Encrypted Timeslot and Unencrypted Timeslot Repeater

[spitzman]

Has anyone ever deployed a DMR repeater with one timeslot an encrypted TG and the second timeslot an unencrypted TG? I have a case where we're trying to use TS1 as an encrypted or restricted system (to keep others off) and using TS2 as a more open talkgroup.

For example, TS1 using Motorola's RAS feature and MotoTRBO radios and TS2 open to any radio (like a Baofeng). I had read somewhere that the Motorola SLR5700 only supports all RAS or no RAS on both Timeslots.

 

[TampaTyron]

Nope. RAS is repeater wide (or system wide if on a larger system). Also, MOTOTRBO repeaters don't care of something is encrypted, it passes audio packets.

TT

 

[spitzman]

Nope. RAS is repeater wide (or system wide if on a larger system). Also, MOTOTRBO repeaters don't care of something is encrypted, it passes audio packets.

TT

Good to know. So the encryption/decryption happens on the mobile or portable itself and there would be no AES/RC4 etc config on a repeater? So you technically could share a TG with a mixture of encrypted and unencrypted radios. The encrypted radios will work fine and the unencrypted radios will hear gibberish, but two unencrypted radios would work fine.

 

[alcahuete]

Correct. The AES/ARC4 would happen on the radio. Remember that RAS is not encryption. RAS out of the picture, you can run encryption on one timeslot and no encryption on the other like you talked about originally. It won't keep others off the repeater, but they aren't going to be able to hear/decode your transmissions.

 

[KC4YIN]

What you can try is a feature called Radio I.D. Range check.
It's just under RAS in the CPS.
What you do is set certain ranges of radio I.D. 's for the repeater to listen for. If the user's I.D. is in the range of i. d.'s you have blocked then it will not key the repeater and the offending user will get BONKED.
You assign certain ranges of i.d.s to pass in the repeater and certain ranges of i.d.s to be blocked. Just make sure the user's i.d. is in the blocked list.

 

[spitzman]

Correct. The AES/ARC4 would happen on the radio. Remember that RAS is not encryption. RAS out of the picture, you can run encryption on one timeslot and no encryption on the other like you talked about originally. It won't keep others off the repeater, but they aren't going to be able to hear/decode your transmissions.

To do this would still lock someone to the Motorola ecosystem? I don't think RAS is supported on anything non-motorola?

 

[TampaTyron]

RAS is used to exclude any non-Moto users. It is the primary reason every new digital channel in a repeater automatically is RAS protected.

The only thing in a Moto DMR repeater that cares about encryption is the Privacy setting. Set to Basic if running Basic Privacy (255 keys) or Enhanced (40 million keys). I know if you set it to no Privacy or the wrong Privacy type, then you will start missing calls or having audio holes. If running AES, then you must set repeaters to Enhanced.

Moto DMR (and most/all DMR repeaters?) are essentially just dumb comunity repeaters with 2 separate slots. If your frequency, slot, and Color code are correct.... then it just repeats what it hears on the input. Valid talkgroup ID range is 1-16 million and change, Valid radio ID range is 1-16 million and change. Way easier than an old analog community repeater with PL/DPL tones.

Obviously, Capacity Plus, RAS, etc are different than this.

TT

 

[spitzman]

Makes sense. Thanks for all the replies. I'm not sure which route I'll go. I like the Motorola repeaters and their portable/mobile offerings. I think they far exceed the Baofeng's, Radioddity, Retevis, etc radios. However, I'm not sure if a Hytera repeater would be a better option to allow for those expensive, name brand radios and to do encryption but then also allow a pool of the cheaper radios with no encryption.

 

[tweiss3]

Don't forget Kenwood NXR-1000 series will do DMR as well, it's always good to have other options to evaluate and compare costs.

 

[spitzman]

Don't forget Kenwood NXR-1000 series will do DMR as well, it's always good to have other options to evaluate and compare costs.

Thanks for that. I'm feeling like I'm better off just getting any one repeater and then getting AES capable radios since that seems to be the standard. With what @TampaTyron said, I think all the repeaters (Moto, Hytera, Kenwood) all can repeat AES encrypted radios. Then I can use the other timeslot with cheaper radios for my unencrypted group. I was doing some more reading on DMR AES and it sounds like the data frames that contain the TGID CC, etc are separate from the AES encrypted voice frames. Which makes sense how a digital repeater is "dumb" and just repeats what it hears on those valid TGID's and CC's. The only downside is someone could pick up those TGIDs and CC's and let themselves in on the system unless we went 100% Motorola and enabled RAS.

 

[alcahuete]

To do this would still lock someone to the Motorola ecosystem? I don't think RAS is supported on anything non-motorola?

Well...kinda. If you use the normal RAS, yes, you are limited to Mototrbo. As somebody else had mentioned, you can also use RAS to do an ID check. That will work with any radio. But of course, somebody can just pick up your radio ID, program theirs to match, and just get right on the system.

If you want a mixed system, just use ARC4 or AES and be done with it. If you're worried about other people getting on your repeater and using it, then use RAS.

 

[spitzman]

Well...kinda. If you use the normal RAS, yes, you are limited to Mototrbo. As somebody else had mentioned, you can also use RAS to do an ID check. That will work with any radio. But of course, somebody can just pick up your radio ID, program theirs to match, and just get right on the system.

If you want a mixed system, just use ARC4 or AES and be done with it. If you're worried about other people getting on your repeater and using it, then use RAS.

Makes sense. Thanks for the reply! I'll probably do a mixed system with ARC4 and then try out the ID check.