Disable Broadcast Ssid

The following scenario shows how to disable SSID broadcasting, which stops the device from announcing the SSID in the beacons associated to the configured network.

../../../_images/wlanbroadcastssid.svg

Disable SSID broadcasting

Description

In this example, a WLAN interface will be created on top of the 2.4GHz radio module in access-point mode. Then, SSID broadcasting will be disabled be means of the disable-broadcast-ssid command.

Scenario

Example 1

Step 1: Run command configure at DUT0 and expect this output: Step 2: Run command delete interfaces wlan at DUT0 and expect this output:

Show output
Nothing to delete (the specified node does not exist)

Step 3: Run command delete controllers wlan at DUT0 and expect this output:

Show output
Nothing to delete (the specified node does not exist)

Step 4: Run command commit at DUT0 and expect this output: Step 5: Set the following configuration in DUT0:

set controllers wlan radios wifi1 band 2.4GHz
set controllers wlan radios wifi1 channel 1
set interfaces bridge br0
set interfaces wlan wlan4 bridge-group bridge br0
set interfaces wlan wlan4 phy wifi1
set interfaces wlan wlan4 type access-point security akm none
set interfaces wlan wlan4 type access-point ssid network_2.4GHz
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Note

By default, WLAN beacons are periodically announced so that any WLAN station can detect the presence of an access point.

Step 6: Configure the MON device to listen for packets on channel 1 for 10s seconds discarding all packets not sent by DUT0. Then, apply the following filter to the captured traffic:

wlan.ssid == network_2.4GHz

At least one packet with the provided criteria must be present.

Step 7: Modify the following configuration lines in DUT0:

set interfaces wlan wlan4 type access-point disable-broadcast-ssid

Warning

Disabling SSID broadcasting is considered a weak security measure, since an attacker can just capture the WLAN traffic to detect the access point’s presence.

Step 8: Expect a failure in the following command: Configure the MON device to listen for packets on channel 1 for 10s seconds discarding all packets not sent by DUT0. Then, apply the following filter to the captured traffic:

wlan.ssid == network_2.4GHz

At least one packet with the provided criteria must be present.