Security Problem of SM register ?

Without BAM, I suggest when a SM will register to a AP , its mac address or ESN number must be inputed into AP, so AP can finish basic SM registering Authentication.

BAM is expensive soft for a small system, and most of wireless system is not large.

And most of wirelss system , for example, wilan, cisco, WesternMultiplex,alvarion .They all have basic security solution,not bam.

so I hope Canopy R&D can change security solution for a small system. it is very simple for you if you can do it.

and I hope to know the response of you. thank you.

I agree, but implementing this feature in the AP’s would pretty much eliminate the need for BAM. Everything that BAM once did would be available at the AP level, i.e. bandwidth throttling and authentication. Motorola charges for BAM, they don’t charge for firmware downloads/updates.

I would personally like to see that feature implemented at the hardware level in the AP’s, but I don’t really think it is going to happen.

One compromise for this would be to implement a radius client in the AP, so that the AP can direcly interface with a radius server to authenticate the incoming MAC address of the SM, and retrieve bandwidth/VLAN data for the connection.

As you say, this would eliminate BAM for some customers. Is this such a bad thing?

I would pay an extra license charge to upgrade an AP to enable authentication via radius and not have the hassle of supporting a proprietory platform with all of its quirks.

An open-standards radius based solution would be more flexible in the long run and BAM must give Motorola enough headaches with development and support. I guess my main argument here is “why have you re-invented this wheel, Motorola?”. If people like the BAM setup and front end, great, they can use it. Other folks who just want the back-end functionality of what BAM gives could then go the AP direct to radius server route.

I’ll get down off my high horse now! :lol:


We have a number ofolder networks out there using MDS iNET radios. The subs units (they call them Remotes) have alist of “Allowed Access Points” and the AP’s have an “Allowed Remotes” list for entering MAC addresses.

BAM is a pain in the a$$ (my humble opinion). It would be really nice to have that list - at least in the AP’s.


If you think about it, this would be a nice feature but could get in the way when it comes to troubleshooting. Depending on how your sector is physically designed, and depending on your color code configurations, an SM might possibly be able to connect to more than one AP. In this case, the MAC of the SM would have to be entered in multiple AP’s.

What about implementing the MAC authentication in the CMM Micro? If an AP sees an SM attempting to register, it extracts the MAC and queries a table in the CMM Micro. This would allow for one central location to manage all MAC’s in the network. Just change the BAM Server IP address field in the AP’s config to something like “MAC Authentication Server IP Address”, and put your CMM Micro’s IP address in there.

Once again it comes down to the fact that Motorola charges for BAM.

The possibility of an SM connecting to more than one AP is already there - we enter all three (in some cases) non-overlapping freqs into the SM so it can rereg if (for some reason) it’s main AP goes down. This has caused us a couple problems of an SM with borderline signal from two AP’s jumping back and forth.

As for the idea to have the list in the CMMmicro - I like that. Fantastic idea. I would rather pay a little more for the CMM to have that feature right there - one “authentication server” at each site. Yup, I really like that a lot.