cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
856
Views
0
Helpful
9
Replies

Disable Broadcast SSID From some APs

Good day,

I have WLC 4404 Controller with 180 LWAPP. i want to disable Broadcast SSID from some specified APs not all. is it possible to do that with 4404 WLC controller.

thanks for your interest.

Best regards,

9 REPLIES 9
Leo Laohoo
VIP Community Legend

You can create a different SSID and put those WAPs in a different AP Group.

blakekrone
Enthusiast

What is the reasoning behind disabling the broadcast of the SSID? This will cause issues with some client devices, Microsoft actually has a TechNote regarding this and that they won't support any issues that arise while trying to connect to a non-broadcasted network. Not broadcasting the network doesn't gain you anything from a security perspective either.

To that end, Leo is correct, you would need to create an SSID like normal with the broadcast SSID checkbox left unchecked, then create a new AP group and add that SSID + interface map along with the APs you want this to be on. Just remember that all your SSIDs need to be added to that new group, there is no concept of inherited the default group SSIDs. Only what is in the AP group will be available on those APs.

[quote]

This will cause issues with some client devices, Microsoft actually has a TechNote regarding this and that they won't support any issues that arise while trying to connect to a non-broadcasted network. Not broadcasting the network doesn't gain you anything from a security perspective either.[/quote]

Just because Microsoft can't code a proper supplicant to use probes instead of relying on beacons is beside the point!

The only reason to not broadcast the SSID is so it's not sent in the clear in the beacon, so most clients won't know it's there.  While it is still in the probe request/response, the average user isn't sniffing for them to try and hack a network.

just my $.02

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

Actually....

Per the 802.11-2007 standard the Service Set Identifier is a mandatory and required field for the Beacon frame. Section 7.2.3.1, page 80 of the pdf.

Also, per 802.11i-2004 standard a computer can choose to refuse to communicate with an AP that is not broadcasting its SSID.

Just sayin'

802.11-2007 doesn't say the SSID is mandatory just that it is part of the beacon frame.  So the need for it to be there is up to interpretation.

I would also discuss the fact that 802.11i-2004 was incorporated into 802.11-2007 so the latter would supercede the prior.  But again I didn't see in 802.11i-2004 that the client could refuse to communicate, but I didn't read it verbatim either.

Either way, the ability to not broadcast the SSID has bee there for years, and microsoft eventually patched WZC to allow you to choose to connect to an SSID that was not broadcasting.  Making the OS rely on probing instead of just 'listening'.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

The SSID IE element is required inside the beacon frame, so it is mandatory. The ability to not broadcast the SSID was put there by manufactures against spec to really circumvent the security discussions. Out of sight out of mind type deal.

To each their own though.

Yea, Blake has a point. This was a vendor specific change as I recall.

BTW -- Cant we all just get along ? HAHAHA

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

We all get along just fine! Lord help us if we are all at live this year...

Leo Laohoo
VIP Community Legend

Just because Microsoft can't code a proper supplicant to use probes instead of relying on beacons is beside the point!

That's nothing Steve.  Read this and let me know if your opinion with MS's coding skills are still the same.

I am sooooooooooooooooooooooo thankful MS doesn't do standards for routers, switches and wireless.  Otherwise, we'll all be off the job!

Content for Community-Ad