|
Frequent execution of DARRP (Sudden Channel Change) and hidden SSIDs can cause devices connected to hidden networks to not automatically reconnect. This is because the hidden network does not transmit the beacons (required for passive reassociation), so the client must perform active scans (probe requests) on multiple channels until it finds the network.
With hidden SSIDs, the client has no quick way to detect the AP when it changes channels, and roaming efficiency is reduced, as 802.11k/v/r and fast BSS transition mechanisms work best with visible SSIDs.
Recommendations to mitigate this behavior:
- Change the SSIDs to visible. Hiding the SSID does not provide an additional layer of security since clients already connected to the network continue to send active probe requests looking for the hidden SSID, and these are easily visible with Wi-Fi monitoring tools like Wireshark or Kismet, which can capture packets and discover the hidden SSID in seconds.
- If for a specific reason the SSIDs must be kept hidden, the following actions on the SSID can help mitigate this behavior:
set probe-resp-suppression disable
set mbo enable
set fast-bss-transition enable
set radio-sensitivity enable
set pmf optional
- Increase DARRP execution frequency.
By default, it is recommended to run DARRP outside of production hours to reduce these types of impacts on customers. Running it every hour or less could increase the frequency of these cases.
|
