Recommended settings for Wi-Fi routers and access points

These Wi-Fi router (or Wi-Fi base station) settings are for all Macs and iOS devices. These settings will give you the best performance, security, and reliability when using Wi-Fi.

This article is for network administrators and others who manage their own network. If you're trying to join a Wi-Fi network, one of these articles should help:

Follow these steps first

Before you change your settings, follow these steps:

  • Make sure that your Wi–Fi router's firmware is up to date. If you're using an AirPort base station or Time Capsule, follow these steps.
  • Make sure that all Wi–Fi devices you want to use support the settings this article recommends.
  • If possible, back up your Wi–Fi router's settings.
    If necessary, refer to the product documentation or manufacturer's website.
  • Forget or remove the Wi-Fi settings for your network from any devices that connect to your Wi-Fi router. This will prevent the devices from attempting to connect to your network with the old configuration. You'll need to reconnect these devices to your network when you've finished applying the new settings.

Configure all Wi–Fi routers on the same network with the same settings. Otherwise, devices could have difficulty connecting to your network, or your network could become unreliable. On dual-band Wi–Fi routers, configure both bands to have the same settings unless otherwise noted below.

You can configure an AirPort Base Station with AirPort Utility. If you have a different router, refer to the manual or to the manufacturer's website to learn how to change the settings.

Use the settings below for best performance, security, and reliability.

SSID (Service Set Identifier—Wi-Fi network name)

The SSID, or network name, identifies your Wi-Fi network to users and other Wi-Fi devices. It is case sensitive.

Set to: Any unique name.

Details: Choose a name that's unique to your network and isn't shared by other nearby networks or other networks you are likely to encounter. If your router came with a default SSID (network name), it's especially important that you change it to a different, unique name. Some common default SSID names to avoid are "linksys", "netgear", "NETGEAR", "dlink", "wireless", "2wire", and "default".

If your SSID isn't unique, Wi-Fi devices will have trouble identifying your network. This could cause them to fail to automatically connect to your network, or to connect to other networks sharing the same SSID. Also, it might prevent Wi-Fi devices from using all routers in your network (if you have more than one Wi-Fi router), or prevent them from using all available bands (if you have a dual-band Wi-Fi router).

Hidden network

Hidden networks don't broadcast their SSID over Wi-Fi. This option might also be incorrectly referred to as a "closed" network, and the corresponding nonhidden state might be referred to as "broadcast" or "open".

Set to: Disabled

Details: Because hidden networks don't broadcast their SSID, it's harder for devices to find them, which can result in increased connection time and can reduce the reliability of auto-connection. Hiding a network doesn't secure your Wi-Fi network, because the SSID is still available through other mechanisms. Security is enforced by a different setting (see Security below).

MAC address authentication or filtering

Restricts access to a Wi-Fi router to devices with specific MAC (Media Access Control) addresses.

Set to: Disabled

Details: When enabled, this feature allows a user to configure a list of MAC addresses for the Wi-Fi router, and restrict access to devices with addresses that are on the list. Devices with MAC addresses not on the list will fail to associate to the Wi-Fi network. Unfortunately, device MAC addresses can be easily changed, so this can't be relied upon to prevent unauthorized access to the network. Security should be enforced by a different setting (see Security below). 

Security

The security setting controls the type of authentication and encryption used by your Wi-Fi router. This setting allows you to control access to your wireless network, as well as to specify the level of privacy you'd like to have for data you send over the air.

Set to: WPA2 Personal (AES)

Details: WPA2 Personal (AES) is currently the strongest form of security offered by Wi-Fi products, and is recommended for all uses. When enabling WPA2, be sure to select a strong password, one that cannot be guessed by third parties.

If you have older Wi-Fi devices on your network that don't support WPA2 Personal (AES), a good second choice is WPA/WPA2 Mode (often referred to as WPA Mixed Mode). This mode will allow newer devices to use the stronger WPA2 AES encryption, while still allowing older devices to connect with older WPA TKIP-level encryption. If your Wi-Fi router doesn't support WPA/WPA2 Mode, WPA Personal (TKIP) mode is the next best choice.

Using WEP isn't recommended for compatibility, reliability, performance, and security reasons. WEP is insecure and functionally obsolete. Use TKIP if you must choose between it and WEP.

For reference, "None" or unsecured mode, provides no authentication or encryption. If you use this security mode, anyone will be able to join your Wi-Fi network, use your Internet connection, or access any shared resource on your network. Also, anyone will be able to read any traffic you send over the network. For these reasons, this security mode isn't recommended.

Due to serious security weaknesses, the WEP and WPA TKIP encryption methods are deprecated and strongly discouraged. These modes should  be used only if it is necessary to support legacy Wi-Fi devices that don't support WPA2 AES and cannot be upgraded to support WPA2 AES. Devices using these deprecated encryption methods won't be able to take full advantage of 802.11n performance and other features. Due to these issues the Wi-Fi Alliance has directed the Wi-Fi industry to phase out WEP and WPA TKIP.

2.4 GHz Radio Mode

This setting controls which versions of the 802.11a/b/g/n standard the network uses for wireless communication on the 2.4 GHz band. Newer standards (802.11n) support faster transfer rates, and older standards provide compatibility with older devices and additional range.

Set to: 802.11b/g/n

Details: Routers that support 802.11n should be configured for 802.11b/g/n for maximum speed and compatibility. Routers that only support 802.11g should be put in 802.11b/g mode, while those that support only 802.11b can be left in 802.11b mode. Different Wi-Fi routers support different radio modes, so the exact setting will vary depending on the Wi-Fi router in use. In general, enable support for all modes. Devices will then automatically select the fastest commonly supported mode to communicate. Note that choosing a subset of the available modes will prevent some devices from connecting (for example, 802.11b/g devices will be unable to connect to a Wi-Fi router in 802.11n-only mode). Also, choosing a subset of the available modes might cause interference with nearby legacy networks, and might cause nearby legacy devices to interfere with your network.

5 GHz Radio Mode

This setting controls which versions of the 802.11a/b/g/n standard the network uses for wireless communication on the 5 GHz band. Newer standards support faster transfer rates, and older standards provide compatibility with older devices and additional range.

Set to: 802.11a/n

Details: Routers that support 802.11n should be configured for 802.11a/n mode for maximum speed and compatibility. Routers that only support 802.11a can be left in 802.11a mode. Different Wi-Fi routers support different radio modes, so the exact setting will vary depending on the Wi-Fi router in use. In general, enable support for all modes. Devices will then automatically select the fastest commonly supported mode to communicate. Note that choosing a subset of the available modes will prevent older devices from connecting (for example, 802.11a devices will be unable to connect to a Wi-Fi router in 802.11n-only mode). In addition, choosing a subset of the available modes might cause interference with nearby legacy networks, and might cause nearby legacy devices to interfere with your network.

Channel

This setting controls which channel your Wi-Fi router will use to communicate. "Auto" allows the Wi-Fi router to select the best channel automatically. You can also manually select a channel.

Set to: Auto

Details: For best performance, choose "Auto" mode and let the Wi-Fi router select the best channel. If this mode isn't supported by your Wi-Fi router, you'll need to manually select a channel. You should pick a channel that's free from other Wi-Fi routers and other sources of interference. Read about possible sources of interference.

2.4 GHz channel width

Channel width controls how large a "pipe" is available to transfer data. However, larger channels are more subject to interference and more prone to interfere with other devices. A 40 MHz channel is sometimes referred to as a wide channel, with 20 MHz channels referred to as narrow channels.

Set to: 20 MHz

Details: Use 20 MHz channels in the 2.4 GHz band. Using 40 MHz channels in the 2.4 GHz band can cause performance and reliability issues with your network, especially in the presence of other Wi-Fi networks and other 2.4 GHz devices. 40 MHz channels might also cause interference and issues with other devices that use this band, such as Bluetooth devices, cordless phones, neighboring Wi-Fi networks, and so on. Note that not all routers support 40 MHz channels, especially in the 2.4 GHz band. If they are not supported, the router will use 20 MHz channels.

5 GHz channel width

Channel width controls how large a "pipe" is available to transfer data. Larger channels are more prone to interference, and more likely to interfere with other devices. Interference is less of an issue in the 5 GHz band than in the 2.4 GHz band. A 40 MHz channel is sometimes referred to as a wide channel, with 20 MHz channels referred to as narrow channels.

Set to: For 802.11n access points, set the 5GHz band to 20 MHz and 40 MHz. For 802.11ac access points, set the 5GHz band to 20 MHz, 40 MHz, and 80 MHz.

Details: For best performance and reliability, enable support for all channel widths. This allows devices to use the largest width they support, which results in optimal performance and compatibility. Not all client devices support 40 MHz channels, so don't enable 40 MHz-only mode. Devices that support only 20 MHz channels won't be able to connect to a Wi-Fi router in 40 MHz-only mode. Similarly, don't enable 80 MHz-only mode, or only clients capable of 802.11ac will be able to connect. Also, not all routers support 40 MHz and 80 MHz channels. A router that doesn't will use 20 MHz channels.

DHCP

The Dynamic Host Configuration Protocol (DHCP) assigns addresses that identify devices on your network. Once assigned, devices use these addresses to communicate with each other and with computers on the Internet. The functionality of a DHCP server can be thought of as similar to a phone company handing out phone numbers, which customers then use to call other people.

Set to: Only one DHCP server per network

Details: There should be only one DHCP server on your network. This DHCP server might be built in to your DSL or cable modem, a standalone router, or integrated with your Wi-Fi router. In any case, only one device should act as a DHCP server on your network. If more than one device has it enabled, you will likely see address conflicts and will have issues accessing the Internet or other resources on your network.

NAT

Network address translation (NAT) translates between addresses on the Internet and those on a local network. The functionality of a NAT provider is like that of a worker in an office mail room who takes a business address and an employee name on incoming letters and replaces them with the destination office number in a building. This allows people outside the business to send information to a specific person in the building.

Set to: Enabled only on your router; only one device at most should provide NAT services on the network.

Details: Generally, NAT should only be enabled on the device acting as a router for your network. This is usually either your DSL or cable modem, or a standalone router, which might also act as your Wi-Fi router. If NAT is enabled on more than one device—"double NAT"—you'll likely have trouble accessing certain Internet services, such as games, Voice Over IP (VoIP), and Virtual Private Network (VPN), and communicating across the different levels of NAT on the local network.

WMM (Wi-Fi Multimedia)

WMM prioritizes network traffic according to four access categories: voice, video, best effort, and background.

Set to: Enabled

Details: All 802.11n and 802.11ac access points should have WMM enabled in their default configuration. Disabling WMM can cause issues for the entire network, not just Apple products on the network.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Last Modified:
Helpful?
68% of people found this helpful.

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)