Recommended settings for Wi-Fi routers and access points

For the all-time security, performance, and reliability, nosotros recommend these settings for Wi-Fi routers, base of operations stations, or access points used with Apple products.

This article is primarily for network administrators and others who manage their own network. If you're trying to join a Wi-Fi network, one of these articles should help:

  • Mac: Connect to Wi-Fi and resolve Wi-Fi issues.
  • iPhone, iPad, iPod touch: Connect to Wi-Fi and resolve Wi-Fi issues.

Nigh privacy and security warnings
If your Apple tree device shows a privacy alarm or weak-security alarm about a Wi-Fi network, that network could expose information near your device. Apple recommends connecting to Wi-Fi networks that meet or exceed the security standards in this article.

Before changing the settings on your router

  1. Back up your router's settings, in case you demand to restore them.
  2. Update the software on your devices. This is disquisitional to ensure that your devices have the latest security updates and work best with each other.
    • First install the latest firmware updates for your router.
    • Then update the software on your other devices, such as on your Mac and on your iPhone or iPad.
  3. On each device that previously joined the network, you might need to forget the network to ensure that the device uses the router'south new settings when rejoining the network.

Router settings

To ensure that your devices can connect securely and reliably to your network, utilize these settings consistently to each Wi-Fi router and access betoken, and to each band of a dual-ring, tri-band, or other multiband router.

Security

Set to WPA3 Personalfor better security
Ready to WPA2/WPA3 Transitional for compatibility with older devices

The security setting defines the blazon of authentication and encryption used by your router, and the level of privacy protection for data transmitted over its network. Whichever setting yous choose, always set a strong countersign for joining the network.

  • WPA3 Personal is the newest, well-nigh secure protocol currently available for Wi-Fi devices. It works with all devices that support Wi-Fi half dozen (802.11ax), and some older devices.
  • WPA2/WPA3 Transitional is a mixed mode that uses WPA3 Personal with devices that back up that protocol, while allowing older devices to use WPA2 Personal (AES) instead.
  • WPA2 Personal (AES) is appropriate when you can't utilize one of the more than secure modes. In that case, also cull AES as the encryption or aught blazon, if available.

Weak security settings to avoid on your router

Don't create or join networks that use older, deprecated security protocols. These are no longer secure, they reduce network reliability and performance, and they cause your device to show a security warning:

  • WPA/WPA2 mixed modes
  • WPA Personal
  • WEP, including WEP Open, WEP Shared, WEP Transitional Security Network, or Dynamic WEP (WEP with 802.1X)
  • TKIP, including whatsoever security setting with TKIP in the name

Settings that turn off security, such as None, Open, or Unsecured, are also strongly discouraged. Turning off security disables authentication and encryption and allows anyone to bring together your network, admission its shared resource (including printers, computers, and smart devices), use your internet connection, and monitor the websites you lot visit and other data transmitted over your network or internet connection. This is a chance even if security is turned off temporarily or for a guest network.

Network proper name (SSID)

 Ready to a single, unique name (case-sensitive)

The Wi-Fi network name, or SSID (service set identifier), is the proper name your network uses to advertise its presence to other devices. It's as well the proper name that nearby users see on their device's listing of available networks.

Use a name that's unique to your network, and make sure that all routers on your network employ the same name for every ring they back up. For instance, don't utilise common names or default names such equally linksys, netgear, dlink, wireless, or 2wire, and don't requite your 2.4GHz and 5GHz bands different names.

If you don't follow this guidance, devices might not connect reliably to your network, to all routers on your network, or to all available bands of your routers. And devices that join your network are more likely to encounter other networks that accept the same proper name, and then automatically try to connect to them.

Hidden network

Set to Disabled

A router can exist configured to hide its network name (SSID). Your router might incorrectly apply "closed" to mean hidden, and "broadcast" to hateful not hidden.

Hiding the network name doesn't conceal the network from detection or secure information technology against unauthorized admission. And because of the fashion that devices search for and connect to Wi-Fi networks, using a hidden network might expose information that tin be used to identify yous and the hidden networks yous utilise, such every bit your home network. When connected to a hidden network, your device might show a privacy warning because of this privacy gamble.

To secure access to your network, use the appropriate security setting instead.

MAC address filtering, hallmark, access command

Set to Disabled

When this feature is enabled, your router tin be set up to allow only devices that accept specified MAC (media admission control) addresses to join the network. You shouldn't rely on this feature to prevent unauthorized access to your network, for these reasons:

  • It doesn't prevent network observers from monitoring or intercepting traffic on the network.
  • MAC addresses tin easily be copied, spoofed (impersonated), or changed.
  • To help protect user privacy, some Apple devices use a different MAC address for each Wi-Fi network.

To secure admission to your network, use the appropriate security setting instead.

Automated firmware updates

 Set toEnabled

If possible, set your router to automatically install software and firmware updates as they go available. Firmware updates can impact the security settings available to you, and they deliver other important improvements to the stability, performance, and security of your router.

Radio mode

Set to All (preferred),orWi-Fi ii through Wi-Fi half dozen (802.11a/1000/due north/ac/ax)

These settings, available separately for the ii.4GHz and 5GHz bands, control which versions of the Wi-Fi standard the router uses for wireless communication. Newer versions offer meliorate operation and support more devices concurrently.

It's usually all-time to enable every style offered by your router, rather so a subset of those modes. All devices, including older devices, tin can then connect using the fastest radio fashion they support. This besides helps reduce interference from nearby legacy networks and devices.

Bands

Enable all bands supported past your router

A Wi-Fi ring is similar a street over which data can menstruum. More bands provide more than data capacity and operation for your network.

Channel

Set to Machine

Each band of your router is divided into multiple, independent communication channels, similar lanes in a street. When channel selection is set to automatic, your router selects the best Wi-Fi channel for you.

If your router doesn't support automatic channel choice, choose whichever channel performs best in your network environment. That varies depending on the Wi-Fi interference in your network environs, which can include interference from whatsoever other routers and devices that are using the same channel. If you have multiple routers, configure each to use a different channel, especially if they are close to each other.

Channel width

Set to 20MHz for the 2.4GHz ring
Set to Autoor all widths (20MHz, 40MHz, 80MHz) for the 5GHz band

Channel width specifies how large of a "pipe" is bachelor to transfer information. Wider channels are faster but more susceptible to interference and more than likely to interfere with other devices.

  • 20MHz for the 2.4GHz ring helps to avoid functioning and reliability issues, especially near other Wi-Fi networks and 2.4GHz devices, including Bluetooth devices.
  • Auto or all channel widths for the 5GHz band ensures the best functioning and compatibility with all devices. Wireless interference is less of a concern in the 5GHz band.

DHCP

Fix to Enabled, if your router is the only DHCP server on the network

DHCP (dynamic host configuration protocol) assigns IP addresses to devices on your network. Each IP accost identifies a device on the network and enables information technology to communicate with other devices on the network and internet. A network device needs an IP accost much similar a telephone needs a phone number.

Your network should accept but 1 DHCP server. If DHCP is enabled on more than ane device, such as on both your cable modem and router, address conflicts might prevent some devices from connecting to the internet or using network resource.

DHCP lease time

 Prepare to 8 hours for home or office networks;i 60 minutes for hotspots or guest networks

DHCP charter time is the length of fourth dimension that an IP address assigned to a device is reserved for that device.

Wi-Fi routers usually take a express number of IP addresses that they can assign to devices on the network. If that number is depleted, the router can't assign IP addresses to new devices, and those devices tin can't communicate with other devices on the network and internet. Reducing DHCP charter time allows the router to more quickly reclaim and reassign old IP addresses that are no longer being used.

NAT

Set to Enabled, if your router is the only device providing NAT on the network

NAT (network address translation) translates between addresses on the internet and addresses on your network. NAT can be understood by imagining a company's mail department, where deliveries to employees at the company'due south street address are routed to employee offices within the building.

Mostly, enable NAT only on your router. If NAT is enabled on more than one device, such as on both your cable modem and router, the resulting "double NAT" might cause devices to lose admission to certain resource on the network or internet.

WMM

Set to Enabled

WMM (Wi-Fi multimedia) prioritizes network traffic to improve the performance of a diverseness of network applications, such as video and vocalism. All routers that support Wi-Fi iv (802.11n) or after should have WMM enabled by default. Disabling WMM can bear on the performance and reliability of devices on the network.

Device features that can affect Wi-Fi connections

These features might affect how y'all fix your router or the devices that connect to it.

Private Wi-Fi Address

Location Services

Brand certain that your device has Location Services turned on for Wi-Fi networking, considering regulations in each land or region define the Wi-Fi channels and wireless indicate strength allowed there. Location Services helps to ensure that your device can reliably see and connect to nearby devices, and that it performs well when using Wi-Fi or features that rely on Wi-Fi, such equally AirPlay or AirDrop.

On your Mac:

  1. Cull Apple menu  > System Preferences, and so click Security & Privacy.
  2. Click the lock in the corner of the window, then enter your ambassador password.
  3. In the Privacy tab, select Location Services, then select Enable Location Services.
  4. Gyre to the bottom of the list of apps and services, and so click the Details button next to System Services.
  5. Select Networking & Wireless (or Wi-Fi Networking), then click Done.

On your iPhone, iPad, or iPod touch:

  1. Go to Settings > Privacy > Location Services.
  2. Plow on Location Services.
  3. Scroll to the bottom of the listing, then tap Organization Services.
  4. Turn on Networking & Wireless (or Wi-Fi Networking).

Automobile-Bring together when used with wireless carrier Wi-Fi networks

Wireless carrier Wi-Fi networks are public networks set past your wireless carrier and their partners. Your iPhone or other Apple cellular device treats them every bit known networks and automatically connects to them.

If you meet "Privacy Warning" under the name of your carrier's network in Wi-Fi settings, your cellular identity could exist exposed if your device were to join a malicious hotspot impersonating your carrier'due south Wi-Fi network. To avoid this possibility, you tin prevent your iPhone or iPad from automatically rejoining your carrier's Wi-Fi network:

  1. Get to Settings > Wi-Fi.
  2. Tap next to the wireless carrier's network.
  3. Turn off Auto-Join.

Information near products not manufactured by Apple, or contained websites not controlled or tested by Apple tree, is provided without recommendation or endorsement. Apple tree assumes no responsibleness with regard to the selection, performance, or employ of third-political party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for boosted information.

Published Appointment: