★ THE BLOG ★ Ramblings on WiFi & stuff.

DFS implications for hidden networks and roaming

UPDATE: See the comment below by Andrew Von Nagy. It clarifies what I said about hidden SSIDs and DFS.


I'm a huge advocate of using DFS channels in most medium to large deployment scenarios. But, you should always validate your channel plan and make sure it doesn't cause issues with you WLAN.

Case in point: Hidden SSIDs. Most wireless folks recommend against using hidden SSIDs. It doesn't provide any security, requires more work to connect devices to, and some NIC drivers don't like hidden networks and won't, or have trouble, connecting to them.

There are practical reasons to hide an SSID - to avoid confusion between networks, or to simplify your network advertisement. But, security isn't one of them, the AP is still beaconing, clients probe more (so you're wasting airtime), and the SSID is sent in plaintext in their association requests anyway and it's not that difficult to find them.

But, there's yet another reason to avoid hidden SSIDs - especially if you want to take advantage of DFS (Dynamic Frequency Selection) in your WLAN:

I'll admit to doing "little contemplation" on this. Fortunately, I don't run into hidden networks that much these days (thank goodness), but I've also spent little time considering the consequences of DFS and hidden networks. Using hidden networks on DFS channels can cause unforeseen connectivity issues.

Clients can't actively probe on DFS channels. Active Probing is when a client send a "Probe Request". Clients  send probes on a channel to discover any potential APs. Since ACTIVE probing is not allowed on DFS channels clients will do Passive Probes - which simply means they listen for beacons on a channel.

This also has implications for voice and roaming if the clients can't probe for new APs roaming times will be longer and real-time data starts having issues. Many hospital deployment don't use DFS because of these issues.

Just food for thought. If you need frequency re-use (and these days who doesn't?) you'll need DFS. And DFS does not play well with hidden SSIDs. So, just stop hiding your SSIDs.


UPDATE: See the comment below by Andrew Von Nagy. It clarification  hidden SSIDs and DFS.


Actually, that isn't correct. Clients can't initiate transmissions on DFS channels, which prohibits most of the benefits of probing... namely faster discovery of the APs operating on the channel. But hidden SSIDs have no impact on this. Once a client hears a beacon on the channel by a "master" device (that must conform to radar scanning regulations) then it is safe for a client to probe.
So the real issue is two fold with DFS and client scanning:

1) Longer initial AP discovery time due to waiting until it hears a beacon (102.4ms intervals) instead of probing immediately (discover within just one or a few ms), and

2) Longer scanning time when roaming, especially for latency sensitive applications such as voice.
Whether or not the beacon populates the SSID IE field is irrelevant.