Recommended configuration for Wi-Fi access points and routers
This Wi-Fi router configuration (or Wi-Fi base station) applies to all Mac computers and all iOS devices. It provides optimal levels of performance, security and reliability when using Wi-Fi.
This article is intended for network administrators and users who manage their own network. If you try to connect to a Wi-Fi network, one of these articles should be useful for you:
Mac: Connect the Mac to the Internet and check for Wi-Fi problems
iPhone, iPad and iPod touch: Connect to a Wi-Fi network and solve Wi-Fi problems
Initial steps
Before modifying the configuration, follow the steps below:
Make sure the Wi-Fi router's firmware is updated. For an AirPort Time Capsule, AirPort Extreme or AirPort Express base station, look for the latest firmware with the AirPort Utility.
Make sure Wi-Fi devices are compatible with the settings recommended in this article.
If possible, backup the configuration of the Wi-Fi router.
Omit or remove the Wi-Fi settings of the network from all devices that connect to the Wi-Fi router. This will prevent the devices from trying to connect to the network with the previous configuration. You will have to reconnect the devices to the network when you finish setting the new configuration.
Configure all Wi-Fi routers in the same network and in the same way. If you do not, the devices may experience connectivity problems with the network or it may not be reliable.
If you use a dual band Wi-Fi router, configure both bands to have the same configuration, unless otherwise indicated below.
SSID or name of the Wi-Fi network
The service set identifier (SSID), or the name of the network, identifies the Wi-Fi network for users and other Wi-Fi devices. It is case sensitive.
Configuration: Any unique name
Choose a name that is unique within the network and that is not equal to that of nearby networks or other networks with which it is possible to meet. If the router came with a default SSID, it is extremely important that you change it to a different name and that it is unique. Some common default SSID names to avoid are linksys, netgear, dlink, wireless, 2wire and default.
If the SSID is not unique, Wi-Fi devices will have trouble identifying the network. This could prevent them from automatically connecting to the network or could cause them to connect to other networks that have the same SSID. It could also prevent Wi-Fi devices from using all the routers in the network or all the available bands of a router.
Hidden network
Hidden networks do not transmit their SSID over Wi-Fi. This option can be called a closed network by mistake, while the corresponding non-hidden state can receive the name of transmission.
Configuration: Disabled
Since hidden networks do not transmit their SSID, devices may need more time to find and connect to them. Hiding a network does not protect the Wi-Fi network, since the SSID is still available in other ways. You must always activate security on the Wi-Fi router.
Authentication or MAC address filtering
Enterprise router is a basic product for any business/enterprise. It only allows access to the Wi-Fi router to devices with certain medium access control (MAC) addresses.
Configuration: Disabled
When this function is activated, the user can configure a list of MAC addresses for the Wi-Fi router and, in this way, prevent access to devices with addresses that are not part of that list. Devices with MAC addresses that are not included in the list can not be associated with the Wi-Fi network. MAC addresses can be modified easily, so do not rely on them to prevent unauthorized access to the network.
In iOS 8 and later, a random MAC address is used when running Wi-Fi scans. Analyzes run when a device is not associated with a Wi-Fi network and its processor is idle. The processor of a device goes to sleep shortly after the screen is deactivated. Wi-Fi analytics run to determine if a user can connect to a preferred Wi-Fi network. Enhanced Wi-Fi analysis runs when a device uses the Location feature for apps that use geo-caps, such as location-based reminders that determine whether the device is close to a specific location.
Security
The security settings determine the type of authentication and encryption used by the Wi-Fi router; In that way, you can control access to the network and specify the level of privacy for the data you send wirelessly.
Configuration: Personal WPA2 (AES)
Currently, WPA2 Personal (AES) is the most powerful security method offered by Wi-Fi products and is the one that is recommended for all uses. When activating the WPA2 method, be sure to select a secure password that other people can not guess.
If you use older Wi-Fi devices that are not compatible with WPA2 Personal (AES), the WPA / WPA2 mode (also known as mixed WPA mode) is a good alternative. This mode allows more modern devices to use WPA2 AES encryption, which is more powerful, while older devices still use the oldest WPA TKIP encryption. If the Wi-Fi router is not compatible with the WPA / WPA2 mode, the next best option is the WPA Personal mode (TKIP).
For reasons of compatibility, reliability, performance and security, it is not recommended to use WEP mode. WEP is insecure and functionally obsolete. If you have to choose between WEP and TKIP, choose TKIP.
Due to serious security deficiencies, the WEP and WPA TKIP encryption methods are considered obsolete, so it is strongly recommended not to use them. Use these modes only if it is necessary to provide technical support for older Wi-Fi devices that are not compatible with WPA2 AES mode and can not be updated to support it. Devices that use these outdated encryption methods can not take full advantage of 802.11n performance or other features. Because of this, the Wi-Fi Alliance has ordered producers of Wi-Fi devices to remove the WEP and WPA TKIP modes.
If the security is set to "None" or in non-secure mode, it means that authentication and encryption are not used. Anyone can connect to your Wi-Fi network, use your Internet connection, access shared resources on your network and read the traffic you send over the network. It is not recommended to use an unsecured network.
2.4 GHz radio mode
This configuration determines the versions of the 802.11a / b / g / n standard that are used in the network for wireless communications through the 2.4 GHz band. The new standards (802.11n) support faster transfer speeds, while older standards offer compatibility with previous devices and additional reach.
Configuration: 802.11b / g / n
802.11n compatible routers must be configured in 802.11b / g / n mode to enjoy maximum speed and compatibility. Routers that are only compatible with 802.11g must be configured in 802.11b / g mode. Routers that are only compatible with 802.11b can be left in 802.11b mode. The different Wi-Fi routers are compatible with different radio modes, so the configuration varies depending on the router. In general, it is recommended to activate compatibility for all modes. In that way, devices can automatically select the compatible mode that is usually faster to communicate. If a subset of the available modes is selected, some of the devices will not be able to connect. For example, 802.11b / g devices can not be connected to a Wi-Fi router in 802.11n mode only. In addition, selecting a subset of the available modes could cause interference with older nearby networks, or nearby older devices could also interfere with the network.
This configuration determines the versions of the 802.11a / b / g / n standard that are used in the network for wireless communications through the 2.4 GHz band. The new standards (802.11n) support faster transfer speeds, while older standards offer compatibility with previous devices and additional reach.
Configuration: 802.11b / g / n
802.11n compatible routers must be configured in 802.11b / g / n mode to enjoy maximum speed and compatibility. Routers that are only compatible with 802.11g must be configured in 802.11b / g mode. Routers that are only compatible with 802.11b can be left in 802.11b mode. The different Wi-Fi routers are compatible with different radio modes, so the configuration varies depending on the router. In general, it is recommended to activate compatibility for all modes. In that way, devices can automatically select the compatible mode that is usually faster to communicate. If a subset of the available modes is selected, some of the devices will not be able to connect. For example, 802.11b / g devices can not be connected to a Wi-Fi router in 802.11n mode only. In addition, selecting a subset of the available modes could cause interference with older nearby networks, or nearby older devices could also interfere with the network.
5 GHz radio mode
This configuration determines the versions of the 802.11a / b / g / n standard that are used in the network for wireless communications through the 5 GHz band. The new standards support faster transfer speeds, while older standards offer compatibility with previous devices and additional reach.
Configuration: 802.11a / n
802.11n compatible routers must be configured in 802.11a / n mode to enjoy maximum speed and compatibility. Routers that are only compatible with 802.11a can be left in 802.11a mode. The different Wi-Fi routers are compatible with different radio modes, so the configuration varies depending on the router. In general, it is recommended to activate compatibility for all modes. In that way, devices can automatically select the compatible mode that is usually faster to communicate. If a subset of the available modes is selected, older devices can not connect. For example, 802.11a devices can not connect to a Wi-Fi router in 802.11n mode only. In addition, selecting a subset of the available modes could cause interference with older nearby networks, or nearby older devices could also interfere with the network.
Channel
This setting determines the channel that the Wi-Fi router must use to communicate.
Configuration: Automatic
To get optimal performance levels, choose the "Automatic" mode and let the Wi-Fi router choose the best channel. If the Wi-Fi router does not support this mode, choose a channel that does not have other Wi-Fi routers or other sources of interference. Get more information about possible sources of interference.
Channel width of 2.4 GHz
The channel width determines the size of the "pipeline" available to transfer data. However, wider channels are more prone to interference and to interfering with other devices. 40 MHz channels are often referred to as "wide channels", while 20 MHz channels are referred to as "narrow channels".
Configuration: 20 MHz
Uses 20 MHz channels in the 2.4 GHz band. The use of 40 MHz channels in the 2.4 GHz band can cause network performance and reliability problems, especially in the presence of other Wi-Fi networks and other devices at 2.4 GHz. 40 MHz channels can also cause interference and cause problems with other devices that use this band, such as Bluetooth devices, wireless phones and nearby Wi-Fi networks. Routers that are not compatible with 40 MHz channels in the 2.4 GHz band are compatible with 20 MHz channels.
Channel width of 5 GHz
The channel width determines the size of the "pipeline" available to transfer data. Larger channels are more prone to interference and interfering with other devices. Interferences are not as serious a problem in the 5 GHz band as in the 2.4 GHz band. 40 MHz channels are often referred to as "wide channels", while 20 MHz channels are referred to as "narrow channels".
Configuration:
For 802.11n access points, the 5 GHz band should be established at 20 MHz and 40 MHz.
For 802.11ac access points, the 5 GHz band should be established on 20 MHz, 40 MHz and 80 MHz.
To obtain optimal levels of performance and reliability, activate compatibility with all channel widths. This allows the devices to use the highest bandwidth with which they are compatible, resulting in optimal levels of performance and compatibility. Not all client devices are compatible with 40 MHz channels, so 40 MHz mode should not be activated exclusively. Devices that are only compatible with 20 MHz channels can not be connected to a Wi-Fi router in 40 MHz mode only. Similarly, the 80 MHz mode should not be activated exclusively; otherwise, only compatible 802.11ac clients can be connected. Routers that are not compatible with 40 MHz or 80 MHz channels are compatible with 20 MHz channels.
DHCP
The Dynamic Host Configuration Protocol (DHCP) assigns addresses that identify devices on the network. Once these addresses are assigned, the devices use them to communicate with each other and with computers on the Internet. The function of a DHCP server can be imagined as if it were a telephone company that delivers phone numbers that customers can use to call other people.
Configuration: On, if it is the only DHCP server in the network
There must be a single DHCP server on the network. This DHCP server can be integrated into the cable modem, the DSL modem or the router. If more than one device has DHCP enabled, you will most likely see conflicts with the addresses and having problems accessing the Internet or other network resources.
NAT
The translation of network addresses (NAT) performs the translation between the Internet addresses and those of the local network. The role of a NAT provider is similar to that of a worker in the post office room of an office that deals with seeing the address of the company and the name of an employee in the arriving letters, and replacing that data with the number of the destination office in a building. In this way, people outside the company can send information to a specific person in the building.
Configuration: On, if it is the only router that provides NAT services in the network
It is recommended to activate NAT only on the device that works as a router on the network. Typically, this device is the cable modem, the DSL modem or a separate router, which can also function as a Wi-Fi router. The use of NAT in more than one device is called double NAT and can cause problems in accessing Internet services, such as games, voice over IP (VoIP), virtual private network (VPN) and communication through the different NAT levels of the local network.
WMM
Wi-Fi multimedia (WMM) establishes priorities in network traffic according to four access categories: voice, video, best effort and background.
Configuration: On
All 802.11n and 802.11ac access points must have the WMM option enabled in their default configuration. Disabling WMM can cause problems for the entire network, not just for Apple products on the network.
Location
In some countries, there are regulations that affect the strength of the wireless signal and the use of Wi-Fi channels. If you travel to another country, make sure the devices have the Location option turned on so you can connect to the Wi-Fi networks in that country.
On a Mac:
Select the Apple menu> System Preferences and then click on Security and Privacy.
Click on the corner of the window and enter your password.
In the Privacy tab, select Location and then Activate location services.
Scroll to the bottom of the list of apps and services, and click the Details button next to System Services.
In the Details dialog box, select Wi-Fi Network Connection.
On an iPhone, iPad or iPod touch:
Go to Settings> Privacy and activate the Location option.
Scroll to the bottom of the list, touch System Services and activate the Wi-Fi Network Connection option.
Wi-Fi networks of cell phone operators
The Wi-Fi networks of cell phone operators are networks configured by the operator and its partners. The iPhone treats them as if they were known networks and connects to them automatically. If you see the message "Privacy warning" below your carrier's network name in Wi-Fi settings, it means that your cell phone identity may be exposed if a malicious Wi-Fi zone impersonates the Wi-Fi network. your operator
