This used to be pretty common on at least Linux and Android clients some years ago.
Not sure if they finally got around to making the BSSID selection algorithm a bit smarter or whether all my access points just support active steering at this point, but I haven't seen this in the past couple of years.
> The obvious advice for roaming is “use one SSID everywhere”, and that is often correct if you’re running Wi-Fi in an office, a public venue, or generally somewhere where you don’t have (or care about) legacy devices.
What difference does the presence of legacy devices make? Is the intent to isolate them from modern devices from a network perspective? Then create a separate SSID on both 2.4 and 5 GHz for modern devices.
I can't think of any legitimate reason for split SSIDs anymore. Linux clients used to be pretty bad at preferring 5 over 2.4 GHz if RSSIs were both excellent but 2.4 was slightly better, but I haven't seen that in years.
I've seen claims that the wifi 6E spec mandated that 6ghz networks required WPA3, so you would need to have a separate WPA2 ssid for legacy devices which therefore couldn't include 6ghz. A lot of access points now support a single SSID with all 3 bands using both WPA2 and WPA3, but I don't know if that is due to a change in the spec or if access points are violating the spec by offering that.
Can’t one SSID support different WPA versions across APs? I’m pretty sure all my devices just shrugged and connected when I downgraded my (single AP) SSID from WPA3/2 to 2 only and back up to 3/2.
Which is a bit sad, but also seems like it would allow this use case perfectly (assuming this was done on purpose and not just an oversight).
> Can’t one SSID support different WPA versions across APs?
I think so, yes. My OG Nintendo Switch connects to the PSK SSID on my two OpenWRT Ones that's using what OpenWRT calls 'sae-mixed' encryption mode. My PCs (using ath9k and rtw88_8822be drivers) and my Pixel 5a connect just fine to my EAP SSID that's using the 'wpa3-mixed' encryption mode.
wpa_supplicant says that the PSK SSID has "SAE" in two out of three of its supported operating modes, and the EAP one has "EAP-SHA256-CCMP-preauth" in one of the two. [0] I assume that means that they support WPA3 operation, but I don't know for certain. I'm somewhat ignorant about WPA3, and am profoundly ignorant about WPA3-EAP.
[0] I'm assuming that the "/"-separated list that comes after the "WPA2-" bit in wpa_supplicant's scan results is a list of what I'm calling supported operating modes.
Most IoT devices support 2.4GHz only. Notably this applies to ESP32-based devices and older phones and laptops too. I would argue that it is the 5GHz band that is optional, the only benefit (bandwidth), being relevant only for laptops and phones when downloading something.
The 30 SSIDs your device can see are bad, but what might be even worse are the many non-802.11 devices on 2.4 GHz that are invisible to a simple SSID scanner and don't share bandwidth fairly with 802.11 CSMA/CA. (This includes Bluetooth!)
5 GHz has much less of that, but big parts of it have weather radars as a primary user, with APs being required to detect and avoid any channel where they can detect one.
If you don't need it, of course, you might as well deactivate it. But if you do, I don't see the point of having two different SSIDs if you don't need them for another reason anyway.
Many APs now support either using Radius and username/password auth for this, or having multiple acceptable pass phrases for a WPA2 network which drop devices into different VLANs.
I'm responding to the question about why you might split SSIDs. SSIDs don't have anything to do with frequency necessarily, morso network segregation.
Also:
> What difference does the presence of legacy devices make? Is the intent to isolate them from modern devices from a network perspective?
Yes. Old devices can only use limited data rates and they will drag down the throughput of other devices on the same channel. Some controllers or APs allow you to limit to lowest data rate you will accept a connection from.
> I'm responding to the question about why you might split SSIDs. SSIDs don't have anything to do with frequency necessarily, morso network segregation.
Sure, I was only talking about splitting by bands as I thought that's what this entire conversation is about. Of course there are plenty other reasons to have more than one network in the world :)
> Old devices can only use limited data rates and they will drag down the throughput of other devices on the same channel.
They will do so regardless of which AP or SSID they are connected to, though, as the channel is a shared physical medium.
If the goal is to isolate slow/old devices from modern ones, that can be done regardless of the band.
> They will do so regardless of which AP or SSID they are connected to, though, as the channel is a shared physical medium.
In a multi-ap setup you can isolate those 2.4ghz devices to their own, short range said that allows very permissive datarates. Then everything else gets 5ghz or 6ghz with mediumish output power and restricting the lower data rates. This prevents clients that move to the edge of the coverage zone from hitting lower data rates and dragging the whole channel or SSID or both down.
It just depends on your setup, number of APs, type of devices, device demands, etc.
I have my RADIUS server put supplicants coming in on SSID "A" on one of the VLANs that gets RPZ-based adblocking, and SSID "B" on one of the ones that gets no adblocking. It's pretty fun and easy.
- Is a Thunderbolt 4 certified cable really not allowed to support 240W, i.e., does it have to be restricted to 100W?
- "Minimum of 15W" is a Thunderbolt laptop/device port property, as far as I know, but any cable with two USB-C connectors needs to, at a minimum, support 60W (3A@20V).
Generally, "power delivery" doesn't clarify whether that's the minimum/maximum capabilities of the cable, source, or sink port.
Genuinely not recognizing a charge is not fraud, as that to me requires intent (or at least gross negligence, e.g., something like "I'll just dispute everything I don't remember, and not make a particularly good effort to remember anything at all").
"Just fraud" is already taken for "criminal c uses unwitting cardholder a's card at unwitting merchant b", so what's your objection against "fiendly fraud"?
It’s supposed to be the same in the US, but due to heavy automation on both sides, the “evidence” presented on either side is essentially pages of rasterized TIFF slop propping up a handful of bits of ground truth data.
I suspect most decisions are now made based on ambient factors such as “does this customer file above average chargebacks; if not, believe whatever they entered in our multiple choice questionnaire” or “if we have any undisputed payment on the same card by the same account, push back, otherwise eat the loss”. Part of this is even getting codified by newer network dispute evidence rules as well.
Since nobody ever seems to hold cardholders accountable for misrepresentation, and since it’s psychologically much easier to lie on a whimsical multiple choice form you fill on your bank app when bored on the bathroom than to sign a printed document containing a short summary of the legal consequences of willful deception, the situation is what it is.
Sometimes, whether a society is actually “high trust” depends on the transaction amount, and whether that amount warrants legal expenses on either side.
The cardholder’s contractual relationship is always with the card issuer, which is usually a bank or some other financial institution. This is no different in the US. If something on your bill seems off, you contact the one that issued it, i.e. your bank.
Hmm nevertheless my cases were handled by Viseca, not by my issuing bank. I don't know why, is it because of my bank, or my country, but yeah it seems to be different.
Banks can (and often do) outsource chargebacks to their processor or another third party, but never the card network (since that’ll be the entity ruling on the case in the very unlikely case it goes into arbitration).
Viseca seems like it might actually be an issuer directly (it’s also a common model that banks only act as program managers, delegating actual issuance to a different entity) but I’m not familiar with them.
That’s completely false. Visa/Mastercard chargeback rules are fairly uniform globally, and disputes are possible in many (if not all) non-US countries as well.
Whether your bank knows how to use them well to represent your interests is a different matter. For example, I’ve seen banks decline chargebacks against bankrupt merchants in certain countries because they were poorly advised about the legal ramifications, and other banks in the same country win the exact same kind of dispute. Lacking sufficient reading comprehension to parse the dispute rules (it’s a long PDF!) also seems common.
Not sure if they finally got around to making the BSSID selection algorithm a bit smarter or whether all my access points just support active steering at this point, but I haven't seen this in the past couple of years.
reply