NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

icon_boy2025's avatar
icon_boy2025
Aspirant
Mar 17, 2025

can you tag a ssid to a access point

I have multiple WAX620 access points. Is it possible to assign a specific SSID to a particular access point, so that clients always connect to that one, rather than being influenced by signal quality...
schumaku's avatar
schumaku
Guru - Experienced User
Mar 20, 2025

Hello icon_boy2025 

 

icon_boy2025 wrote:

I have multiple WAX620 access points. Is it possible to assign a specific SSID to a particular access point, so that clients always connect to that one, ...

Using Netgear Insight? No, since the SSID are always location-wide.

 

Using only locally managed devices: Yes, of course...

 

icon_boy2025 wrote:

... rather than being influenced by signal quality?

Any specific you like to resolve? Modern wireless clients are constantly evaluating the wireless environment, and on top of that, they get the BSSID of neighbouring APs using the same SSID to the currently the currently connected one.

 

Last but not least, the roaming happens seamless for WPA2-Personal for WPA3-Personal, it's cloud assisted, since  each AP must know the unique session key to allow this. The WPA3-Personal mechanism uses the passphrase to generate unique keys for each session. The passphrase itself is never sent, even encrypted, over the air. This mechanism is known as Simultaneous Authentication of Equals (SAE), based on the Dragonfly key exchange.*

 

Slightly different, there are some comparably "dumb" WiFi clients on embedded devices. These will always connect ot the first AP they can discover with their limited capabilities - and that one is probably and very often not the most ideal one. However, for most of these low bandwidth applications, this does not matter in the reality. 

 

* That much about the blunt university theories. Of course, even on X.509 PKIs making the base for asymmetric key management infrastructures, the developers have implemented functions for storing the private key outside of the place where these are supposed to be generated and securely stored, for root certificates these are the 

Hardware Security Modules (HSMs) - specialized hardware devices designed to securely manage and protect cryptographic keys and perform cryptographic operations. This does not apply to the device and user certificates, because of the admins require reasonable processes for key recovery, for lost devices like smart cards or mobiles.

 

  • icon_boy2025's avatar
    icon_boy2025
    Aspirant
    Mar 20, 2025

    I meant at a high level, let's say you have two access points broadcasting the same SSID. You want the client to connect to Access Point 1, since the signal strength is stronger. If you can tag the client to always connect to Access Point 1, that's what I mean by 'tagging'

    • schumaku's avatar
      schumaku
      Guru - Experienced User
      Mar 20, 2025

      Understand from where you are coming from of course. Not the first time I read about such ideas here. Is very likely an industry standard WiFi client does (sooner or later, and load of the APs allowing) associate with the "best" AP available. Sure, I see some random (and very rare) conditions, like an AP restarting and going through the DFS process.

       

      Does this cause any real problems on the connectivity, or is this idea purely an University theoretical laboratory green field idea?

       

      For reasons, this is what he standardisation of wireless networks allows - this is -not- plugging an Ethernet device to a certain port.

       

      Keep in mind tagging has a very different meaning in networking.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More