件即可获得Access。

用户可以直接从微软官网下载Office套件安装包，根据提示完成安装过程即可。

2.启动Access安装完成后，我们可以在开始菜单或桌面上找到Access的图标，双击图标即可启动Access软件。

二、创建新的数据库1.创建新的数据库启动Access后，我们首先需要创建一个新的数据库。

在Access启动界面上，选择“新建”，然后选择“空白数据库”，填写数据库名字和保存路径，点击“创建”按钮即可创建一个新的数据库文件。

2.导入外部数据除了创建新的数据库，Access还支持导入外部数据来创建新的数据库。

用户可以选择“外部数据”选项卡，然后选择导入的数据来源，比如Excel、文本文件等，按照提示完成数据导入过程即可。

三、数据库表的设计和管理1.创建新的表在新建的数据库中，我们可以创建新的表来存储数据。

选择“新建”选项卡，然后选择“表格设计”或“表格视图”，按照提示填写数据字段和类型，即可创建新的表格。

2.编辑表格结构创建好表格后，我们还可以对表格的结构进行编辑和管理，包括添加新的字段、修改字段类型、设置主键等操作。

在表格视图中，双击字段名即可编辑字段属性。

3.添加数据创建好表格后，我们可以向表格中添加数据。

选择表格视图，点击“新建记录”按钮，在新建记录的编辑框中填写数据，点击保存按钮即可向表格中添加新的数据记录。

Fiery XF 7© 2018 Electronics For Imaging, Inc. 此产品的《法律声明》适用于本出版物中的所有信息。

2018 年 12 月 19 日目录Fiery Command WorkStation 概述 (11)Job Center (11)用于管理队列中作业的命令 (12)工具栏图标 (12)作业搜索 (13)Job Editor (14)Server Manager (14)系统维护 (14)配置 Command WorkStation (16)登录到多个 Fiery 服务器 (16)移除 Fiery server (16)添加更多打印机 (16)配置网络打印机 (17)配置通过 USB 连接的打印机 (17)配置打印到文件输出 (18)承印材料和工作流程 (18)配置承印材料 (19)配置工作流程 (19)配置用户帐户 (23)登录到 Command WorkStation (24)注销 Command WorkStation (24)导入作业 (25)直接导入作业到 Job Center (25)在导入时自动处理作业 (26)热文件夹和虚拟打印机 (26)配置热文件夹 (27)配置虚拟打印机 (27)Fiery XF Universal Driver (28)安装 Universal Driver (28)登录到 Universal Driver 并打印 (28)Universal Driver 设定 (29)配置打印机设定 (30)开始打印 (30)取消作业处理 (31)PostScript 和 PDF 作业 (32)切换到不同的 PDF 打印引擎 (32)EPS 作业检测 (33)为 EPS 作业检测设置时间推移或更改输入分辨率 (33)采用 RIP 自动分色 (33)设置 Command WorkStation 如何处理 in-RIP 信息 (34)页面框定义 (34)指定页面框 (35)工作色彩空间 (35)应用工作色彩空间 (35)在合成作业中套印 (36)在合成作业中模拟套印 (36)管理 PDF 作业中的非嵌入字体 (36)将多页 PDF 作业作为单页加载 (36)编辑作业 (38)旋转作业 (38)翻转作业 (38)缩放作业 (38)对齐印张上的作业 (39)裁切作业 (39)撤销作业编辑 (40)将作业设定另存为工作流程 (40)可视辅助工具 (40)更改测量单位 (41)放大 (41)打开对齐 (42)设置标尺坐标 (42)使用参考线 (42)显示可视辅助工具 (42)作业标签 (43)创建或编辑作业标签 (43)打印作业标签 (43)调整作业标签的大小 (44)控制栏 (45)选择控制栏 (45)创建动态楔入 (45)跨两行打印作业标签 (46)嵌入 (47)嵌入所有作业 (47)强制嵌入以打印 (48)嵌入所选作业 (48)添加、移除或删除套叠式作业 (48)克隆套叠式作业 (49)重命名嵌入 (49)排列套叠式作业 (49)在印张上将所有套叠式作业对齐 (49)编辑套叠式作业 (50)缩放套叠式作业 (50)在印张的固定位置锁定套叠式作业 (50)添加套叠式作业周围的边距 (51)打印多页 PDF 的所选页面 (51)平铺 (52)创建平铺 (52)创建具有重叠效果的图素 (53)打印具有粘合区域的图素 (53)调整图素大小 (54)将图素边缘锁定到固定位置 (54)合并或拆分图素 (54)显示和保存平铺预览 (55)拆分图素以进行打印 (55)对平铺作业进行后期编辑 (56)步骤和重复 (57)创建步骤和重复 (57)修改步骤和重复 (58)作业合并 (59)设置自动作业合并的工作流程 (59)手动合并作业 (60)校准和生成特性档工具 (61)启动 Color Tools (61)校准打印机 (61)非　EFI　宽幅打印机的校准过程 (62)EFI 宽幅打印机的校准过程 (68)打印机优化 (75)为承印材料特性档优化进行设定 (76)选择一个 L*a*b* 优化文件。

access-list（访问控制列表）总结[精选合集]第一篇：access-list(访问控制列表)总结access-list(访问控制列表)总结ACL的作用ACL可以限制网络流量、提高网络性能。

例如，ACL可以根据数据包的协议，指定数据包的优先级。

ACL提供对通信流量的控制手段。

例如，ACL可以限定或简化路由更新信息的长度，从而限制通过路由器某一网段的通信流量。

ACL是提供网络安全访问的基本手段。

如图1所示，ACL允许主机A访问人力资源网络，而拒绝主机B访问。

ACL可以在路由器端口处决定哪种类型的通信流量被转发或被阻塞。

例如，用户可以允许E-mail通信流量被路由，拒绝所有的Telnet 通信流量。

ACL的配置ACL的配置分为两个步骤：第一步:在全局配置模式下，使用下列命令创建ACL：Router(config)# access-list access-list-number {permit | deny } {test-conditions}其中，access-list-number为ACL的表号。

人们使用较频繁的表号是标准的IP ACL（1—99）和扩展的IP ACL（100－199）。

第二步：在接口配置模式下，使用access-group命令ACL应用到某一接口上：Router(config-if)# {protocol} access-group access-list-number {in | out }其中，in和out参数可以控制接口中不同方向的数据包，如果不配置该参数，缺省为out。

ACL在一个接口可以进行双向控制，即配置两条命令，一条为in，一条为out，两条命令执行的ACL表号可以相同，也可以不同。

但是，在一个接口的一个方向上，只能有一个ACL控制。

值得注意的是，在进行ACL配置时，网管员一定要先在全局状态配置ACL表，再在具体接口上进行配置，否则会造成网络的安全隐患。

访问控制列表使用目的：1、限制网络流量、提高网络性能。

门禁故障现象（Access control failure phenomenon）Common faults and elimination of access control systemMalfunction 1One machine is out of communicationPossible causes:For the specific number of access control, first disconnect the communication line and measure the voltage of the entrance guard communication line A and B, the value is about 2.3V, otherwise the communication chip may be a problem;Check the communication bus A, B terminal voltage, there is no 5V or so, if not, then the other access control on the bus access problems, you need to check one by one.Malfunction 2Access control light does not flash or buzzer interrupted alarmPossible causes:Check the power supply voltage below 9V, the voltage may be too lowCheck whether a short circuit or circuit board components.Malfunction 3No response to reading cardPossible causes:May be the work of the microcontroller is not normal, need to restartThe card is incorrectMalfunction 4Close the card to the reader, the buzzer doesn't turn off, the indicator doesn't respond.Possible causes:Check the card for damageCheck whether the supply voltage is normalChange the card reader againMalfunction 5485, network controller can not communicate with the computer properlyPossible causes:Check the power converter is connected to the 485 signal; Xian Zheng, check whether the reverse negative converter; check theserial port of the computer is normal, there is no normal connection or by other program, close other programs or replace the serial port or host;Check that the software settings are correct;Is the serial number of the controller added correctly: check whether the product serial number in the "controller" settings of the controller is labeled with the silver on the controller board "S/N":On "the two five digit.The distance from the controller to the 485 converter exceeds the effective length 1200M;The communications line is for UTP or communication lines, whether the structure mode: hand in hand or line interference, communication can not be normal.Malfunction 6The TCP/IP controller is not communicating properly with the computerPossible causes:If the controller's RX/LINK lights out: check the LAN, the network device and the line is normal;If the RX/LINK lights of the controller blink: close thefirewall of the operating system and check whether the IP address is the same as the LAN IP address.Malfunction 7Credit card doesn't openPossible causes:The communication between the reader and the controller is bad. Check whether the data line D0 and D1 of the reader are connected or out of order.Whether the door is set to "normally closed" state, even if the button does not open the door, you can check the gatekeeper state on the management software.Check if the card is authorized and upload it to the controller.If the card reader is in the wrong position, use the multi door controller to see if the card reader is in the wrong position. For example, the card reader of No.1 door is inserted into the card reader position of gate two.Change the card reader and see if the card reader is out of orderMalfunction 8Put the valid card close to the reader, the buzzer rings, and the LED indicator changes, but the door lock is not open.The connection between the controller and the electric power line is not correct or looseElectric power shortage (electricity requires a separate power supply)Lock fault;The mechanical lock of the lock and the latch of the electric mortise lock;Power is not enough, the controller, card reader, the lock can not work normally.The door is badly deformed or the magnetic door lock is not installed properly, which leads to the reduction of the contact area between the iron plate and the lock body.Electric plug lock tongue bounce or instability, may supply voltage lock, switching power supply power line or bold replacement of power, and to lock a separate power supply.Common troubles and troubleshooting of road gateMalfunction 1Turn on the power supply, the main board power indicator and the running indicator light are not onCheck the motherboard F1 (5A/250V) fuse for damage12V BR1: voltage detection with red pen + feet, multimeter voltage readings should be greater than 12V5.0V voltage detection: connected with LM7805 red pen third feet (U22 third feet), multimeter voltage readings should be 5.0VMalfunction 2After the car, the gate does not fall off (with the vehicle detector to control the rod)Possible causes:Check that the connection between the vehicle detector and the motherboard is firm and correctThe grounding coil is not well laid or damagedThe sensitivity of vehicle detector is not adjusted properlyVehicle detector crash or damageCheck the motherboard U3 (PC357) patch coupling is damagedMalfunction 3Stop when the landing gear is not in placePossible causes:Control motor running time is wrong (motherboard, SMD16 address, dial switch setting time)Check whether the switch is in placeMalfunction 4When the gate is in place, the manual or vehicle detector can not make it fall down. It must be stopped in order to drop in placePossible causes:The motherboard program is missing and may cause the main CPU to fail to run normally. (burn the motherboard program again)Malfunction 5When the gate is on the rise, the pole should be held in hand before it can be put in place. Changing the main board can not solve the problemPossible causes:Spring may be too loose (spring tightening some)Malfunction 6The status of the display does not show or the landing gear does not changePossible causes:Does the switch power supply the power to the display screen normal?Is the control line between the motherboard and the screen firmly and correctly?Malfunction 7Press the triple button, the brake cannot lift the pole, and the motor worksPossible causes:Check whether the K1 (G4A-1A-PE) relay is damagedCheck whether the K2 (G4A-1A-PE) relay is damagedMalfunction 8G - F86 no indication or stateless control changes in the status indicator boardPossible causes:Check whether the voltage on the main board to the currentstatus indicator board is normalCheck that the status indicator U1 (LM2575) has an 5V outputCheck whether the transient status indicator T1 (36V/500W) transient suppressor is damagedCheck the status of the motherboard to the status indicator board to control whether the connection is firm and correctCheck whether the main board Q4 and Q5 (9013) patch transistor are damagedMalfunction 924V light band is not brightPossible causes:Is the connection between the motherboard and the light band firm and correct?Check that the light belt is badCheck the motherboard F2 (3.15A/250V) fuse for damage Check that the main board K3 (HF43F/012HS2G) relay is damagedCheck whether the main board BR2 (1A/200V) rectifier bridge is damagedCheck that the main board TR1 (18V/12W+9V/8W) transformer has AC 18V outputCommon faults and troubleshooting ballot boxesMalfunction 1The power switch, the air switch opens the main board and the Chinese display screen, without any displayPossible causes:Check whether the switch power supply has the corresponding power output, and whether the connection between the switch power supply to the main board and the display panel is connectedCheck whether the power input socket is inserted in place and whether the connection screw is tightenedMalfunction 2The power input is normal, the G - F900 motherboard power indicator is not displayed or the operation instructions are not blinkingPossible causes:12V voltage detection: the multimeter to measure DC voltage profile, with the black pen to the motherboard GND (hereinafter, empathy) received 2575 fourth feet with the red pen (U1 fourthfeet), multimeter voltage readings should be 12V5.0V voltage detection: connected with U2 red pen fourth feet, multimeter voltage readings should be 5.0V3.3V voltage detection: connected with U3 red pen second feet, multimeter voltage readings should be 3.3V1.8V voltage detection: connected with U4 red pen second feet, multimeter voltage readings should be 1.8VMalfunction 3The power input is normal and the Chinese display is not displayedPossible causes:Check the screen control panel TVS4 (36V/500W) transient suppressor for damage5V voltage detection (G - 81): 2575 fourth feet with the red pen (U8 fourth feet), multimeter voltage readings should be 5.0V5V voltage detection (G - 81): 2576 fourth feet with the red pen (U10 fourth feet), multimeter voltage readings should be 5.0V3.3V voltage detection (G - 81): 1117 second feet with the red pen (U3 second feet), multimeter voltage readings should be3.3VMalfunction 4The card near the box read head card, can hear "beep" sound, Chinese display "invalid card"Possible causes:The card is invalid (not issued or authorized)The card has been issued and has not downloaded its valid permissions to the motherboardMalfunction 5The small boxes in the card when the sound is normal, no gate signal outputPossible causes:Check box board U26 (PC357) coupling is damagedCheck box board Q1 (9013) is damaged triodeCheck box board TVS24 (18V/500W) transient suppressor is damagedThe 6 boxes in failure when the credit card sound normal, normally open gate signal or output relay often jumpPossible causes:Check box board Q1 (9013) is damaged triodeCheck that the main board relay K1 (HFD41-005-HS) is damaged Check that the motherboard U11 (M74HC573M1R) is damagedCheck the motherboard exclusion PR10 (1K*4) is short circuited,.Malfunction 7The parking management software failed to communicate with the motherboardPossible causes:Check if the computer serial port is damagedCheck whether the connection between the 485 card and the motherboard is correct (485 cards are good)Check whether the serial port in the software is consistent with the actual serial portCheck whether the baud rate of the corresponding serial port in the software is 19200Check that the motherboard U6 (MAX487) IC is damagedCheck whether the motherboard address matches the address set by the softwareThe fault phenomenon of 8 valid card at the entrance of the ballot box card can not be normal admission, voice prompt "please wait", "16 motherboard error code display"Possible causes:The number of parking spaces in the yard is too small to cause the yard to be fullThe server of the depot is not set up or the CAN line is not connected properlyMalfunction 9LED Chinese screen information download failure or display content does not match the contents of the systemPossible causes:Check whether the main board and the screen board communicate properly and securelyCheck that the motherboard U7 (MAX487) IC is damagedCheck that the panel control panel U7 (MAX487) IC is damagedCheck the display panel, control panel TVSI, TVS2, and TVS3 (12V/500W) transient suppressor for damageMalfunction 10LED Chinese display screen fonts incomplete, the lack of bright spots, flower screen and so onPossible causes:Check that the display drive IC:4953/74HC595/74HC138 is damagedCheck whether there is a LED lattice module of weld or damagedCheck whether the socket of the display panel and the display panel are fastenedCheck the display panel, U5, U6 (74HC4050) IC for damage。