About wireless roaming for enterprise

Learn about how devices running iOS and iPadOS roam in an enterprise Wi-Fi environment.

This article is intended for system administrators for a school, business, or other organization.

This information applies to these devices running iOS or iPadOS:

  • iPhone 5s and later

  • iPod touch (6th generation)

  • iPad Pro and later

  • iPad Air and later

  • iPad mini 2 and later

  • iPad (5th generation or later)

Trigger threshold

This is the minimum signal level a client needs to maintain a connection.

iPhone, iPad, and iPod touch monitor and maintain the Basic Service Set Identifier (BSSID)’s connection until the Received Signal Strength Indicator (RSSI) exceeds -70 dBm. Then, the device scans for roam candidate BSSIDs for the new Extended Service Set Identifier (ESSID).

Keep this in mind when you design wireless cells and calculate their signal overlap. For example, you might design 5 GHz cells that have a -67 dBm overlap. In this case, the device keeps its connection to the BSSID longer than you expect. This is because the device uses -70 dBm as the trigger. If the BSSID's RSSI is greater than -65 dBm, the device prefers a 5 GHz network.

Be sure to use the target device to measure cell overlap. Antennas on a laptop computer are much larger and more powerful than antennas on a smartphone or tablet. So if you use a laptop to measure overlap, iPhones and iPads will have different cell boundaries than you expect.

Roam scan

This is when stations check for access points (APs) that support the current ESSID. The stations check all available channels in either the 2.4 GHz band or the 5 GHz band.

The roam scan runs more quickly if you turn on 802.11k on your control plane. This helps because iPhone, iPad, and iPod touch use the first six entries in the neighbor report and reviews them to prioritize its scans. If you don’t turn on 802.11k, iOS has to scan more methodically. This can add several seconds to the discovery process.

For example, a user who is on a call might walk to the other side of the building. When the device crosses the -70 dBm threshold, it scans for roam targets. If it uses the neighbor report that 802.11k provides, it finds APs that support the current ESSID on three channels. It immediately scans those channels, finds that the AP on a channel has the appropriate signal strength, and roams. If you don’t turn on 802.11k, the client has to scan every channel on each band to find a roam target. This can add several seconds to the process.

Roam candidate selection criteria

This information can help you design a wireless network that supports real-time services, like voice and video. iOS considers information shared by networks about channel utilization and quantity of associated clients. iOS uses these details along with signal strength measurements (RSSI) to score candidate networks. Higher score networks offer a better Wi-Fi experience.

If multiple 5 GHz SSIDs are scored the same, iOS chooses a network based on the following criteria:

  • 802.11ax is preferred over 802.11ac

  • 802.11ac is preferred over 802.11n or 802.11a

  • 802.11n is preferred over 802.11a

  • 80 MHz channel width is preferred over 40 MHz or 20 MHz

  • 40 MHz channel width is preferred over 20 MHz

iOS and iPadOS select target BSSIDs based on:

  • Whether the client transmits or receives a series of 802.11 data packets

  • The difference in signal strength against the current BSSID’s RSSI

When the device sends or receives data, it picks target BSSIDs whose RSSI is eight dB or greater than the current BSSID’s RSSI. When the device doesn't send or receive data, use a 12 dB differential.

For example, the RSSI of the current connection might drop to -75 dBm during a Voice over WLAN (VoWLAN) call. When this happens, the device later searches for BSSIDs that have an RSSI of at least -67 dBm.

No alt supplied for Image

If the call ends and the device stops sending or receiving data, the device searches for BSSIDs that have an RSSI of at least -63 dBm. Note that 802.11 Management Frames and Control Frames don't count as data.

Roam performance

"Roam performance" is the amount of time that a client needs to authenticate to a new BSSID. To authenticate, the client has to find a valid roam candidate, then complete the roam process quickly. Otherwise, the user experiences an interruption in service.

Roaming occurs when the client authenticates against the new BSSID and deauthenticates from the current BSSID. The amount of time that this takes depends on the security and authentication method that you use.

If you use 802.1X-based authentication, the client must complete the EAP key exchange before it deauthenticates from the BSSID. This can take several seconds, depending on the environment’s authentication infrastructure. When this happens, the user experiences an interruption of service.

If you use 802.11r-based authentication, the client can preauthenticate against potential access points. This reduces the authentication time to milliseconds, and the user is unlikely to experience an interruption of service.

Use the Wi-Fi scanner in AirPort Utility

The AirPort Utility app includes a Wi-Fi scanner that logs the device's view of the network. Administrators can use it to validate the client’s view of the network at a specific location.

For accurate results, use the Wi-Fi scanner on the same model of iPhone, iPad, or iPod touch that your users will have.

  1. On your iPhone, iPad, or iPod touch, go to Settings, tap AirPort Utility, then turn on Wi-Fi Scanner.

  2. Open the Airport Utility app, then tap Wi-Fi Scan.

  3. Use the slider to set a scan duration of up to 60 seconds. By default, Wi-Fi Scanner runs continuously.

  4. To start the scan, tap Scan. AirPort Utility lists all the SSIDs that it finds. This includes hidden networks, which appear as "Network name unavailable." To stop the scan, tap Stop.

    No alt supplied for Image
    • The AirPort Utility scans all available bands at four-second intervals. Enterprise networks that have multiple access points are grouped by BSSID. The scanner shows information about:

      • SSID

      • BSSID

      • Last RSSI

      • Channel

      • Last Time Found

  5. To view a trace log of the scan results for an SSID and BSSID, tap the SSID. The trace log shows the date and time of the scan, along with the channel and RSSI.

    No alt supplied for Image
  6. After the scan completes, you can share the results. Tap the Back buttonNo alt supplied for Image, tap the Share buttonNo alt supplied for Image, then choose an option.

AirPort Utility sends the results as a comma-separated list:

SSID, BSS, RSSI, Channel, time

"ACES", "18:64:72:D3:E9:40", "-57", "11", "12:02:03 PM"

"Cuba", "F8:1E:DF:F9:56:BC", "-53", "149", "12:02:03 PM"

"ACES", "18:64:72:D3:E9:50", "-63", "149", "12:02:03 PM"

"Cuba", "F8:1E:DF:F9:56:BB", "-69", "11", "12:02:03 PM"

"ACES", "18:64:72:D3:E9:40", "-67", "11", "12:02:07 PM"

The first line is a column header that shows the SSID, BSS, RSSI, Channel, and time fields. To analyze or chart the results, import the list into a spreadsheet or other tool.

Published Date: