What are parent beacons?
Related Products - All controller models
Related Software Versions - 4.x,5.x
Keywords - parent beacons
When the virtual-cell
method configured is "virtual-port" - which is the only supported
virtual-cell method in the AP 300 and AP 400 - beacons are not sent from
the virtual-port BSSID by an AP UNTIL a station is assigned. So, a
mechanism called "Parent Beacons" was introduced back in version 3.6.
The idea is that some wireless NICs (notably the Intel 5100) will not
attempt to associate to the network until beacons are sent by the radio -
presumably because the wireless NIC is using the passive scan method to
choose the BSSID to which it will associate. When no stations are
assigned, no beacons are flowing form the virtual-port BSSID, so
something is needed so that wireless NICs whose algorithms require
beacons to be present (like the 5100) will attempt to associate when
they are the first wireless station in the area.
The
BSSID/L2 source address of a parent beacon is the BSSID you see in the
"sh ess-ap" output, i.e. something of the form 00:0c:e6:xx:yy:zz. The
virtual-port BSSID to which the station actually associates is of the
form: aa:bb:cc:11:22:33, where "aa:bb:cc" is derived from the channel in
use, the controller index and ESSID profile index (an internal index).
"11:22:33" are the least-significant 3 octets of the associated
station.
So, as implied by the above, the beacon
stream from the parent BSSID is an independent beacon stream from the
virtual-port beacon streams being sent by an AP radio configured to use
virtual-port. So, for a given AP radio, you will see a virtual-port
beacon stream for every 802.11 station associated to that radio and you
will see a parent BSSID beacon stream for every ESSID profile support by
that radio.
Other configuration notes regarding
parent beacons:
- The "SSID Broadcast" setting of the ESSID
profile controls whether or not the parent beacon contains an SSID.
Occasionally you will see 802.11 devices attempting to 802.11
Authenticate/Associate to the parent BSSID, which will fail. There is no
wireless service associated with the parent BSSID, which is why no Auth
or Assoc response is sent. You also will never see probe responses from
a parent BSSID. If a device does attempt to associate to the parent
BSSID, this can be usually avoided by turning off "SSID broadcast" in
the ESSID profile. Sometimes though, turning off "SSID broadcast"
affects the ability of other devices that would happily connect
before.
- The "SSID in VPort" attribute of an ESSID profile
makes the SSID appear in the beacons from the virtual-port BSSID (i.e.
the BSSID to which 802.11 devices associate) and does not affect the
parent beacon.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.