Wi-Fi roaming support in Apple devices
Devices connected to a Wi-Fi network are responsible for maintaining their 802.11 connection. One portion of this connection relationship is deciding when to roam to a new basic service set (BSS) or access point (AP). The device makes this decision based on various factors, including received signal strength and availability of access points on the same network or other networks that the device has previously joined before, and that are configured for auto-join. As the device begins to look for roam candidates, various roaming optimization support technologies are implemented to improve this roaming performance and device battery life with features such as:
Radio Measurement (802.11k): To deliver the list of neighboring access points.
Fast BSS Transition (802.11r) and Cisco Adaptive 802.11r: To help devices quickly and securely roam between access points.
Pairwise Master Key Identifier (PMKID) Caching: To enable fast roaming back to previously associated access points.
Interworking with External Networks (802.11u): To enable easy and secure Wi-Fi service discovery and connection.
Wireless Network Management (802.11v): To help identify the optimal wireless access points for roaming.
Roaming optimization support for Apple devices
Apple devices support these assisted roaming technologies:
Technology | 802.11k | 802.11r | PMKID | 802.11u | 802.11v |
---|---|---|---|---|---|
iPhone 5s or later | |||||
iPad Pro 13-inch (M4) | |||||
iPad Pro 9.7-inch or later | |||||
iPad Air (1st generation) or later | |||||
iPad (5th generation) or later | |||||
iPad mini 2 or later | |||||
Apple Vision Pro | |||||
Mac with Apple silicon | |||||
Intel-based Mac |
Device decision to roam
Devices detect when to roam by evaluating the current connection’s received signal strength indicator (RSSI) value in comparison with the RSSI of a new access point. After the signal attenuates to a certain value (known as the roam trigger threshold), the device evaluates roam candidates. Factors considered include the roam trigger threshold, the frequency band, and the physical layer (PHY) technology used by the roam candidate access point.
Trigger threshold and cell overlap
Mac computers monitor and maintain the current BSSID’s connection until the RSSI crosses the –75 dBm threshold. iPhone and iPad devices monitor and maintain the basic service set identifier (BSSID)’s connection until the received signal strength indicator (RSSI) exceeds –70 dBm. After the Mac, iPhone, or iPad crosses its roam trigger threshold, the device scans for roam candidate BSSIDs for the current extended service set identifier (ESSID).
The antennas on devices vary from model to model, and they may perceive different cell boundaries than what are expected. Keep this in mind when you design wireless cells and calculate their signal overlap. It’s always best to use the target device when you measure cell overlap.
Technology | Roam trigger threshold | Gaining BSS relative signal strength when transmitting data | Gaining BSS relative signal strength when idle |
---|---|---|---|
Mac with Apple silicon | –75 dBm | 12 dB stronger | 12 dB stronger |
Intel-based Mac | –75 dBm | 12 dB stronger | 12 dB stronger |
iPhone 5s or later | –70 dBm | 8 dB stronger | 12 dB stronger |
iPad Pro 13-inch (M4) | –70 dBm | 8 dB stronger | 12 dB stronger |
iPad Pro 9.7-inch or later | –70 dBm | 8 dB stronger | 12 dB stronger |
iPad Air (1st generation) or later | –70 dBm | 8 dB stronger | 12 dB stronger |
iPad (5th generation) or later | –70 dBm | 8 dB stronger | 12 dB stronger |
iPad mini 2 or later | –70 dBm | 8 dB stronger | 12 dB stronger |
Apple Vision Pro | –70 dBm | 8 dB stronger | 12 dB stronger |
Selection criteria for band, network, and roam candidates
Beyond reaching the roam trigger threshold, the candidate basic service set (or access point) must have a signal that’s better than the current one. For macOS, the candidate BSS must have an RSSI that’s 12 dB stronger than the current BSS, whether the Mac is idle or transmitting data. For iOS, iPadOS, and visionOS, the candidate BSS must have an RSSI that’s 8 dB stronger if the iPhone, iPad, or Apple Vision Pro is transmitting data, or an RSSI that’s 12 dB stronger if the device is idle.
For example, an iPhone connected to an SSID where the RSSI of the current connection might drop to –75 dBm during a voice over WLAN (VoWLAN) call. When this happens, the device later searches for roam candidate BSSIDs that have an RSSI of at least –67 dBm. If a Mac is connected to the same network and the RSSI of the current connection drops to –75 dBm, the device searches for a roam candidate BSSID that has an RSSI of at least –63 dBm.
Consider a deployment where an iPhone or iPad is using a network designed for 6 GHz or 5 GHz radio frequency cells that have a –67 dBm overlap. In this case, the device keeps its connection to the BSSID longer than expected. This is because the iPhone or iPad uses a –70 dBm roam trigger threshold.
iOS, iPadOS, macOS, and visionOS use information shared by networks about channel utilization and quantity of associated clients—along with received signal strength measurements to score candidate networks. Higher scoring networks offer a better Wi-Fi experience. Those operating systems also choose a network based on these criteria:
Wi-Fi 7 (802.11be) is preferred over Wi-Fi 6 (802.11ax)
Wi-Fi 6 (802.11ax) is preferred over Wi-Fi 5 (802.11ac)
Wi-Fi 5 (802.11ac) is preferred over Wi-Fi 4 (802.11n) or 802.11a
Wi-Fi 4 (802.11n) is preferred over 802.11a
160 MHz channel width is preferred over 80 MHz, 40 MHz, or 20 MHz
80 MHz channel width is preferred over 40 MHz or 20 MHz
40 MHz channel width is preferred over 20 MHz
Understanding how clients roam—as well as your knowing the required signal strength of a candidate BSS—can help you design a wireless network that supports real-time services, like voice and video.
Roaming optimization support
Finding a valid network and access point is only part of the process. The client must complete the roam process quickly and without interruption so the user doesn’t experience downtime. Roaming involves the client authenticating against the new BSSID and deauthenticating from the current BSSID. The security and authentication method determines how quickly this can happen.
First, 802.1X-based authentication requires that the client complete the entire EAP key exchange. Then, it can deauthenticate from the current BSSID. Depending on the environment’s authentication infrastructure, this might take several seconds. End users could experience interrupted service because data can’t be passed on the network until authentication is complete.
iPhone, iPad, a Mac with Apple silicon, and Apple Vision Pro can support 802.11 standard amendments 802.11k, 802.11r, and 802.11v. Even if a device doesn’t support 802.11r, all devices support PMKID caching. With this type of caching, the device checks the Pairwise Master Key Identifier (PMKID)‚ that the client sent. You can use PMKID caching with some wireless equipment to improve roaming between access points. Another form of caching—sticky key caching (SKC)—optimizes roaming back to previously associated access points. Sticky key caching isn’t equal to or compatible with opportunistic key caching. If you want to support devices that are FT capable and that have PMKID caching, you may need more service set identifiers.
Radio measurement (802.11k)
802.11k allows these devices to quickly identify nearby access points that are available for roaming. When the signal strength of the current AP weakens and your device needs to roam to a new one, the device already knows which access point offers the best connection.
A roam scan is the process used by a device to check for access points that support the currently associated ESSID. The device checks all available channels in the 2.4 GHz, 5 GHz, and primary scanning channels in 6 GHz. In addition, 6 GHz networks are discovered out-of-band by listening for the Reduced Neighbor Report information element of beacons in the 2.4 GHz and 5 GHz bands.
The roam scan runs more quickly if 802.11k is enabled on the network. This helps because supported Apple devices and operating systems use the first six entries in the Neighbor Report to prioritize the channels to be scanned. If the 802.11k Neighbor Report isn’t enabled, those devices must scan more methodically.
For example, a user who is on a call might walk to the other side of the building. When the iPhone crosses the -70 dBm threshold, it scans for roam targets. If it uses the Neighbor Report that 802.11k provides, it finds APs that support the current ESSID on three channels. It immediately scans those channels, finds that the AP on a channel has the appropriate signal strength, and roams. If 802.11k isn’t enabled on the network, the client has to scan every channel on each band to find a roam target. This can add several seconds to the process.
Fast BSS transition (802.11r)
802.11r streamlines the authentication process using a feature called Fast BSS Transition (FT) when your device roams from one AP to another on the same network. FT allows the devices to associate with APs more quickly. Depending on your Wi-Fi hardware vendor, FT can work with both pre-shared key (PSK) and 802.1X authentication methods. Intel-based Mac computers don’t support Fast BSS Transition, but they interoperate with Fast BSS Transition networks so that additional SSIDs don’t need to be deployed.
On Cisco networks, Adaptive 802.11r is supported to allow Apple devices which support FT to co-exist with legacy devices that don’t support FT on an SSID configured to allow FT and non-FT clients simultaneously. Supported Apple devices and Cisco APs mutually signal that Adaptive 802.11r is supported by the network and that FT can be used. Legacy wireless clients that don’t support 802.11r can still join the same network but are unable to benefit from faster FT roaming. Adaptive 802.11r requires Cisco release 8.3 or later and supported Apple devices running iOS 10, iPadOS 13.1, and macOS 10.13, or later.
PMKID caching
PMKID caching speeds up the reconnection process. A client device—having previously established a Pairwise Master Key by completing an initial EAP (Extensible Authentication Protocol) authentication and key exchange—can return to the same access point where its PMKID has been cached. By speeding up the reconnection from one access point or BSS to another previously joined access point, roaming time is improved. iOS, iPadOS, and macOS support static PMKID caching to help optimize roaming between BSSIDs in the same ESSID.
Interworking with external networks (802.11u)
Organizations use 802.11u (also known as Wi-Fi Certified Passpoint or HotSpot 2.0) to allow their users to automatically move from one Wi-Fi network to another—similar to cellular roaming—without changing any sign-in information. When a device detects an authorized 802.11u access point, the device automatically connects to that network.
Wireless network management (802.11v)
802.11v provides additional information about nearby access points that could be optimal candidates to join. When a device must roam, the BSS transition data (supplied by the network) is reviewed so the device can quickly determine which access points are best for roaming.