Recommended settings for Wi-Fi routers and access points

For the all-time security, performance and reliability, nosotros recommend using these settings for all Wi-Fi routers, base of operations stations or admission points used with Apple tree products.

This article is primarily for network administrators and other people who manage their own network. If you're trying to join a Wi-Fi network, one of these articles should aid:

  • Mac: Connect to Wi-Fi and resolve Wi-Fi issues.
  • iPhone, iPad or iPod touch: Connect to Wi-Fi and resolve Wi-Fi issues.

About privacy and security warnings
If your Apple device displays a privacy warning or warning near the weak security of a Wi-Fi network, that network could expose data about your device. Apple recommends connecting to Wi-Fi networks that come across or exceed the security standards outlined in this article.

Before changing the settings on your router

  1. Back up your router'due south settings, in example you need to restore them.
  2. Update the software on your devices. This is critical for ensuring your devices take the latest security updates and work the best they can with each other.
    • First, install the latest firmware updates for your router.
    • Then, update the software on your other devices, such as on your Mac and on your iPhone or iPad.
  3. On each device that had previously joined the network, you may need to forget the network to ensure the device uses the router'south new settings when rejoining the network.

Router settings

To ensure your devices can connect deeply and reliably to your network, apply these settings consistently to each Wi-Fi router and access point, and to each band of a dual-ring, tri-band or other multi-band router.

Security

Set up to WPA3 Personalfor better security
Set to WPA2/WPA3 Transitional for compatibility with older devices

The security setting defines the type of authentication and encryption used past your router, and the level of privacy protection for data transmitted over its network. Whichever setting y'all choose, always fix a potent password for joining the network.

  • WPA3 Personal is the newest, about secure protocol currently available for Wi-Fi devices. It works with all devices that support Wi-Fi 6 (802.11ax), and some older devices besides.
  • WPA2/WPA3 Transitional is a mixed mode that uses WPA3 Personal with devices that back up that protocol, while allowing older devices to use WPA2 Personal (AES) instead.
  • WPA2 Personal (AES) is appropriate when you tin can't use one of the more secure modes. In that instance, also cull AES every bit the encryption or cipher type, if bachelor.

Weak security settings to avoid on your router

Don't create or bring together networks that use older, deprecated security protocols. These are no longer secure, they reduce network reliability and functioning, and they will crusade your device to display a security warning:

  • WPA/WPA2 mixed modes
  • WPA Personal
  • WEP, including WEP Open, WEP Shared, WEP Transitional Security Network or Dynamic WEP (WEP with 802.1X)
  • TKIP, including any security setting with TKIP in the name

Settings that turn off security, such every bit None, Open or Unsecured, are besides strongly discouraged. Turning off security disables hallmark and encryption and allows anyone to bring together your network, access its shared resources (including printers, computers and smart devices), use your internet connection, and monitor the websites you visit and other data that's transmitted over your network or internet connection. This is a risk fifty-fifty if security has been turned off temporarily or for a guest network.

Network name (SSID)

 Set to a single, unique name (example sensitive)

The Wi-Fi network proper name, or service prepare identifier (SSID), is the name your network uses to annunciate its presence to other devices. It'due south also the name that nearby users will see on their device'due south list of available networks.

Use a name that's unique to your network, and make sure all routers on your network use the same proper noun for every band they support. For example, don't use common names or default names, such as linksys, netgear, dlink, wireless or 2wire, and don't requite your ii.4 GHz and 5 GHz bands unlike names.

If you don't follow this guidance, your devices may not connect reliably to your network, to all of the routers on your network or to all of the available bands of your routers. And devices that bring together your network are more than likely to encounter other networks that have the aforementioned proper name, so automatically try to connect to them.

Hidden network

Ready to Disabled

A router tin can be configured to hibernate its network name, or SSID. Your router may incorrectly utilise "airtight" to mean hidden, and "circulate" to mean not hidden.

Hiding the network name doesn't conceal the network from beingness detected or secure it against unauthorised access. And considering of the fashion devices search for and connect to Wi-Fi networks, using a hidden network may expose information that can exist used to place yous and the hidden networks you employ, such as your dwelling network. When connected to a subconscious network, your device may display a privacy alarm due to this privacy gamble.

To secure admission to your network, use the appropriate security setting instead.

MAC address filtering, authentication and admission control

Set up to Disabled

When this feature is enabled, your router can exist set up to but allow devices that have specified media admission command (MAC) addresses to join the network. Reasons why you shouldn't rely on this feature to forbid unauthorised access to your network:

  • It doesn't forestall network observers from monitoring or intercepting traffic on the network.
  • MAC addresses tin easily be copied, spoofed (impersonated) or changed.
  • To assistance protect user privacy, some Apple devices use a different MAC address for each Wi-Fi network.

To secure access to your network, use the appropriate security setting instead.

Automatic firmware updates

 Set up toEnabled

If possible, set your router to install software and firmware updates automatically as they become bachelor. Firmware updates tin affect the security settings bachelor to you, and they deliver other important improvements to the stability, performance and security of your router.

Radio mode

Set to All (preferred),orWi-Fi 2 to Wi-Fi half-dozen (802.11a/g/n/ac/ax)

These settings, bachelor separately for the 2.4 GHz and 5 GHz bands, command which versions of the Wi-Fi standard the router uses for wireless communication. Newer versions offering better functioning and can support more than devices concurrently.

Information technology's usually best to enable every mode that'due south offered by your router, rather than a subset of these modes. All devices, including older devices, can then connect using the fastest radio mode they support. This besides helps reduce interference from nearby legacy networks and devices.

Bands

Enable all bands that are supported by your router

A Wi-Fi band is like a route that data can flow downwardly. More bands provide more data capacity and performance for your network.

Aqueduct

Set to Auto

Each band of your router is divided into multiple, independent communication channels, similar dissimilar lanes on a road. When channel selection is set to automatic, your router will select the best Wi-Fi aqueduct for you.

If your router doesn't support automated channel choice, choose whichever channel performs all-time in your network environment. That varies depending on the Wi-Fi interference in your network environment, which can include interference from any other routers and devices that are using the same channel. If you have multiple routers, configure each one to use a dissimilar channel, particularly if they are close to each other.

Channel width

Set to 20 MHz for the two.4 GHz ring
Set to Motorcaror all widths (xx MHz, 40 MHz, 80 MHz) for the 5 GHz band

Channel width specifies the size of "piping" bachelor to transfer data. Wider channels are faster only more susceptible to interference, and also more than likely to interfere with other devices.

  • 20 MHz for the two.4 GHz ring helps to avoid performance and reliability bug, especially near other Wi-Fi networks and 2.four GHz devices, including Bluetooth devices.
  • Auto or all aqueduct widths for the 5 GHz ring ensures the best performance and compatibility with all devices. Wireless interference is less of a business organization in the v GHz band.

DHCP

Set to Enabled, if your router is the merely DHCP server on the network

Dynamic host configuration protocol (DHCP) assigns IP addresses to devices on your network. Each IP address identifies a device on the network and enables information technology to communicate with other devices on the network and Net. A network device needs an IP address, much like a phone needs a phone number.

Your network should just take one DHCP server. If DHCP is enabled on more than i device, such every bit on both your cablevision modem and router, accost conflicts may forbid some devices from connecting to the net or using network resources.

DHCP lease fourth dimension

 Ready to 8 hours for home or office networks;ane hour for hotspots or invitee networks

DHCP lease time is the length of time that an IP address assigned to a device is reserved for that device.

Wi-Fi routers usually have a express number of IP addresses they can assign to devices on the network. If that number is depleted, the router tin can't assign IP addresses to new devices, and these devices tin can't communicate with other devices on the network and Cyberspace. Reducing DHCP lease time allows the router to reclaim and reassign quondam IP addresses that are no longer being used faster.

NAT

Set to Enabled, if your router is the only device providing NAT on the network

Network accost translation (NAT) translates between addresses on the Internet and addresses on your network. NAT can be understood by imagining a company's postal service room, where deliveries to employees at the company's address are directed to employee offices within the building.

Yous should more often than not only enable NAT on your router. If NAT is enabled on more than one device, such as on both your cable modem and router, the resulting "double NAT" may cause devices to lose access to certain resource on the network or internet.

WMM

Gear up to Enabled

WMM (Wi-Fi multimedia) prioritises network traffic to better the functioning of a variety of network applications, such as video and phonation. All routers that back up Wi-Fi iv (802.11n) or later should have WMM enabled by default. Disabling WMM can affect the operation and reliability of devices on the network.

Device features that can affect Wi-Fi connections

These features may affect how you set upward your router or the devices that connect to it.

Private Wi-Fi Address

Location Services

Brand certain your device has Location Services turned on for Wi-Fi networking, because regulations in each country or region ascertain the Wi-Fi channels and wireless indicate strength allowed at that place. Location Services helps to ensure your device tin can reliably see and connect to nearby devices, and that it performs well when using Wi-Fi or features that rely on Wi-Fi, such equally AirPlay or AirDrop.

On your Mac:

  1. Cull Apple menu  > System Preferences, and so click Security & Privacy.
  2. Click the lock in the corner of the window, and so enter your administrator password.
  3. In the Privacy tab, select Location Services, and then select Enable Location Services.
  4. Ringlet to the lesser of the list of apps and services, and so click the Details button next to System Services.
  5. Select Networking & Wireless (or Wi-Fi Networking), then click Done.

On your iPhone, iPad or iPod bear upon:

  1. Go to Settings > Privacy > Location Services.
  2. Turn on Location Services.
  3. Scroll to the bottom of the list, then tap Organization Services.
  4. Plough on Networking & Wireless (or Wi-Fi Networking).

Auto-Join when used with wireless network provider Wi-Fi networks

Wireless network provider Wi-Fi networks are public networks fix by your wireless network provider and their partners. Your iPhone or other Apple mobile device treats them equally known networks and connects to them automatically.

If yous encounter a "Privacy Alert" nether the name of your network provider's network in Wi-Fi settings, your mobile identity could be exposed if your device were to join a malicious hotspot impersonating your network provider's Wi-Fi network. To avert this possibility, you can prevent your iPhone or iPad from automatically rejoining your network provider'due south Wi-Fi network:

  1. Become to Settings > Wi-Fi.
  2. Tap adjacent to the wireless network provider's network.
  3. Turn off Auto-Join.

Information about products non manufactured by Apple, or contained websites non controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance or employ of 3rd-party websites or products. Apple makes no representations regarding third-political party website accuracy or reliability. Contact the vendor for additional information.

Published Date: