Recommended settings for Wi-Fi routers and access points

These Wi-Fi router (or Wi-Fi base station) settings are for all Macs and iOS devices. These settings will give you the best performance, security, and reliability when using Wi-Fi.

This article is for network administrators and others who manage their own network. If you're trying to join a Wi-Fi network, one of these articles should help:

Follow these steps first

Before you change your settings, follow these steps:

  • Make sure that your Wi–Fi router's firmware is up to date. For AirPort Time Capsule, AirPort Extreme, or AirPort Express Base Station, check for the latest firmware using AirPort Utility.
  • Make sure that your Wi-Fi devices support the settings this article recommends.
  • If possible, back up your Wi–Fi router's settings.
  • Forget or remove the Wi-Fi settings for your network from any devices that connect to your Wi-Fi router. This will prevent the devices from attempting to connect to your network with the old configuration. You'll need to reconnect these devices to your network when you're done applying the new settings.
  • Configure all Wi–Fi routers on the same network with the same settings. Otherwise, devices could have difficulty connecting to your network, or your network could become unreliable. 
  • If you're using a dual-band Wi–Fi router, configure both bands to have the same settings, unless otherwise noted below.

SSID or Wi-Fi network name

The SSID (service set identifier), or network name, identifies your Wi-Fi network to users and other Wi-Fi devices. It is case sensitive.

Set to: Any unique name

Choose a name that's unique to your network and isn't shared by other nearby networks or networks you're likely to encounter. If your router came with a default SSID, it's especially important that you change it to a different, unique name. Some common default SSID names to avoid are linksys, netgear, dlink, wireless, 2wire, and default.

If your SSID isn't unique, Wi-Fi devices will have trouble identifying your network. This could cause them to fail to automatically connect to your network, or to connect to other networks that share the same SSID. It might also prevent Wi-Fi devices from using all routers in your network, or prevent them from using all available bands of a router.

Hidden network

Hidden networks don't broadcast their SSID over Wi-Fi. This option might be incorrectly referred to as a closed network, and the corresponding nonhidden state might be referred to as broadcast or open.

Set to: Disabled

Because hidden networks don't broadcast their SSID, devices might need more time to find them and connect to them, and connecting to them automatically might not always succeed. Hiding a network doesn't secure your Wi-Fi network, because the SSID is still available in other ways. 

MAC address authentication or filtering

Restricts access to a Wi-Fi router to devices with specific MAC (Media Access Control) addresses.

Set to: Disabled

When enabled, this feature allows a user to configure a list of MAC addresses for the Wi-Fi router, and restrict access to devices with addresses that are on the list. Devices with MAC addresses not on the list will fail to associate with the Wi-Fi network. MAC addresses can be changed easily, so don't rely on them to prevent unauthorized access to the network.

iOS 8 and later uses a randomized MAC address when running Wi-Fi scans. The scans are conducted when a device isn't associated with a Wi-Fi network and its processor is asleep. A device’s processor goes to sleep shortly after the screen is turned off. Wi-Fi scans are run to determine if a user can connect to a preferred Wi-Fi network. Enhanced Wi-Fi scans are run when a device uses Location Services for apps that use geofencing, such as location-based reminders, that determine if the device is near a specific location.

Security

The security setting controls the type of authentication and encryption used by your Wi-Fi router, which allows you to control access to the network and specify the level of privacy for data you send over the air.

Set to: WPA2 Personal (AES)

WPA2 Personal (AES) is currently the strongest form of security offered by Wi-Fi products, and is recommended for all uses. When enabling WPA2, be sure to select a strong password that can't be guessed by third parties.

If you have older Wi-Fi devices that don't support WPA2 Personal (AES), a good second choice is WPA/WPA2 Mode, also known as WPA Mixed Mode. This mode allows newer devices to use the stronger WPA2 AES encryption, while still allowing older devices to connect with older WPA TKIP-level encryption. If your Wi-Fi router doesn't support WPA/WPA2 Mode, WPA Personal (TKIP) mode is the next best choice.

For compatibility, reliability, performance, and security reasons, WEP is not recommended. WEP is insecure and functionally obsolete. If you must choose between WEP and TKIP, choose TKIP.

Due to serious security weaknesses, the WEP and WPA TKIP encryption methods are deprecated and strongly discouraged. Use these modes only if necessary to support legacy Wi-Fi devices that don't support WPA2 AES and can't be upgraded to support WPA2 AES. Devices using these deprecated encryption methods can't take full advantage of 802.11n performance and other features. As a result, the Wi-Fi Alliance has directed the Wi-Fi industry to phase out WEP and WPA TKIP.

If your security is set to None or unsecured mode, you're using no authentication or encryption. Anyone can join your Wi-Fi network, use your Internet connection, access any shared resource on your network, and read any traffic you send over the network. Using an unsecured network is not recommended.

2.4 GHz radio mode

This setting controls which versions of the 802.11a/b/g/n standard the network uses for wireless communication on the 2.4 GHz band. Newer standards (802.11n) support faster transfer rates, and older standards provide compatibility with older devices and additional range.

Set to: 802.11b/g/n

Routers that support 802.11n should be configured for 802.11b/g/n for maximum speed and compatibility. Routers that support only 802.11g should be put in 802.11b/g mode. Routers that that support only 802.11b can be left in 802.11b mode. Different Wi-Fi routers support different radio modes, so the setting varies depending on the router. In general, enable support for all modes. Devices can then automatically select the fastest commonly supported mode to communicate. Choosing a subset of the available modes prevents some devices from connecting. For example, 802.11b/g devices can't connect to a Wi-Fi router in 802.11n-only mode. Also, choosing a subset of the available modes might cause interference with nearby legacy networks, and nearby legacy devices might interfere with your network.

5 GHz radio mode

This setting controls which versions of the 802.11a/b/g/n standard the network uses for wireless communication on the 5 GHz band. Newer standards support faster transfer rates, and older standards provide compatibility with older devices and additional range.

Set to: 802.11a/n

Routers that support 802.11n should be configured for 802.11a/n mode for maximum speed and compatibility. Routers that support only 802.11a can be left in 802.11a mode. Different Wi-Fi routers support different radio modes, so the setting varies depending on the router. In general, enable support for all modes. Devices can then automatically select the fastest commonly supported mode to communicate. Choosing a subset of the available modes prevents older devices from connecting. For example, 802.11a devices can't connect to a Wi-Fi router in 802.11n-only mode. Also, choosing a subset of the available modes might cause interference with nearby legacy networks, and nearby legacy devices might interfere with your network.

Channel

This setting controls which channel your Wi-Fi router uses to communicate.

Set to: Auto

For best performance, choose "Auto" mode and let the Wi-Fi router select the best channel. If this mode isn't supported by your Wi-Fi router, choose a channel that's free from other Wi-Fi routers and other sources of interference. Read about possible sources of interference.

2.4 GHz channel width

Channel width controls how large of a ”pipe” is available to transfer data. However, larger channels are more subject to interference and more likely to interfere with other devices. A 40 MHz channel is sometimes called a wide channel, and a 20 MHz channel is a narrow channel.

Set to: 20 MHz

Use 20 MHz channels in the 2.4 GHz band. Using 40 MHz channels in the 2.4 GHz band can cause performance and reliability issues with your network, especially in the presence of other Wi-Fi networks and other 2.4 GHz devices. A 40 MHz channel might also cause interference and issues with other devices that use this band, such as Bluetooth devices, cordless phones, and neighboring Wi-Fi networks. Routers that don't support 40 MHz channels in the 2.4 GHz band do support 20 MHz channels.

5 GHz channel width

Channel width controls how large of a "pipe" is available to transfer data. Larger channels are more susceptible to interference, and more likely to interfere with other devices. Interference is less of an issue in the 5 GHz band than in the 2.4 GHz band. A 40 MHz channel is sometimes called a wide channel, and a 20 MHz channel is a narrow channel.

Set to:
For 802.11n access points, set the 5GHz band to 20 MHz and 40 MHz.
For 802.11ac access points, set the 5GHz band to 20 MHz, 40 MHz, and 80 MHz.

For best performance and reliability, enable support for all channel widths. This allows devices to use the largest width they support, which results in optimal performance and compatibility. Not all client devices support 40 MHz channels, so don't enable 40 MHz-only mode. Devices that support only 20 MHz channels cant connect to a Wi-Fi router in 40 MHz-only mode. Similarly, don't enable 80 MHz-only mode, or only clients capable of 802.11ac will be able to connect. Routers that don't support 40 MHz or 80 MHz channels do support 20 MHz channels.

DHCP

The Dynamic Host Configuration Protocol (DHCP) assigns addresses that identify devices on your network. Once assigned, devices use these addresses to communicate with each other and with computers on the Internet. The functionality of a DHCP server can be thought of as similar to a phone company handing out phone numbers, which customers then use to call other people.

Set to: Enabled, if it's the only DHCP server on your network

There should be only one DHCP server on your network. This DHCP server might be built in to your cable modem, DSL modem, or router. If more than one device has DHCP enabled, you will likely see address conflicts and have issues accessing the Internet or other resources on your network.

NAT

Network address translation (NAT) translates between addresses on the Internet and those on a local network. The functionality of a NAT provider is like that of a worker in an office mail room who takes a business address and an employee name on incoming letters and replaces them with the destination office number in a building. This allows people outside the business to send information to a specific person in the building.

Set to: Enabled, if it's the only router providing NAT services on your network

Generally, enable NAT only on the device that acts as a router for your network. This is usually either your cable modem, DSL modem, or standalone router, which might also act as your Wi-Fi router. Using NAT on more than one device is called double NAT, and that can cause issues with accessing Internet services, such as games, Voice Over IP (VoIP), Virtual Private Network (VPN), and communicating across the different levels of NAT on the local network.

WMM

WMM (Wi-Fi Multimedia) prioritizes network traffic according to four access categories: voice, video, best effort, and background.

Set to: Enabled

All 802.11n and 802.11ac access points should have WMM enabled in their default configuration. Disabling WMM can cause issues for the entire network, not just Apple products on the network.

Location Services

Some countries have regulations that affect wireless signal strength and the use of Wi-Fi channels. When you travel to other countries, make sure that your devices have Location Services turned on so that you can connect to Wi-Fi networks in that country.

On your Mac:

  1. Choose Apple menu > System Preferences, then click Security & Privacy. 
  2. Click  in the corner of the window, then enter your password.
  3. In the Privacy tab, select Location Services, then select Enable Location Services.
  4. Scroll to the bottom of the list of apps and services, then click the Details button next to System Services.
  5. In the Details dialog, select Wi-Fi Networking.

On your iPhone, iPad, or iPod touch:

  1. Go to Settings > Privacy, then turn on Location Services.
  2. Scroll to the bottom of the list, tap System Services, then turn on Wi-Fi Networking.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Last Modified: