Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
ehamud
Staff
Staff

Created on ‎03-05-2023 05:04 PM Edited on ‎03-05-2023 05:05 PM By Moderator

Article Id 248058

Troubleshooting Tip: Slowness caused by Overhead from Management Frames due to too many SSIDs

Description

 

This article describes the symptoms caused by having an excessive number of SSIDs.

 

Scope

 

All devices using a 2.4GHz band or 5GHz band.

 

Solution

 

The procedure in this article was executed in Ubuntu 20.04.4 LTS, but the solution applies to any Linux distribution, even if drivers or packages required may differ. To check the OS version, type the following in the terminal:

 

# cat /etc/*release

 

The wireless card used in this article is the Intel Corporation Wireless 8260. Not all models support monitor mode: check beforehand. Run the following command to learn the wireless card model type (the '0280' refers to the class used by lspci, which includes wireless cards):

 

# lspci -nn | grep 0280

 

To check the interfaces, run either of the following commands:

 

# iwconfig

 

# ifconfig

 

Validate whether the wireless card supports monitor mode with the following command:

 

# iw list

 

ehamud_0-1677889232274.png

 

After identifying that the card supports monitor mode, run the following command:

 

# airmon-ng start <interface>

 

For example:

 

# airmon-ng start wlp1s0

 

This example will assume the intent is to scan the 5GHz band. After, press ctrl+c to stop the scanning process. Next, run the following:

 

# airodump-ng --band a <interfaceMonitormode>

 

For example:

 

# airodump-ng --band a wlp1s0mon

 

ehamud_1-1677889251541.png

 

Assume clients are reporting issues under the FortiAP 421E and that the AP must be using the channel 36, future scanning should point to this channel. As shown above, there are more APs around broadcasting under the same channel (specifically 3). One of them has <length 0>, which potentially means that the AP is hiding its SSID. A hidden SSID consumes AirTime and generates more contention for the medium.

 

ehamud_2-1677889265109.png

 

Open a Wireshark, select the Wireless card under monitor mode, run the capture and apply the following filter as part of the Beacon frame:

 

wlan.fc.type_subtype == 0x0008

 

The parameters to analyze have a relationship with the QBSS Load element of the Beacon management frame:

 

ehamud_3-1677889374785.png

 

Station Count: Refers to the amount of STAs currently associated with the Access Point radio.

Channel Utilization: Measures the amount of time the Access Point is busy. The values range from 0 to 255 where 255 means 100% busy.

Available Admission Capacity: The remaining medium time used for admission control.      

 

The SSID called 2ndF_A_5GHz is a second AP. It currently shows a channel utilization value of 5, which roughly equates to a 2% busy time. It is also possible to detect how many clients are connected to this SSID. In this case, 1 is connected.

 

ehamud_4-1677889437768.png

 

Upon checking the FortiAP SSID without any clients connected, it can be seen that the percentage of utilization is 2%.

 

ehamud_5-1677889479236.png

 

To demonstrate overloaded channel utilization, first turn on more APs from different vendors with their own SSIDs already created and run the packet capture again to make a comparison.

 

The SSIDs from other APs are shown below. Channel 36 now has 9 SSIDs.

 

ehamud_6-1677889520920.png

 

The same SSID 2ndF_A_5GHz can be seen, but it now has more clients and channel utilization is at 50, which equates to a 19% busy rate.

 

ehamud_7-1677889539883.png

 

Upon observing the FortiAP 421E one more time, it does not have any connected clients. The channel utilization for the AP has also already increased to 19%. This occurs because it is a shared medium, regardless of whether the 2.4GHz or 5GHz band is being used. 5GHz is a less congested band, but slowness can also occur when more SSIDs are in use while the neighbour APs have many clients connected.

 

ehamud_8-1677889588857.png

 

The conclusion to draw from this is that having a lot of SSIDs decreases the client performance and increases channel utilization on both the 2.4GHz and 5GHz bands.

 

The performance of any client depends on many factors including signal interference, noise floor, obstacles, how far the device is from the AP, and channel utilization.

 

Recommendations:

 

- Do not create more than 3 SSIDs on the network. 

- Use different channels from the channels used by neighbors.

- Check if the interface is congested. Congestion occurs when the interface has to transmit more data than it can handle and consequently drops packets.

- Check interface errors and cable errors with TDR commands.

- Validate to use a less congested 2.4GHz channel if possible.

- Use 5GHz channels instead of the 2.4GHz band.

- Do not exceed more than 30 clients per radio, depending on the site survey design. The organization may require video and voice for critical business operations or may only require data traffic. Requirements are lower with only basic connectivity.

- Avoid co-channel interference and ACI (Adjacent Channel Interference).

- Remove interference. To find the source of interference, use a Spectrum Analyzer at multiple different times as the environment will change frequently: there may be no interference one day and heavy amounts another.

- Do not use channel bonding in congested areas. The recommended channel width to use is 20 MHz to avoid frame retransmissions and encourage strong performance.

1410
Suggest New Article
Article Feedback
Comments
Adolfo_Z_H
Staff
Staff
‎03-06-2023 06:35 AM

cool stuff, thank you.

Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.