Folks get frustrated when Wi-Fi doesn't work with their iPhones and iPads.  There are times when iPhones can't connect, frequently disconnect, or experience poor data rates.  

   The previous post examines six different wireless problems associated with iPhones and iPads:  Standby settings; spectrum preference; legacy rates; encryption; and signal strength.

   This post provides specific solutions that resolve iPhone Wi-Fi problems.  It includes Juniper wireless controller (WLC) configuration examples.  However, these recommendations generally apply to all wireless systems (e.g., Cisco, Aruba, etc.).  These practices also apply to personal wireless systems at the home.  

Recommendation 1:  Influence Roaming.

   iPhones prefer the 2.4GHz band due to differences in transmission and client imprecision.   Both factors cause unnecessary roaming between dual bands on a single AP.
Best Practices:
  1.  Use 5GHz for most situations.

       Disable 2.4Ghz radio; or implement band segregation that dedicates unique SSID per spectrum (e.g., Pub-2.4 and Pub-5GHz).

       Dynamic auto power transmission (tx-power) does not influence single-AP roaming when bands are segregated by SSIDs.  However, do consider how power impacts the long range of 802.11bg networks (e.g., sticky client syndrome).  Far reaching 11bg signals also introduce security vulnerabilities.  Long distance range is not always desirable.
  2.  Take precautions to limit dual-band roaming for situation where band segregation is not possible.  Influence iPhone 5GHz preference via signal strength.  Keep 2.4GHz RSSI 11dBs lower than the 5Ghz RSSI. Insufficient 5GHz coverage is the exception.
  3.  Load-Balancing is for high density user base situations. Disable load balancing if it’s not necessary. By all means, use load balancing for locations with heavy use. Make sure there are sufficient APs within the proximity of each client.

Recommendation 2:  Controlling Data Rates/ Cell Size.

   Nearby 802.11bg networks can decrease 2.4GHz channel throughput by 90% (another reason to tone down power levels). This is especially troublesome considering there are only three non-overlapping 2.4GHz channel,  Legacy data rates may further reduce network throughput. 5GHz is the preferred band.
Best Practices:
  1.  Disable 1, 2, 5.5, and 11 Mbps rates for 802.11a, 802.11g, 802.11na, and 802.11ng.  Set Mandatory and Beacon rates to 24Mbps on all bands except 801.11b.
  2.  Use RF detection rules to disable 802.11b clients –this requires Ringmaster.

       Alternately, set the radio type to 11ng. This approach disables 802.11b and strictly uses transmit rates defined in the service profile.

       Also consider disabling 802.11g by changing the 20MHz channel width to 40HMz. There are still a number of devices that use 802.11g –exercise with caution.
  3. Only use WPA2 RSN (i.e., AES) encryption with CCMP ciphers –no TKIP!

Recommendation 3:  Transmission Power Tuning.

   APs in close proximity to other APs may transmit overlapping cells. Overlapping cells can cause excessive iPhone roaming.
Best Practices:
  1.  Conduct site-survey to determine best coverage. Use auto-power tuning in lieu of site-survey.
  2.  Reduce power transmission rates from each AP. Avoid overlapping signals at -70 dBm (i.e., iPhone roaming). Acceptable overlapping target is approximately -81 dBm.

       802.11b (2.4GHz) has nearly twice the range of 802.11a (5GHz). Adjust radio power levels so that 5GHz RSSI is greater than the 2.4GHz RSSI. For example, set 2.4GHz to 4dBm; and set 5GHz to 12dBm.

       Some folks recommend disabling auto-power tuning. However, auto-tuning is a good alternative to simply jacking-up power rates to maximum transmission. Estimating static transmit maximums should work fine as well.

Juniper WLC iPhone Optimization Commands:

   These steps segregates dual-band radios by assigning unique SSIDs to each radio.  N.B., We can't use the GUI for this advanced configuration.
 Table 1.  Dual-Band Segregation Example.
SSIDRadio1 (2.4GHz)Radio2 (5GHz)
SSID1 Contoso_2.4GHz
 SSID2 Contoso_5GHz

1.   Create service profiles for 2.4GHz band.
*WLC# set service-profile contoso_2.4 11n mode-ng enable
*WLC# set service-profile contoso_2.4 11n mode-na disable
2.   Set 2.4GHz transmission rates.

     We cannot disable 11b transmission rates here. We essentially disable 11b later on when we assign radio type (11n/g vs 11b) in the radio-profile. Ignore 802.11b transmission rates (for now) and set mandatory 802.11g rates.
set service-profile sp_contoso_2.4 transmit-rate 11a mandatory 24.0,36.0,48.0,54.0 disabled 6.0,9.0,12.0,18.0 beacon-rate 24.0 multicast-rate AUTO
set service-profile sp_contoso_2.4 transmit-rate 11b mandatory 11.0 disabled 1.0,2.0,5.5 beacon-rate 11.0 multicast-rate AUTO
set service-profile sp_contoso_2.4 transmit-rate 11g mandatory 24.0,36.0,48.0,54.0 disabled 1.0,2.0,5.5,6.0,9.0,11.0,12.0,18.0 beacon-rate 24.0 multicast-rate AUTO
set service-profile sp_contoso_2.4 transmit-rate 11ng mandatory 24.0,36.0,48.0,54.0 disabled 1.0,2.0,5.5,6.0,9.0,11.0 beacon-rate 24.0 multicast-rate AUTO
Set 2.4 GHz 11n mode:
set service-profile sp_contoso_2.4 11n mode-ng required
set service-profile sp_contoso_5GHz 11n mode-na disable
3.   Create 5GHz service profile.

Set 11n mode for 5Ghz profile:
set service-profile sp_contoso_5GHz 11n mode-na required
set service-profile sp_contoso_5GHz 11n mode-ng disable

Set 5Ghz transmissions.
set service-profile sp_contoso_5GHz transmit-rate 11a mandatory 24.0,36.0,48.0,54.0 disabled 6.0,9.0,12.0,18.0 beacon-rate 24.0 multicast-rate AUTO
4.   Create 5GHz Radio Profile
set radio-profile rp_contoso_5GHz rate-enforcement enable
set radio-profile rp_contoso_5GHz service-profile sp_contoso_5GHz
5.   Create 2.4GHz Radio Profile
set radio-profile rp_contoso_2.4 rate-enforcement enable
set radio-profile rp_contoso_2.4 service-profile sp_contoso_2.4
set radio-profile rp_contoso_2.4 preamble-length short

6.   Optionally set power for RF transmission.

     Dedicating radios to SSIDs allows for relaxed power management -it's not entirely necessary. Consider auto-power tuning. It’s not as good as a site survey but it’s better than blasting tx-power at maximum output.
set radio-profile Shoreland_2.4 power-policy max-coverage 7.  Assign radio profiles to specific APs/Radios.

     We assign radio 1 with auto transmit power.
set ap 3 radio 1 radio-profile Shoreland_2.4 radiotype 11ng tx-power auto 8.  Optionally set channel width to 40MHz to effectivly prevent legacy devices from connecting.
set radio-profile Shoreland_2.4 11n channel-width-na 40MHz  9.  Assign service profile to APs' 5GHz radios.
set ap 3 radio 2 radio-profile Shoreland_Guest radiotype 11na tx-power auto 10.  Assign other SSIDs as needed.  Add CORP-802.1x to new radio-profile -otherwise it won't broadcast.
set radio-profile Shoreland_2.4 service-profile Shoreland_VLAN1_MF
set radio-profile Shoreland_Guest service-profile Shoreland_VLAN1_MF
Let's see if it works:
#reset ap 3

#sh ap status verbose

Radio 1 Type: 802.11ng(2x3), State: configure succeeded [Enabled]
Antenna type: INTERNAL
Operational channel: 6 (Auto) Operational power: 4
Load balance: disabled
RFID reports: Inactive
BSSID1: 00:26:3e:xx:xx:xx, SSID: Contoso 2.4GHz
Radio 2 Type: 802.11na(2x3), State: configure succeeded [Enabled]
Antenna type: INTERNAL
Operational channel: 165,-- (Auto) Operational power: 18
Load balance: disabled
RFID reports: Inactive
BSSID1: 00:26:3e:xx:xx:xx, SSID: Contoso 5.4

That’s It!

Juniper Troubleshooting Commands:

Review session data on the wireless controllers. Check client roaming. Look for short connection durations; and roams between the 2.4GHz and 5GHz radios:

CONTROLLER# sh sessions network verbose
CONTROLLER# sh service-profile Public
CONTROLLER# sh ap status verbose
Things to look for:

Roaming history: Check for short connection durations; and roams between the 2.4GHz and 5GHz radios.
Confirm the device information: Device type, Last RSSI, last packet rate.

Roaming history:
Switch AP/Radio Association time Duration
--------------- ----------- ----------------- ------------------- 2/1 03/11/16 16:11:20 00:04:10 2/2 03/11/16 16:10:10 00:01:10 2/1 03/11/16 16:02:27 00:07:43 2/2 03/11/16 15:52:33 00:09:54 2/1 03/11/16 15:39:17 00:13:16 2/2 03/11/16 15:33:22 00:05:55
The above example shows frequent roams between the same AP.

-Confirm the device information: Device type, Last RSSI, last packet rate.
Device type: iphone (AAA)
Radio type: 802.11ng
Last packet rate: 24.0 Mb/s
Last packet RSSI: -69 dBm
Review the service-profile:

*CONTROLLER# sh service-profile Shoreland_Guest

11n attributes
11n Mode (na): enabled
11n Mode (ng): enabled
Guard Interval: short
Frame aggregation mode: all
MSDU Max length: 4k
MPDU Max length: 64k
TxBF: disabled
Is the 2.4GHz band (i.e., 11ng) enabled?
Authentication: PSK
Encryption: RSN
Cipher: CCMP
Pre-shared-key: xxxxxxxxxxxxxxxxxxxxxxxxxx
Also, Check encryption and cipher setting. Does it use WPA or Robust Security Network (RSN)? Or both? N.B., in general, WPA uses Temporal Key Integrity Protocol (TKIP), and RSN uses Advanced Encryption Standard (AES) with the Counter Mode CBC MAC Protocol (CCMP) cipher.

Juniper recommends WPA2 (i.e., RSN) and CCMP. It does not recommend combinations of WPA, WPA2, TKIP, and CCMP. Authentication can either be pre-shared key or 802.1x. Use 802.1x for the corporate network and PSK for the Guest network.

Pay attention to the 802.11 settings as well.  


About Steven M. Jordan

Steven Jordan is an infrastructure and process management specialist. Steven holds a Master of Science degree in ICT from the University of Wisconsin Stout. Steven is also a Cisco Certified Network Professional (CCNP) and Master Gardener.
Newer Post
Older Post


  1. Thank you for the post. We use Cisco controllers and access points. Every iPhone in the building could only connect at 12Mbps. I took your advice and separated our 2.4GHz and 5GHz networks. iPhones now connect at rates over 120Mbps! Well Done.

  2. Great advice, but I don't have a Juniper access point. How can I get my iphone to work better with my setup at home? What about Linksys or ASUS wireless APs?

    1. Your iPhone should connect better with these changes:

      1. Does your access point use dual radios? FYI, that's not the same thing as two antennas! Rather, does it broadcast both frequencies, 5GHz (802.11na) and 2.4Ghz (802.11ng)?

      If so, disable the 2.4 GHz radio. Not all residential access points provide this feature. Look for this setting on the AP's configuration web page.

      Also, 5GHz does not travel as far as the 2.4GHz signal. If coverage is an issue (e.g., large home) try to disable the 5GHz radio instead.

      2. My other advice is to check your access point's security settings. The wrong combination of security options will disable higher data rates. In general, use WPA and AES/CCMP for home access points. TKIP ciphers limit data rates to under 54 Mbps.

      Good Luck!