Today's Wi-fi has become indispensable. Wi-Fi networks are expected to handle an increasing number of devices, and users, all while maintaining high performance and security. In this blog, we'll review how to use iPSK to consolidate the number of SSIDs - and clean up the Wi-Fi spectrum in the process.
It's been a common practice to create multiple SSIDs (Service Set Identifiers) using PSKs (Pre-Shared Keys), each one for a different purpose (e.g. guest, CCTW, security, SCADA, and an ever-increasing number of IoT devices). The ever-growing number of SSIDs develops the risk of network congestion.
ASSOCIATED BLOGS:
Why are multiple SSIDs bad?
The problem is that each Service Set Identified (SSID) that's enabled (unless hidden) sends a broadcast every 100msec.
While that sounds insignificant, that small amount of traffic is multiplied by the number of SSIDs - so if you have 10 SSIDs, that's ten broadcasts every 100msec. Multiply that by the number of APs you can hear in a given spot - and you quickly discover that the available bandwidth is consumed by advertising SSIDs.
SSID congestion occurs when a Wi-Fi network broadcasts too many SSIDs, each requiring management overhead in the form of beacon frames.
These frames constantly broadcast the presence of each SSID to devices in range, consuming airtime and reducing the efficiency of the network.
ASSOCIATED BLOGS:
Maximum SSID Recommendation
The more SSIDs there are, the more management traffic competes for airtime, leaving less bandwidth available for actual data transmission.
Exacerbating the issues is that Wi-Fi management frames are transmitted at the lowest data rates, ensuring all devices can receive them. This increases the amount of airtime consumed by management traffic.
In highly dense deployments, such as corporate offices and campuses, this overhead is a serious bottleneck, affecting throughput and increasing latency for all users and devices.
The recommendation is to use no more than 4-5 SSIDs in an enterprise environment, to not be impacted by SSID Congestion.
Experience tells us that the recommended limit is exceeded sometimes by a factor of two or more. Broadcasting double or more the recommended SSIDs will lead to SSID congestion, and result in reduced Wi-Fi throughput and a less reliable Wi-Fi service for all.
ASSOCIATED BLOGS:
- Cisco Meraki Dashboard
- Managed Services
- Cisco Powered Managed Services
- Meraki Powered Managed Services
Using iPSK to reduce SSID Count
Identity Pre-Shared Key or iPSK provides an efficient approach to Wi-Fi management. This feature allows multiple user or device group to connect to a single SSID using different pre-shared keys.
iPSK eliminates the need for multiple SSIDs and while preserving the ability to differentiate users and devices, while maintaining security policies, and network segmentation.
Using iPSK, instead of creating separate SSIDs for employees, guests, and IoT devices, you can broadcast a single SSID. Each user/device group is assigned a unique pre-shared key that corresponds to specific access controls, VLAN assignments, or security policies.
The result streamlines the network while still providing the flexibility to manage different types of traffic securely.
ASSOCIATED BLOGS:
Why too many SSIDs are bad for your Wi-Fi: Summary
Too many SSIDs (more than 4-5) are bad news for your Wi-Fi. There's options to help you consolidate these into fewer SSIDs, with Cisco ISE and the iPSK feature being options to help.
You could take an alternate view and split your SSIDs, so different ones broadcast on 2.4GHz vs 5GHz (and now 6GHz), and you'll have less on each - but that may not suit your business. In some installs, the 2.4GHz is left for guest access and the other bands for the traffic you really care about or needs to be treated with a higher level of control.
Cisco ISE allows profiling, so this is a good way to determine what is connecting and put individual clients on different back end VLANs (and SDA Fabric takes this to the next level).
iPSK is a nice feature if you want to consolidate SSIDs which use pre-shared keys - so one to keep in the kit bag and reduce the number of overall SSIDs, but still keep a good level of security.
Hopefully this blog has been a useful read - if you need help with your Wi-Fi network, feel free to drop us a line.