Restrict SSID broadcast to specific access points

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Is there a way for me to restrict broadcasting an SSID to only specific access points? In this case, we have a Guest SSID with no local network access (Internet only) along with a captive portal. But we only want this SSID to be available in certain physical areas (reception areas, etc.) and not building-wide. Is there a way to do this?
Photo of Nick Jorge

Nick Jorge

  • 3 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
Yes. You can select and deselect SSIDs (per radio even) under Configuration -> Aerohive APs, then select the AP (I believe this needs to be done one AP at a time) and expand SSID Allocation under Optional Settings. From here just untick the SSIDs checkbox for the SSID you want turned off for whichever APs you do not wish them to be broadcast on.

Push this config change out and it should remove the SSID from that AP.
Photo of Nick Jorge

Nick Jorge

  • 3 Posts
  • 0 Reply Likes
Thanks for the quick reply! I completely forgot you could click on the device name to configure it individually. This does exactly what I was looking to do. Thanks!
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
Glad I could help.
Photo of Rob

Rob

  • 42 Posts
  • 5 Reply Likes
Is there any other way to do this. I have a lot of AP's that would need to have an SSID turned off. I cant do different network polices because i need users of other SSIDs to seamlessly roam between all AP's.
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
From the help file...

A hive is a set of Aerohive devices that exchange information with each other to form a collaborative whole. Through coordinated actions based on shared information, hive members can provide the following services:

Consistent QoS (quality of service) policy enforcement across all hive members
Coordinated and predictive wireless access control that provides seamless Layer 2 and Layer 3 roaming to clients moving from one hive member to another
Dynamic best-path routing for optimized data forwarding and network path redundancy
Automatic radio frequency and power selection for wireless mesh and access radios
Tunneling of client traffic from one hive member to another, such as the tunneling of guest traffic from a device in the internal network to another device in the corporate DMZ
Hive members use WPA-PSK (Wi-Fi Protected Access with a preshared key) to exchange keys and secure wireless hive communications. To authenticate and encrypt wireless hive communications, hive members use open authentication and CCMP (AES) encryption. CCMP is a rough acronym for "Counter Mode with Cipher Block Chaining Message Authentication Code Protocol "that makes use of AES (Advanced Encryption Standard).
The members of a hive can be in the same subnet or different subnets, allowing clients to roam across subnet boundaries.

If you are worried about roaming, according to the documentation, all you need to do is have the APs in the same hive and of course the same SSID/User Profile and the APs will communicate with each other to assist in L2/L3 roams.

Basically as long as you have the same SSID tied to two network policies and both network policies in the same hive, you should be able to accomplish what you are wanting.
Photo of Rob

Rob

  • 42 Posts
  • 5 Reply Likes
I completely forgot about hives and thought network polices blocked layer 2/3 roaming. Still I'm glad i asked here and didn't test in production. Thanks!