Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1520
Views
0
Helpful
3
Replies

Broadcast SSID for Voice?

dbrennan_1
Level 1
Level 1

‎09-06-2017 11:26 AM - edited ‎07-05-2021 07:37 AM

Is it best to broadcast a voice SSID?
Labels:
0 Helpful
3 Replies 3

Rasika Nayanajith
VIP
VIP

‎09-06-2017 02:34 PM

YES, If you do not want to see strange behaviors from client, broadcast your SSID

No value in hiding any SSID, it does not provide any security measures.

 

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

RichardAtkin
Level 3
Level 3
In response to Rasika Nayanajith

‎09-29-2017 06:32 AM

This^^.  Broadcast it for all networks, not just VoIP.  Hiding it is not secure at all.

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎01-20-2018 07:57 PM - edited ‎01-20-2018 08:00 PM

What to expect when hiding SSID from Beacon:-

client scanning process:-
#In general, Scanning process should collect all the ssid info by listening to beacons on the channels and send broadcast/unicast probes only to those channels only. but if only 1, 6, and 11 had APs, there would be no point in sending probes to channel 8. otherwise, it could be a violation of regulatory DFS if a client just broadcasted on any 5GHz channel. it needs to hear a "master device" first before it can xmit on some 5GHz channels. Also, no point in sending probes to channels without beacons.

Broadcast probe handling by cisco AP:-
#When probing hidden ssid, AP won't respond to a client sending a broadcast/wildcard ssid probe (to all F's).
#When probing hidden ssid, AP will respond to a client sending a broadcasted probe (to all F's) with requested ssid name or directed probe (to the AP BSSID)
#Client needs to send probe request with correct wlan name for the successful connection. It happens only when user types the ssid on selecting the other/blank ssid which sends out the unicast probe request to APs on listened beacons from those channels.
#On AP, debug dot11 rxprobe shows received client probes from both 2.4 and 5ghz radios.
#debugs that may show the complete transaction.
debug dot11 dot11radio0 monitor probe
debug dot11 dot11radio0 mgmt

if you only want to focus on one client, you can filter with "debug dot11 dot11radio0 monitor address h.h.h"

Client behavior:-
#Some wireless client may not even show hidden ssid and require to manually configure a profile with correct wlan name.
#Some Smart clients may show the non-broadcast ie., hidden ssid as other/blank and provide an opportunity to connect to hidden ssid. (They never figure out the SSID, but they know a network is there cuz they hear beacons from a different BSSID than their other scan list).

#Client sending non-standard/in-correct probe request frames.
#On some clients it may appear to work on fresh or initial connection, it will start giving issues when we unhide the same ssid or move from bcast ssid to hidden ssid OR any similar combination. However, at all cases AP should respond with unicast probe response for received unicast probe requests.
#Some clients do remember the last joined network for short while or permanently saved automatically based on vendor implementation.
#roaming between a broadcasted network and non-broadcasted networks could cause some problems, depending on how the client-vendor implemented their profile searching.

QnA:-
Is there a way to enable an option to respond for bcast probes?
No, the whole reason of not broadcasting the SSID would be pointless if the AP responded to a broadcast probe, however enable to broadcast the SSID instead.

What's the point in hiding Guest/Open wlan?
As long as client is not witnessing issues when initially connecting and roaming then its fine.

What's the point in hiding Guest/Open wlan?
It offers no security and some client can't see the hidden ssid and can't connect. On client that showing the blank/other ssid require manual intervention to input the ssid name. Its not guest wlan, if hidden because user must know the exact SSID in order to even create their profile or to join the blank SSID that appears in their list.

Why don't hiding ssid offer security?
easy for anyone to figure out the SSID by doing: watch directed probes to clients that already know about the network or watch the association process from a client that is joining the network. it just keeps the casual person from seeing it in their computer's scan list

Are hiding the ssid part of wi-fi certification?
No, NOT advertising the SSID was never a Wi-Fi test, so it is possible that some vendors implemented this differently than others. Wi-Fi Alliance never supported it or tested that scenario however 802.11 allows for it. And it causes interop issues.

Useful filters:-

hidden ssid Beacons + probe req with specific ssid + probe resp with specific ssid.
(wlan.fc.type_subtype == 0x0008 && wlan_mgt.ssid == "") || (wlan_mgt.ssid == "hidden-ssid" && wlan.fc.type_subtype == 0x0004) || (wlan_mgt.ssid == "hidden-ssid" && wlan.fc.type_subtype == 0x0005)

To only see all non-broadcasted ssid beacons at that location.
(wlan.fc.type_subtype == 0x0008 && wlan_mgt.ssid == "")
*Should able to see beacons from APs with no/blank ssid.

probe req and resp for specific client:-
(wlan.sa == 20:02:af:7a:fa:38 && wlan.fc.type_subtype == 0x0004) || (wlan.da == 20:02:af:7a:fa:38 && wlan.fc.type_subtype == 0x0005)
*It should show both the directed and broadcast probe requests and directed probe response from specific client.

For all clients, probe req with specific ssid and respective probe resp with same/specific ssid.
(wlan_mgt.ssid == "hidden-ssid" && wlan.fc.type_subtype == 0x0004) || (wlan_mgt.ssid == "hidden-ssid" && wlan.fc.type_subtype == 0x0005)
*For all trying clients on that channel should show both the directed and broadcast probe requests and respective directed probe response.

All unicast probe response from AP with specific ssid:-
(wlan_mgt.ssid == "hidden-ssid" && wlan.fc.type_subtype == 0x0005)

External References from different AP ininfrastructureendors:-

Apple/Win issue:-
https://supportforums.cisco.com/discussion/11854701/problem-connect-ipad-wifi
https://supportforums.cisco.com/discussion/10862136/clients-try-connect-hidden-ssid

not suggested to hide ssid:-
http://community.arubanetworks.com/t5/Wireless-and-RF/trouble-with-hidden-SSIDs/td-p/2630

Apple/Broadcom client issue when hiding the ssid.
https://forums.ruckuswireless.com/ruckuswireless/topics/enabling_hidden_ssid_drops_80_of_clients

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card