Enabling "Hidden SSID" drops 80% of clients.

  • 3
  • Question
  • Updated 4 years ago
Tomorrow a festival of 100K+ people fires up across the street from our building. I have a ZD1100 with 16 7363 APs running 9.5.1 bld 50. We use iPads to control our AV system in each conf room. When I enable the "Hide SSID" feature on the WLAN config, 80% of the clients drop (iPads, AppleTVs, and Laptops). I can manually go to each device and force a reconnect, but really wish this wasn't necessary. Is this by design that if the devices can no longer see the WIFI beacon they will drop the connection? I can understand why but I'd really like to make us as invisible as possible to all of the folks with smartphones over the next few days. Our network is of course WPA2 protected so I'm not too worried, but always better to close as many doors as possible in these type of situations.
Photo of dfollis

dfollis

  • 3 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 3
Photo of Miko

Miko

  • 20 Posts
  • 9 Reply Likes
I know on windows systems there is an option to connect to wireless networks when they are not broadcasting so my guess is when you connect to a wireless network on an apple device that was broadcasting it assumes it will always be broadcasting and will not connect otherwise. We run 2 hidden networks and one visible. One is hidden SSID is dedicated to AppleTVs and once we connected the AppleTVs to the hidden network they would always stay connected to the hidden network despite reboots, wap replacements, etc. This was the same with our iPads but we have not done it for as long. It may be more work to setup but once your devices are all switched over to the new hidden network you should not have a problem.

Also what form of WPA2 are you using? We started to deploy WPA2 Enterprise (PEAP) to our AppleTVs with configurator which works well but we found if the AppleTVs lost power and lost their time they can no longer verify the server certificate and will refuse to connect so they will hop back to our hidden but less secure network.
Photo of dfollis

dfollis

  • 3 Posts
  • 0 Reply Likes
Wow, great info thanks. We use WPA2 Personal for now. I guess I need to have it off and manually connect each device.
Photo of Miko

Miko

  • 20 Posts
  • 9 Reply Likes
You may want to consider a new hidden network and migrate over. Then once everything is migrated cut off the visible network. Hopefully that would result in some less downtime for your users.
Photo of Alf Watt

Alf Watt

  • 11 Posts
  • 2 Reply Likes
Changing the security type or hidden flag will cause iOS and OS X devices to see the network as 'different' and they will not connect automatically. On OS X you can see this in: /Library/Preferences/SystemConfiguration/com.apple.airport.preferences.plist

Please note that 'hiding' your network adds little or no security and can cause clients to behave unpredictably. Not a Wi-Fi best practice.
Photo of dfollis

dfollis

  • 3 Posts
  • 0 Reply Likes
Thanks, good info. I know. It was a quick temp fix. We had a festival of 75K+ folks for three days in the park next to our building. I was worried about 50K smartphones trying to connect to our WLAN, so I wanted to make it invisible to keep the casual user from trying to connect. As it turns out, it wasn't a big issue. I only detected 20 or so rouge hotspots which seems incredibly low, but that was what I was alerted to.