Wireless and RF

Reply
Occasional Contributor II
Posts: 100
Registered: ‎11-07-2008

trouble with hidden SSIDs

We are changing the name of one of our SSIDs so more people will connect to it. We are going to leave the old SSID up for a while to give people time to change their network over. We want to hide this network from new users though.

I have "hide SSID" and "Deny Broadcast Probes" checked. I'm not sure why "hide SSID" is in there since it doesn't do anything unless the "Deny Broadcast Probes" box is checked... Anyway, if there are any other SSIDs configured in the Windows wireless networks list, the SSID will not show as broadcasting and connect. This is on both XP and Vista machines. Mac's have no problems connecting to the hidden SSID. Keep in mind this is an old SSID and has been working fine for years, all we did is hide the SSID. Is there anything on the Aruba side which I can turn on to make it work correctly? It doesn't make any sense why Windows won't connect.
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Hide SSID

- "Hide SSID" Will hide the SSID name in beacon frames so that the casual observer cannot see the name of the SSID in casual AP to client communication.

- "Deny broadcast probe request" means that the AP will not respond to a broadcast probe request that clients send to see what APs are out there.


Windows will connect to the first network in its list of configured networks... most of the time. Windows XPsp3 and Vista have a knob that says "connect even while broadcasting". A lot of hoops to go through for the people that don't have SP3, not to mention the other clients that don't know how to handle this.

To make a long story short, hiding an SSID, whether for security or other reasons, causes issues. If you want to encourage people to use a different SSID, configure it with a captive portal profile that redirects them to a page giving them instructions on how to connect to the new SSID. That way, the communication will be clear. I'm old enough to remember that back in the day when you disconnected your phone number, everyone appreciated it when the recording said your new number as well.

Just My 2 cents...


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 64
Registered: ‎11-10-2009

What's the consequence of hiding the SSID?

Hi,

We've got a couple of hidden SSIDs for various local "private" services -- things like EPOS. My view is that the hiding the SSID is a way to say "you shouldn't be discovering this" -- I don't rely on it for security, but it stops people seeing it and having a poke.

Of course, they can still sniff it out, if they look, and we rely on things like WPA2 to secure it.


Turning on hide-ssid certainly stops it appearing in many devices' network lists, but some things (e.g. the iPhone) will probe the SSID and find it out in the response to this. Using 'deny-bcast' stops this from working.

Two questions...

1. Is there any downside to denying the probe requests for other uses (using our wireless sniffer, all of the information in the 'probe response' frame appears to be in the beacon frame, anyway.

2. Should the SSID still be revealed in the 'probe response' frame, or should that be omitted, but all the other information left intact? i.e. is this an Aruba bug that should be reported? I've never noticed a hidden SSID appearing before, so maybe the CIsco APs we used before didn't include the SSID in that frame, if it was hidden.

I think I'll log it anyway, just to confirm their position but comments welcome!

- Bob
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: trouble with hidden SSIDs

1. Denying broadcast probe requests does cause problems with roaming in some clients.
2. When associating to wireless network, even if it is hidden, if a client goes to connect, he must specify the SSID that he is connecting to. In the probe response, the AP MUST reply with the SSID, as well. This is as per the specification, and is another reason why you cannot completely hide an SSID.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base