cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10709
Views
10
Helpful
9
Replies

SSID broadcast vs.non-broadcast

t.singletary
Level 1
Level 1

SSID to Broadcast or not to Broadcast.

I know how each option works but which option should be used in a corporate environment. I'm sure there are viable reasons to use both but i guess i'm looking for best/standards practices.

Thanks,

Tim

4 Accepted Solutions

Accepted Solutions

pcroak
Cisco Employee
Cisco Employee

Hi Tim,

This decision primarily depends on the users that will be connecting to any given WLAN.

If  you broadcast the SSID, users will not be required to configure a  profile on their wireless supplicant to connect. This is commonly seen  with guest networks for ease of use.

If you do not broadcast the SSID, a profile will be required on the devices to connect to the WLAN.

Not  broadcasting the SSID does not really provide any real security -- a  wireless sniffer can capture the SSID information. However it does hide  your wireless network from a majority of wireless devices -- so they  won't be attempting to connect automatically.

-Patrick Croak

Wireless TAC

View solution in original post

+5

also, your windows machines will tend to join the 'broadcast' ssid by default, even over a configured/secure ssid.  There is an option in WZC 'connect even if network is not broadcasting' that helps this situation.

Cheers,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

To Steve's point ...

If you have a guest network and broadcast your SSID expect to have a LARGE DHCP scope! Every wifi device that comes close to your network will get an IP address exhausting your DHCP scope. One way to fix that issue, turn off broadcast.

Also, no real security as Pat pointed out. AirMagnet and others use the "probe request" packet to sniff out hidden ssids, networks.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

View solution in original post

Leo Laohoo
Hall of Fame
Hall of Fame

If the question to broadcast or not to broadcast an SSID is based on security, then I don't recommend it.  Potential wanna-be hackers will consider this as a challenge and might do more damage.  As what George has mentioned, nearly every wireless sniffers can now identify non-broadcasting SSID.  So this is a moot point.

One thing to consider, not every wireless NIC source code likes non-broadcasting SSID.

View solution in original post

9 Replies 9

pcroak
Cisco Employee
Cisco Employee

Hi Tim,

This decision primarily depends on the users that will be connecting to any given WLAN.

If  you broadcast the SSID, users will not be required to configure a  profile on their wireless supplicant to connect. This is commonly seen  with guest networks for ease of use.

If you do not broadcast the SSID, a profile will be required on the devices to connect to the WLAN.

Not  broadcasting the SSID does not really provide any real security -- a  wireless sniffer can capture the SSID information. However it does hide  your wireless network from a majority of wireless devices -- so they  won't be attempting to connect automatically.

-Patrick Croak

Wireless TAC

+5

also, your windows machines will tend to join the 'broadcast' ssid by default, even over a configured/secure ssid.  There is an option in WZC 'connect even if network is not broadcasting' that helps this situation.

Cheers,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

To Steve's point ...

If you have a guest network and broadcast your SSID expect to have a LARGE DHCP scope! Every wifi device that comes close to your network will get an IP address exhausting your DHCP scope. One way to fix that issue, turn off broadcast.

Also, no real security as Pat pointed out. AirMagnet and others use the "probe request" packet to sniff out hidden ssids, networks.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Hey George,

Nice Blue Star! 

I agree with Leo . Congrats George

Thanks & Regards

Thanks Vinay !

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Thanks man! BLUE looks good on me. I think! I need to get that fancy VIP like you have ! Thats my next stop!

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Leo Laohoo
Hall of Fame
Hall of Fame

If the question to broadcast or not to broadcast an SSID is based on security, then I don't recommend it.  Potential wanna-be hackers will consider this as a challenge and might do more damage.  As what George has mentioned, nearly every wireless sniffers can now identify non-broadcasting SSID.  So this is a moot point.

One thing to consider, not every wireless NIC source code likes non-broadcasting SSID.

t.singletary
Level 1
Level 1

Thanks to everyone...

Review Cisco Networking for a $25 gift card