Before you begin
The changes and behaviors described in this document apply to the following devices in enterprise environments:
- iPad Pro
- iPhone 5c, iPhone 5s, and later
- iPad Air and later
- iPad mini 2 and later
- iPod touch (6th generation)
iOS uses different criteria when roaming in consumer environments. Other devices use the same roaming behavior found in iOS 7.
Trigger threshold
The trigger threshold is the minimum signal level a client requires to maintain the current connection.
iOS clients monitor and maintain the current BSSID’s connection until the RSSI crosses the -70 dBm threshold. Once crossed, iOS initiates a scan to find roam candidate BSSIDs for the current ESSID.
This information is important to consider when designing wireless cells and their expected signal overlap. For example, if 5 GHz cells are designed with a -67 dBm overlap:
- iOS uses -70 dBm as the trigger and will therefore remain connected to the current BSSID longer than you expect.
- Review how the cell overlap was measured. The antennas on a portable computer are much larger and more powerful than a smartphone or tablet, so iOS devices see different cell boundaries than expected. It is always best to measure using the target device.
Roam scan
A roam scan is when stations check the available channels in a given band (either 2.4 or 5 GHz) for access points (APs) that support the current ESSID.
The time it takes to scan depends on a variety of factors, but the best way to streamline this process is to enable 802.11k on your control plane since iOS leverages the first 6 entries in the neighbor report and reviews the candidates to prioritize its scanning. Without 802.11k iOS has to scan more methodically, potentially adding several seconds to the discovery process.
For example, if a user is on a call and walks to the other side of the building, the device crosses the -70 dBm threshold and looks for roam targets. Using the neighbor report provided by 802.11k, it knows there are APs supporting the current ESSID on channels 36, 44 and 11. It immediately scans those channels, finds the AP on channel 44 has the appropriate signal strength, and roams. However, without 802.11k the client must scan all of the various channels on each band to find a roam target, adding several seconds to the process.
Roam candidate selection criteria
iOS 8 and later selects target BSSIDs based on two criteria:
- Is the client transmitting or receiving a series of 802.11 data packets?
- The difference in signal strength against the current BSSID’s RSSI.
iOS 8 and later selects target BSSIDs whose reported RSSI is 8 dB or greater than the current BSSID’s RSSI if the client is transmitting or receiving data. Clients not sending or receiving data, for example sitting idle in a pocket, use a 12 dB differential.
For example, if the RSSI of the current connection drops to -75 dBm, and the user is engaged in a VoWLAN call, then iOS 8 searches for BSSIDs with an RSSI of -67 dBm or better.

If that same user isn't in a call, or transmitting or receiving a series of data packets, then iOS 8 only considers BSSIDs with an RSSI of -63 dBm or better.
802.11 Management and Control frames do not count as data.
Understanding the selection criteria of iOS allows administrators to reevaluate their current wireless design to make sure that it provides the expected and required performance to support real-time services like voice or video.
Roam performance
Roam performance indicates the time a client requires to successfully authenticate to a new BSSID.
Finding a valid roam candidate is only part of the process—the client has to actually complete the roam process quickly and unobtrusively so the user experiences no interruption in service. Roaming itself involves the client authenticating against the new BSSID and deauthenticating from the current BSSID. The security and authentication method dictates how quickly this can be achieved.
802.1X-based authentication requires the client to complete the entire EAP key exchange before it can deauthenticate from the current BSSID. This can take several seconds, depending on the environment’s authentication infrastructure, and translates into interrupted service to the end user in the form of dead air.
The best way to streamline this process is to utilize the fast roam capabilities of 802.11r if this is supported by your networking equipment. 802.11r allows clients to pre-authenticate against potential access points, reducing the authentication time from potential seconds to milliseconds.
Measuring Client RSSI using AirPort Utility
Apple’s AirPort Utility for iOS 1.3.4 includes a wireless scanning feature that provides a log of the client’s view of the network. Administrators can use this feature to validate the iOS client’s view of the network at a given location or walking a path as the scanner maintains a log of scan events for review.
Don't attempt to use AirPort Utility on the same device that you're running your application as that can produce inaccurate results. Apple recommends using a separate device (of the same model) dedicated to the scanning process.
The scanning feature is enabled in the AirPort preferences pane in the iOS Settings app.

Once scanning is enabled, AirPort Utility shows a new Wi-Fi Scan button in the upper right. Click this button to go to the Scanning screen.

By default AirPort Utility scans continuously. You can use the "Scan duration" slider to control how long it should scan, up to 60 seconds.

Start scanning
Once the scanning duration is set, select ‘Scan’ to start the scanning process. AirPort Utility populates the screen with any SSIDs it finds, including hidden networks (though those are blank).

The list is dynamically generated as the utility scans the available bands, currently at four second intervals. Enterprise networks with multiple access points are grouped by BSSID. The AirPort Utility scanner shows the following information:
- SSID
- BSSID
- Last RSSI
- Channel
- Last Time Found
Hidden networks appear as "Network name unavailable."
Select an SSID to view a trace log of the scan results for that SSID and BSSID:

The trace log shows the date/time the BSSID was found along with the channel and RSSI.
Sharing the scan results
Once the test is complete and you select ‘Stop’ to stop the scan, the results can be shared using the standard iOS sharing menu. AirPort Utility offers the following sharing options:
- AirDrop
- Message
- Copy
The results are sent as a comma-separated list:
SSID, BSS, RSSI, Channel, date
"ACES", "18:64:72:D3:E9:40", "-57", "11", "12:02:03 PM"
"Cuba", "F8:1E:DF:F9:56:BC", "-53", "149", "12:02:03 PM"
"ACES", "18:64:72:D3:E9:50", "-63", "149", "12:02:03 PM"
"Cuba", "F8:1E:DF:F9:56:BB", "-69", "11", "12:02:03 PM"
"ACES", "18:64:72:D3:E9:40", "-67", "11", "12:02:07 PM"
The first line is the column header, showing the SSID, BSS, RSSI, Chanel and Time fields. This format makes it simple to import the results into a spreadsheet or other tool to analyze or chart the results.