Newbie question

I apologize for throwing this up without more complete searching.

I was recently (2 days ago) told to go install the Canopy at a construction site for the sites supervisor trailers. I have no experience with the Canopy solution and have managed to get the AP up and 6 SM’s without much issue. I have changed the color codes and set the frequency, but now I am running into a question I can’t answer. How do I configure or verify that only the SM’s I want to connect to the AP, connect to the AP? The site wants to make sure that a competitive builder can’t buy a SM and point it at the AP and get connectivity :? . What is the best way to ‘lock down’ the availability?


Once all your SM’s are connected, login to the AP and select the Option for “Disable SM Privacy Scan”. I believe that is what it is called. This will prevent an SM from using its “AP Eval” Option to scan the airwaves for Canopy AP’s.

This will make it fairly difficult for anyone else to register an SM with your system. They have a limited number of frequencies they could try, and succeed via trial-and-error, but they also need to know the Color Code which makes for more combinations.

I still think Canopy needs to implement a MAC Address authentication algorithm in their APs. This way you could enter a list of Permitted MAC Addresses in the AP page and only those can connect. However, MAC addresses are easily spoofed, but it would still make for one more layer of security.

The other option would be to purchase the BAM software which essentially does the MAC authentication I speak of, but runs on a server as a software application as opposed to being integrated into the firmware of an AP.

You could install a subscriber gateway. This would go between the AP and the router, or in some cases replace the router.

A well functioning, low cost gateway is a Nomadix HSG. This unit will allow you to authenticate each user’s PC, laptop, pda, or other device by MAC. Each user only needs to be authenticated once. Since they dropped alot of bucks on the network, I am sure they won’t be too concerned with the cost of the Nomadix HSG.

There are some open source firmware upgrades for routers that act as Hot Spot Gateways as well, however for a commercial client, I would probably go with the formally supported commercial product like the Nomadix.

Never used nomadix but something like that is what I would go for…
I would use a Mikrotik

Thank you much Msmith - and all the other responses. The disabling of the scanning should cover their current requests. They won’t want to add any extra software or other pieces, so I think the BAM software is not an option at this time.

Only problem is if you put your SM into “Alignment” it will show you the color code of any AP out there… Whether or not AP Eval is enabled or disabled.

mmm… gonna try this… .I didn’t know that… thats rubbish if it does…

moose, I just tried with my SM I have at home. I shoot right beside the Xplornet site to get to ours (you know the one :lol: ) and I could only see the RF level, no decoding of the color code. More details on the set up of the SM would be good. :smiley:


Scan all freqs, as well try both HWS and SWS…
I can always see my own when I have the wrong or default “0” CC in my SM. As well can always see my neighbors AP. My AP’s all have Eval turned off.

yea just use a microtek and authinicate via ip

I used to turn our Ap aval off in the Ap. But now I don’t since you can see everything with the alinment tool anyway.

I leave it on. It’s a good testing tool for me. Now if it did hide me from everyone that didn’t know my color code. Dang right I would hide my Ap.