good practice wifi settings 2,4 & 5GHz ?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

phoenixxko

Occasional Visitor
hi gents,

I rely here on your expertise, how to set up wifi network for home usage in best way - 2,4Ghz (I still have few devices for that) and 5GHz (majority of devices)

I live in a mid-size flat (around 90 square meters, router is well placed almost in center of it) and I'd like to fine tune my wifi setup here (to get most of it), I studied here & there, so far have following settings:

2,4GHz

wireless mode - auto
channel bandwith - 20 MHz
control channel - 11
Authentication method - Open (I am using Wireless MAC filter - only 2,4 GHz devices)

wireless scheduler & ap isolation - disabled
roaming assistant - disabled
Bluetooth Coexistence - disabled
Enable IGMP Snooping - disabled
Multicast Rate(Mbps) - Auto
Preamble Type - Short
AMPDU RTS - Enabled
RTS Threshold - 2347
DTIM Interval - 3
Beacon Interval - 100
Enable TX Bursting - Enabled
Enable WMM - Enabled
Enable WMM No-Acknowledgement - Enabled
Enable WMM APSD - Enabled
Optimize AMPDU aggregation - Enabled
Optimize ack suppression - Enabled
Modulation Scheme - Up to MCS9
Airtime Fairness - Enabled
Explicit Beamforming - Disabled
Universal Beamforming - Enabled
Tx power adjustment - Balance

5GHz

wireless mode - auto
channel bandwith - 80 MHz
control channel - 36
Extension channel - auto
Authentication method - Open (I am using Wireless MAC filter - only 5 GHz devices)

wireless scheduler & ap isolation - disabled
roaming assistant - disabled
Enable IGMP Snooping - disabled
Multicast Rate(Mbps) - Auto
AMPDU RTS - Enabled
RTS Threshold - 2347
DTIM Interval - 3
Beacon Interval - 100
Enable TX Bursting - Enabled
Enable WMM - Enabled
Enable WMM No-Acknowledgement - Enabled
Enable WMM APSD - Enabled
Optimize AMPDU aggregation - Enabled
Optimize ack suppression - Enabled
Modulation Scheme - Up to MCS9
Airtime Fairness - Disabled
802.11ac Beamforming - Enabled
Universal Beamforming - Disabled
Tx power adjustment - Balance


no IPTV, mirroring iPhone to AppleTV once a week max, so no special devices in use ...

I enabled Jumbo frame (because of connected Synology NAS), Spanning-tree disabled, NAT acceleration enabled ...



any advice with reasonable explanation is much appreciated in advance !
 

L&LD

Part of the Furniture
I have found that changing settings to what they are 'known' to work at is not the same as just changing what needs to be changed after a full reset to factory defaults (M&M Config).

This is what I have found to give myself and my customers the fastest and most stable network possible. Full reset. Minimal and manual configuration. Don't carry forward old settings, scripts, options that may have worked in older hardware or firmware. Do not use the same SSID's on new equipment and/or current firmware.

The links below may help you get there.

L&LD | SmallNetBuilder Forums

New M&M 2020 (be sure to see the 'original' M&M Config in the link above too).

Fully Reset Router and Network
 

thecheapseats

Regular Contributor
Auth=Open and relying on mac filter 'accept'?... umm... not a good security idea unless you live in the middle of nowhere...
 

phoenixxko

Occasional Visitor
if I would live in the middle of nowhere, I would not be using MAC filter :) any explanation for that?
 

thecheapseats

Regular Contributor
if I would live in the middle of nowhere, I would not be using MAC filter :) any explanation for that?
ok... if you're not using an ssid passwd - use an ssid passwd and continue with mac addr filter too, if you want... mac addrs are easily spoofed however...
 

phoenixxko

Occasional Visitor
MAC spoofing is common practice, that’s for sure ... but how to sniff those MACs if b/g protection is enabled ... I don’t think it’s that easy but I agree that MAC filter with pass protection is much better, but I didn’t want to lose performance over encryption if I don’t have to ... even wpa2 is cracked ... so hard to decide here what’s better ...
 

ChatmanR

Regular Contributor
MAC addresses can be easily spoofed in many operating systems, so any device could pretend to have one of those allowed, unique MAC addresses.

MAC addresses are easy to get, too. They’re sent over the air with each packet going to and from the device, as the MAC address is used to ensure each packet gets to the right device. All an attacker has to do is monitor the Wi-Fi traffic for a second or two, examine a packet to find the MAC address of an allowed device, change their device’s MAC address to that allowed MAC address, and connect in that device’s place. You may be thinking that this will not be possible because the device is already connected, but a “deauth” or “deassoc” attack that forcibly disconnects a device from a Wi-Fi network will allow an attacker to reconnect in its place...
 

RejZoR

Regular Contributor
MAC addresses can be easily spoofed in many operating systems, so any device could pretend to have one of those allowed, unique MAC addresses.

MAC addresses are easy to get, too. They’re sent over the air with each packet going to and from the device, as the MAC address is used to ensure each packet gets to the right device. All an attacker has to do is monitor the Wi-Fi traffic for a second or two, examine a packet to find the MAC address of an allowed device, change their device’s MAC address to that allowed MAC address, and connect in that device’s place. You may be thinking that this will not be possible because the device is already connected, but a “deauth” or “deassoc” attack that forcibly disconnects a device from a Wi-Fi network will allow an attacker to reconnect in its place...
Not on WPA3 networks...
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top