good practice wifi settings 2,4 & 5GHz ?

[phoenixxko]

hi gents,

I rely here on your expertise, how to set up wifi network for home usage in best way - 2,4Ghz (I still have few devices for that) and 5GHz (majority of devices)

I live in a mid-size flat (around 90 square meters, router is well placed almost in center of it) and I'd like to fine tune my wifi setup here (to get most of it), I studied here & there, so far have following settings:

2,4GHz

wireless mode - auto
channel bandwith - 20 MHz
control channel - 11
Authentication method - Open (I am using Wireless MAC filter - only 2,4 GHz devices)

wireless scheduler & ap isolation - disabled
roaming assistant - disabled
Bluetooth Coexistence - disabled
Enable IGMP Snooping - disabled
Multicast Rate(Mbps) - Auto
Preamble Type - Short
AMPDU RTS - Enabled
RTS Threshold - 2347
DTIM Interval - 3
Beacon Interval - 100
Enable TX Bursting - Enabled
Enable WMM - Enabled
Enable WMM No-Acknowledgement - Enabled
Enable WMM APSD - Enabled
Optimize AMPDU aggregation - Enabled
Optimize ack suppression - Enabled
Modulation Scheme - Up to MCS9
Airtime Fairness - Enabled
Explicit Beamforming - Disabled
Universal Beamforming - Enabled
Tx power adjustment - Balance

5GHz

wireless mode - auto
channel bandwith - 80 MHz
control channel - 36
Extension channel - auto
Authentication method - Open (I am using Wireless MAC filter - only 5 GHz devices)

wireless scheduler & ap isolation - disabled
roaming assistant - disabled
Enable IGMP Snooping - disabled
Multicast Rate(Mbps) - Auto
AMPDU RTS - Enabled
RTS Threshold - 2347
DTIM Interval - 3
Beacon Interval - 100
Enable TX Bursting - Enabled
Enable WMM - Enabled
Enable WMM No-Acknowledgement - Enabled
Enable WMM APSD - Enabled
Optimize AMPDU aggregation - Enabled
Optimize ack suppression - Enabled
Modulation Scheme - Up to MCS9
Airtime Fairness - Disabled
802.11ac Beamforming - Enabled
Universal Beamforming - Disabled
Tx power adjustment - Balance


no IPTV, mirroring iPhone to AppleTV once a week max, so no special devices in use ...

I enabled Jumbo frame (because of connected Synology NAS), Spanning-tree disabled, NAT acceleration enabled ...



any advice with reasonable explanation is much appreciated in advance !

 

[L&LD]

I have found that changing settings to what they are 'known' to work at is not the same as just changing what needs to be changed after a full reset to factory defaults (M&M Config).

This is what I have found to give myself and my customers the fastest and most stable network possible. Full reset. Minimal and manual configuration. Don't carry forward old settings, scripts, options that may have worked in older hardware or firmware. Do not use the same SSID's on new equipment and/or current firmware.

The links below may help you get there.

L&LD | SmallNetBuilder Forums

New M&M 2020 (be sure to see the 'original' M&M Config in the link above too).

Fully Reset Router and Network

 

[thecheapseats]

Auth=Open and relying on mac filter 'accept'?... umm... not a good security idea unless you live in the middle of nowhere...

 

[phoenixxko]

if I would live in the middle of nowhere, I would not be using MAC filter any explanation for that?

 

[thecheapseats]

if I would live in the middle of nowhere, I would not be using MAC filter any explanation for that?

ok... if you're not using an ssid passwd - use an ssid passwd and continue with mac addr filter too, if you want... mac addrs are easily spoofed however...

 

[phoenixxko]

MAC spoofing is common practice, that’s for sure ... but how to sniff those MACs if b/g protection is enabled ... I don’t think it’s that easy but I agree that MAC filter with pass protection is much better, but I didn’t want to lose performance over encryption if I don’t have to ... even wpa2 is cracked ... so hard to decide here what’s better ...

 

[thecheapseats]

good luck with that... /s

 

[ChatmanR]

MAC addresses can be easily spoofed in many operating systems, so any device could pretend to have one of those allowed, unique MAC addresses.

MAC addresses are easy to get, too. They’re sent over the air with each packet going to and from the device, as the MAC address is used to ensure each packet gets to the right device. All an attacker has to do is monitor the Wi-Fi traffic for a second or two, examine a packet to find the MAC address of an allowed device, change their device’s MAC address to that allowed MAC address, and connect in that device’s place. You may be thinking that this will not be possible because the device is already connected, but a “deauth” or “deassoc” attack that forcibly disconnects a device from a Wi-Fi network will allow an attacker to reconnect in its place...

 

[RejZoR]

MAC addresses can be easily spoofed in many operating systems, so any device could pretend to have one of those allowed, unique MAC addresses.

MAC addresses are easy to get, too. They’re sent over the air with each packet going to and from the device, as the MAC address is used to ensure each packet gets to the right device. All an attacker has to do is monitor the Wi-Fi traffic for a second or two, examine a packet to find the MAC address of an allowed device, change their device’s MAC address to that allowed MAC address, and connect in that device’s place. You may be thinking that this will not be possible because the device is already connected, but a “deauth” or “deassoc” attack that forcibly disconnects a device from a Wi-Fi network will allow an attacker to reconnect in its place...

Not on WPA3 networks...

 

[Amiga]

I have found that changing settings to what they are 'known' to work at is not the same as just changing what needs to be changed after a full reset to factory defaults (M&M Config).

Do not use the same SSID's on new equipment and/or current firmware.

Old thread but curious why you're not keen on recycling SSIDs to a new router? I could spend a lifetime trying to reconfigure my many IoT devices, especially Wi-Fi ones, each with their crappy mobile app. I believe I have a dying RT-AC86U and I am migrating to an unused RT-AX68U I have sitting around.

 

[drinkingbird]

Old thread but curious why you're not keen on recycling SSIDs to a new router? I could spend a lifetime trying to reconfigure my many IoT devices, especially Wi-Fi ones, each with their crappy mobile app. I believe I have a dying RT-AC86U and I am migrating to an unused RT-AX68U I have sitting around.

Not sure why he says that a lot. I've had the same SSID across many different routers, brands, factory resets, firmware upgrades, etc, etc, never an issue with devices reconnecting and working fine.

 

[Tech9]

I have the same SSIDs for >15 years. Never had a need to change.

 

[HeadBanger]

And me. Same SSIDs for almost 10 years now over many ASUS routers, the first being an RT-AC66U.

I’ve not noticed any issues either.

HB

 

[L&LD]

Old thread but curious why you're not keen on recycling SSIDs to a new router? I could spend a lifetime trying to reconfigure my many IoT devices, especially Wi-Fi ones, each with their crappy mobile app. I believe I have a dying RT-AC86U and I am migrating to an unused RT-AX68U I have sitting around.

For many individual users here, using their old SSID causes no issues. When problems do arise though, as the full reply from the partial quote you responded to alludes to, it is much easier to set up a 'brand new' network, including new SSIDs so that any remaining problems are 'real' and not issues related to anything that may have come before.

Particularly for distant/rural customers, I don't have time to go back and forth trying to pinpoint and fix a problem related to something as easy to set as what a new SSID does all at once.

Additionally, when moving from different class routers (i.e. N class to AC class, AC class to AX class, etc.) some/all? client devices associate specific microcode to that specific hardware AP and SSID. Using new SSIDs forces the new equipment to be connected with all the benefits the new hardware allows, without issues of old microcode settings conflicting with new hardware, protocols, and other interdependencies.

Again, for myself, when I travel an hour + to a client, after finally agreeing to a mutually agreeable date/time too, I don't want to do things half-a$t to save mere minutes off the total time. I take the time to re-associate all client devices to a new SSID and then I don't have to even think about any possible issues there (if, they arise, yes, but when doing this for pay, there will always be issues, of course).

For individual users, those aspects may seem unimportant. But even for my network, when I get a new router, new SSIDs are the standard, to be able to test the new hardware properly and without any niggling 'what ifs'.

In short, for individual users, a new SSID may not be required. But if you want the best possible performance from your network, it is the far easier option (the other method is to go to each client, 'remove' the old connection, reboot the client, and then re-associate each client again. What a new SSID does is remove the 'forget this network' steps from each client, all at once).

 

[drinkingbird]

For many individual users here, using their old SSID causes no issues. When problems do arise though, as the full reply from the partial quote you responded to alludes to, it is much easier to set up a 'brand new' network, including new SSIDs so that any remaining problems are 'real' and not issues related to anything that may have come before.

Particularly for distant/rural customers, I don't have time to go back and forth trying to pinpoint and fix a problem related to something as easy to set as what a new SSID does all at once.

Additionally, when moving from different class routers (i.e. N class to AC class, AC class to AX class, etc.) some/all? client devices associate specific microcode to that specific hardware AP and SSID. Using new SSIDs forces the new equipment to be connected with all the benefits the new hardware allows, without issues of old microcode settings conflicting with new hardware, protocols, and other interdependencies.

Again, for myself, when I travel an hour + to a client, after finally agreeing to a mutually agreeable date/time too, I don't want to do things half-a$t to save mere minutes off the total time. I take the time to re-associate all client devices to a new SSID and then I don't have to even think about any possible issues there (if, they arise, yes, but when doing this for pay, there will always be issues, of course).

For individual users, those aspects may seem unimportant. But even for my network, when I get a new router, new SSIDs are the standard, to be able to test the new hardware properly and without any niggling 'what ifs'.

In short, for individual users, a new SSID may not be required. But if you want the best possible performance from your network, it is the far easier option (the other method is to go to each client, 'remove' the old connection, reboot the client, and then re-associate each client again. What a new SSID does is remove the 'forget this network' steps from each client, all at once).

If you use a new SSID, you're going to have to touch every client anyway. So if you're really concerned, just forget and re-establish the network to the same SSID. That will remove anything that may or may not be cached by the client.

I've seen large scale corporate upgrades from G to N with the same SSID and not a single user complaint and no performance issues. Same at home, I can roam between N and AC, and have used the same SSID starting with A, then G, then N, then AC, and never had to forget anything or change any clients.

Of course if people want to do a new SSID they're welcome to but the "NEVER use the same SSID" is misleading. Based on what you're saying clients should never be able to roam between two APs without having issues. That's clearly not the case, even when the APs use different Wifi technology.

 

[L&LD]

Obviously, you missed the point(s) of my post.

 

[Tech9]

I use the same SSIDs in my business as well for 3x hardware upgrades already. Two locations have the same SSIDs and I sometimes ship clients between them - about 180 Chromebooks at the moment. One location had Ubiquiti network replaced by Cisco - the same SSIDs. No issues whatsoever. I have a warehouse too with wireless scanners, sensors, tablets, etc. about 80 devices. If I change the SSIDs I have to shut down the business for a day.

If I have a house with 100+ IoTs and someone comes with ideas to change my SSIDs - I'll show him the door right away. This is going to be the first indication this guy has no idea what is he doing and just wants to waste my time showing me how hard is to set a home router from BestBuy.

 

[L&LD]

None of my customers have a home with 100+ IoTs. And if they did, I would not promise them what I do now. (Give them a faster, more stable, and lower latency network than what they have now).

And with all those clients and multiple locations, you've already stated you use the same networking hardware in any event. Kinda makes your 'same SSID' comments moot.

 

[drinkingbird]

None of my customers have a home with 100+ IoTs. And if they did, I would not promise them what I do now. (Give them a faster, more stable, and lower latency network than what they have now).

And with all those clients and multiple locations, you've already stated you use the same networking hardware in any event. Kinda makes your 'same SSID' comments moot.

I'd like to see some evidence of changing SSID resulting in increased speed, increased reliability, or lower latency.

There is nothing in the technology that would cause that.

 

[Tech9]

@drinkingbird, you're wasting your time.