Recommended settings for Wi-Fi routers and access points

For the best security, operation and reliability, nosotros recommend these settings for whatsoever Wi-Fi routers, base of operations stations or access points used with Apple products.

This article is primarily for network administrators and others who manage their own network. If y'all're trying to join a Wi-Fi network, 1 of these articles should help:

  • Mac: Connect to Wi-Fi and resolve Wi-Fi issues.
  • iPhone, iPad or iPod touch: Connect to Wi-Fi and resolve Wi-Fi bug.

About privacy and security warnings
If your Apple device displays a privacy warning or weak-security warning virtually a Wi-Fi network, that network could betrayal information about your device. Apple recommends connecting to Wi-Fi networks that meet or exceed the security standards in this article.

Before changing the settings on your router

  1. Support your router'south settings, in case you need to restore them.
  2. Update the software on your devices. This is disquisitional to ensure that your devices have the latest security updates and work equally best they tin can with each other.
    • First, install the latest firmware updates for your router.
    • Then update the software on your other devices, such equally on your Mac and on your iPhone or iPad.
  3. On each device that previously joined the network, y'all may need to forget the network to ensure the device uses the router's new settings when rejoining the network.

Router settings

To ensure that your devices can connect securely and reliably to your network, apply these settings consistently to each Wi-Fi router and access signal, and to each band of a dual-band, tri-ring or other multi-ring router.

Security

Set to WPA3 Personalfor better security
Set to WPA2/WPA3 Transitional for compatibility with older devices

The security setting defines the type of authentication and encryption used past your router, and the level of privacy protection for data transmitted over its network. Whichever setting you choose, always set a strong countersign for joining the network.

  • WPA3 Personal is the newest, about secure protocol currently bachelor for Wi-Fi devices. It works with all devices that support Wi-Fi six (802.11ax), and some older devices.
  • WPA2/WPA3 Transitional is a mixed mode that uses WPA3 Personal with devices that support that protocol, while allowing older devices to use WPA2 Personal (AES) instead.
  • WPA2 Personal (AES) is advisable when you can't use one of the more secure modes. In that example, also choose AES as the encryption or cipher blazon, if available.

Weak security settings to avoid on your router

Don't create or join networks that use older, deprecated security protocols. These are no longer secure, they reduce network reliability and operation, and they volition cause your device to display a security warning:

  • WPA/WPA2 mixed modes
  • WPA Personal
  • WEP, including WEP Open, WEP Shared, WEP Transitional Security Network or Dynamic WEP (WEP with 802.1X)
  • TKIP, including any security setting with TKIP in the name

Settings that turn off security, such as None, Open or Unsecured, are besides strongly discouraged. Turning off security disables authentication and encryption and allows anyone to join your network, access its shared resources (including printers, computers and smart devices), apply your cyberspace connection, and monitor the websites you visit and other data that'south transmitted over your network or internet connexion. This is a adventure even if security is turned off temporarily or for a invitee network.

Network name (SSID)

 Set to a unmarried, unique name (case sensitive)

The Wi-Fi network name, or SSID (service set identifier), is the proper noun your network uses to advertise its presence to other devices. It'south also the name that nearby users will encounter on their device's list of bachelor networks.

Utilize a name that's unique to your network, and brand certain all routers on your network apply the same proper name for every band they back up. For case, don't use common names or default names such equally linksys, netgear, dlink, wireless or 2wire, and don't give your 2.4 GHz and five GHz bands different names.

If yous don't follow this guidance, devices may not connect reliably to your network, to all routers on your network or to all available bands of your routers. And devices that join your network are more likely to encounter other networks that have the same proper name, then automatically effort to connect to them.

Subconscious network

Set to Disabled

A router can be configured to hibernate its network proper name (SSID). Your router may incorrectly use "airtight" to mean hidden, and "circulate" to mean not hidden.

Hiding the network name doesn't conceal the network from detection or secure it confronting unauthorised access. And because of the way that devices search for and connect to Wi-Fi networks, using a subconscious network may betrayal information that can exist used to identify you and the hidden networks yous use, such every bit your habitation network. When continued to a hidden network, your device may display a privacy alarm because of this privacy hazard.

To secure admission to your network, use the advisable security setting instead.

MAC address filtering, authentication and access control

Gear up to Disabled

When this characteristic is enabled, your router can exist prepare to permit simply devices that have specified media access control (MAC) addresses to join the network. Yous shouldn't rely on this feature to prevent unauthorised access to your network for these reasons:

  • It doesn't forbid network observers from monitoring or intercepting traffic on the network.
  • MAC addresses can easily be copied, spoofed (impersonated) or changed.
  • To help protect user privacy, some Apple devices use a unlike MAC accost for each Wi-Fi network.

To secure access to your network, use the appropriate security setting instead.

Automatic firmware updates

 Set toEnabled

If possible, fix your router to automatically install software and firmware updates as they get available. Firmware updates tin affect the security settings bachelor to you, and they evangelize other important improvements to the stability, performance, and security of your router.

Radio way

Gear up to All (preferred),orWi-Fi two to Wi-Fi vi (802.11a/g/north/ac/ax)

These settings, available separately for the 2.4 GHz and 5 GHz bands, control which versions of the Wi-Fi standard the router uses for wireless communication. Newer versions offer meliorate performance and back up more than devices concurrently.

It's usually best to enable every mode offered by your router, rather than a subset of those modes. All devices, including older devices, can then connect using the fastest radio fashion they support. This too helps reduce interference from nearby legacy networks and devices.

Bands

Enable all bands supported by your router

A Wi-Fi band is like a road that data can pass down. More bands provide more than data capacity and functioning for your network.

Channel

Set to Car

Each band of your router is divided into multiple, independent communication channels, such as lanes on a road. When channel selection is set to automatic, your router selects the best Wi-Fi channel for you.

If your router doesn't support automatic channel choice, cull whichever channel performs best in your network surround. That varies depending on the Wi-Fi interference in your network environment, which can include interference from whatever other routers and devices that are using the same channel. If you have multiple routers, configure each i to use a unlike channel, especially if they are close to each other.

Channel width

Set to 20MHz for the 2.4GHz band
Set up to Autoor all widths (20MHz, 40MHz, 80MHz) for the 5GHz band

Channel width specifies how big of a "pipage" is bachelor to transfer data. Wider channels are faster only more susceptible to interference and more likely to interfere with other devices.

  • 20 MHz for the ii.four GHz band helps to avoid performance and reliability bug, specially most other Wi-Fi networks and 2.iv GHz devices, including bluetooth devices.
  • Auto or all aqueduct widths for the 5 GHz band ensures the best performance and compatibility with all devices. Wireless interference is less of a business organization in the five GHz band.

DHCP

Set to Enabled, if your router is the just DHCP server on the network

Dynamic host configuration protocol (DHCP) assigns IP addresses to devices on your network. Each IP address identifies a device on the network and enables it to communicate with other devices on the network and internet. A network device needs an IP address, much similar a phone needs a phone number.

Your network should have only one DHCP server. If DHCP is enabled on more 1 device, such as on both your cable modem and router, address conflicts may prevent some devices from connecting to the net or using network resources.

DHCP lease time

 Set to 8 hours for home or office networks;ane hour for hotspots or guest networks

DHCP lease time is the length of time that an IP address assigned to a device is reserved for that device.

Wi-Fi routers usually have a express number of IP addresses they can assign to devices on the network. If that number is depleted, the router tin't assign IP addresses to new devices, and those devices tin can't communicate with other devices on the network and Cyberspace. Reducing DHCP charter time allows the router to repossess and reassign old IP addresses that are no longer being used more than apace.

NAT

Set to Enabled, if your router is the simply device providing NAT on the network

Network address translation (NAT) translates between addresses on the net and addresses on your network. NAT can exist understood past imagining a company's postal service section, where deliveries to employees at the company's street address are directed to employee offices within the building.

Generally, enable NAT merely on your router. If NAT is enabled on more than than one device, such equally on both your cablevision modem and router, the resulting "double NAT" may cause devices to lose admission to sure resources on the network or internet.

WMM

Set to Enabled

WMM (Wi-Fi multimedia) prioritises network traffic to improve the performance of a variety of network applications, such as video and voice. All routers that back up Wi-Fi four (802.11n) or later should have WMM enabled by default. Disabling WMM can affect the operation and reliability of devices on the network.

Device features that can affect Wi-Fi connections

These features may impact how yous set up your router or the devices that connect to it.

Private Wi-Fi Address

Location Services

Make sure that your device has Location Services turned on for Wi-Fi networking, considering regulations in each state or region ascertain the Wi-Fi channels and wireless indicate strength immune there. Location Services helps to ensure that your device tin reliably encounter and connect to nearby devices, and that it performs well when using Wi-Fi or features that rely on Wi-Fi, such as AirPlay or AirDrop.

On your Mac:

  1. Choose Apple tree carte du jour  > System Preferences, and so click Security & Privacy.
  2. Click the lock in the corner of the window, then enter your ambassador countersign.
  3. In the Privacy tab, select Location Services, then select Enable Location Services.
  4. Scroll to the bottom of the listing of apps and services, then click the Details button side by side to System Services.
  5. Select Networking & Wireless (or Wi-Fi Networking), so click Done.

On your iPhone, iPad or iPod affect:

  1. Go to Settings > Privacy > Location Services.
  2. Turn on Location Services.
  3. Scroll to the bottom of the listing, then tap System Services.
  4. Turn on Networking & Wireless (or Wi-Fi Networking).

Auto-Bring together when used with wireless carrier Wi-Fi networks

Wireless carrier Wi-Fi networks are public networks set up past your wireless carrier and their partners. Your iPhone or other Apple cellular device treats them every bit known networks and automatically connects to them.

If you see "Privacy Warning" under the name of your carrier's network in Wi-Fi settings, your cellular identity could be exposed if your device were to join a malicious hotspot impersonating your carrier's Wi-Fi network. To avert this possibility, yous can prevent your iPhone or iPad from automatically rejoining your carrier'due south Wi-Fi network:

  1. Go to Settings > Wi-Fi.
  2. Tap adjacent to the wireless carrier'due south network.
  3. Turn off Car-Bring together.

Data about products not manufactured past Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple tree assumes no responsibility with regard to the pick, performance or employ of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: