If you have a business or home that has multiple wi-fi access points – it can sometimes be difficult to get the roaming just right.

People want to be able to walk around a building and continue their conversation without dropping a wi-fi based call.

We find that the majority of installations we get called in to resolve, have one of the following causes:

  • Not enough wi-fi access points to ensure seamless coverage.
  • Poorly located access points that can be relocated.
  • Access points that have interference or signal blocking from a wide range of things that most installers are unaware of.
  • UniFi configuration issues or signal strength or roaming enforcement settings.

There is no silver bullet to give a single bit of information to resolve all cases but years of experience when on-site is one of the best advantages.

Understanding radio wave propagation, antenna signal patterns and raw signal analytics is a good place to start.

Knowing the differences in Android phone versions and what their respective wi-fi chipsets support is also important.

iPhone/iPad/Mac (Apple) is slightly less forgiving with poor installations and a well tweaked installation is required. So lets look at this specifically.

Here is a list of roaming technologies that combine with UniFi and iPhone.

  • 802.11k – Apple and UniFi Supported : Provides list of nearby access points to devices.
  • 802.11r (+Adaptive) – Apple and UniFi Supported : Fast BSS Transition. Quick & Secure Roaming. In UniFi this is the Fast Roaming tick box.
  • 802.11u – Apple and UniFi Supported : Easy and secure Wi-Fi discovery.
  • 802.11v – Apple and UniFi Supported : Optimal Fast(er) Roaming List
  • UniFi WiFi 6 support : 802.11a/b/g/n/ac/ax with WPA-PSK, WPA-Enterprise (WPA/WPA2/WPA3)
  • UniFi WiFi 7 support: 802.11a/b/g/n/ac/ax/be with WPA-PSK, WPA-Enterprise (WPA/WPA2/WPA3/PPSK)

Here are a list of general settings to get you started. As mentioned before, each install is different.

  • Firstly try full Auto on the Wi-Fi settings and then use Ubiquiti WiFiMan App on iOS to test.
  • Don’t use DFS 5ghz channels.
  • Don’t go with more than 4 SSIDs if you can help it.
  • Don’t mesh your access points. Cable them. Only mesh if you really can’t cable.
  • Don’t set all your WiFi transmit powers to High – Typically Auto or Medium will be better. WiFi is a two way street and your phone can only transmit at a lesser power than the AP typically.
  • Don’t set minimum RSSI at the start of testing. If everything else fails. Set this to -79 dBm (never under -76 and not above -83). Using lower numbers will cause devices to see the signal and just not do anything or fail to roam. iPhone should auto transition at -75dBm unless no other signal available.
  • Do enable Multicast and Broadcast control if over 100 clients and enable Multicast DNS. Just exclude any Airplay, Chromecast, Printers etc. in an exclude list.
  • Check your Wi-Fi interference from nearby Wi-Fi neighbours and check interference from items inducing TVs (tend to shield), motors, microwaves, units or cables installed on top of high power devices or cabling, etc.. and of course realise that thick or reinforced walls are not good.
  • Band steering does usually work well but this can be toggled to test.
  • BSS Transition – should be ticked.
  • UAPSD – A power saving setting that usually works well and should be on.
  • Fast Roaming – Should be ticked.
  • 802.11 DTIM Period should be Auto unless IOT issues which you can make it 1 and 3 or set this on a different SSID specifically.
  • Minimum Data Rate Control should also be Auto or for max IOT compatibility set to 5.5Mbps on 2.4ghz and 6 for 5ghz.

Also make sure you really understand the Wireless Signal radiation patterns for each different type of Access Point:

https://help.ui.com/hc/en-us/articles/115005212927-UniFi-Network-AP-Antenna-Radiation-Patterns

Below is an example of U6 Lite vs U6 Mesh – Note how different their patterns are and this makes a difference when mounting.

UniFi U6 Lite Antenna Signal Radiation Pattern

UniFi U6 Mesh Antenna Signal Radiation Pattern

Below is a reference from Apples roaming guide:

Device decision to roam

Devices detect when to roam by evaluating the current connection’s received signal strength indicator (RSSI) value in comparison with the RSSI of a new access point. After the signal attenuates to a certain value (known as the roam trigger threshold), the device evaluates roam candidates. Factors considered include the roam trigger threshold, the frequency band and the physical layer (PHY) technology used by the roam candidate access point.

Trigger threshold and cell overlap

Mac computers monitor and maintain the current BSSID’s connection until the RSSI crosses the –75 dBm threshold. iPhone and iPad devices monitor and maintain the basic service set identifier (BSSID)’s connection until the received signal strength indicator (RSSI) exceeds –70 dBm. After the Mac, iPhone or iPad crosses its roam trigger threshold, the device scans for roam candidate BSSIDs for the current extended service set identifier (ESSID).

The antennas on devices vary from model to model, and they may perceive different cell boundaries than what are expected. Keep this in mind when you design wireless cells and calculate their signal overlap. It’s always best to use the target device when you measure cell overlap.

TechnologyRoam trigger thresholdGaining BSS relative signal strength when transmitting dataGaining BSS relative signal strength when idle
Mac with Apple silicon–75 dBm12 dB stronger12 dB stronger
Intel-based Mac–75 dBm12 dB stronger12 dB stronger
iPhone 5s or later–70 dBm8 dB stronger12 dB stronger
iPad Pro 13-inch (M4)–70 dBm8 dB stronger12 dB stronger
iPad Pro 9.7-inch or later–70 dBm8 dB stronger12 dB stronger
iPad Air (1st generation) or later–70 dBm8 dB stronger12 dB stronger
iPad (5th generation) or later–70 dBm8 dB stronger12 dB stronger
iPad mini 2 or later–70 dBm8 dB stronger12 dB stronger
Apple Vision Pro–70 dBm8 dB stronger12 dB stronger

Selection criteria for band, network and roam candidates

Beyond reaching the roam trigger threshold, the candidate basic service set (or access point) must have a signal that’s better than the current one. For macOS, the candidate BSS must have an RSSI that’s 12 dB stronger than the current BSS, whether the Mac is idle or transmitting data. For iOS, iPadOS and visionOS, the candidate BSS must have an RSSI that’s 8 dB stronger if the iPhone, iPad or Apple Vision Pro is transmitting data, or an RSSI that’s 12 dB stronger if the device is idle.

For example, an iPhone connected to an SSID where the RSSI of the current connection might drop to –75 dBm during a voice over WLAN (VoWLAN) call. When this happens, the device later searches for roam candidate BSSIDs that have an RSSI of at least –67 dBm. If a Mac is connected to the same network and the RSSI of the current connection drops to –75 dBm, the device searches for a roam candidate BSSID that has an RSSI of at least –63 dBm.

Consider a deployment where an iPhone or iPad is using a network designed for 6 GHz or 5 GHz radio frequency cells that have a –67 dBm overlap. In this case, the device keeps its connection to the BSSID longer than expected. This is because the iPhone or iPad uses a –70 dBm roam trigger threshold.

iOS, iPadOS, macOS and visionOS use information shared by networks about channel utilisation and quantity of associated clients — along with received signal strength measurements to score candidate networks. Higher scoring networks offer a better Wi-Fi experience. Those operating systems also choose a network based on these criteria:

  • 802.11ax is preferred over 802.11ac
  • 802.11ac is preferred over 802.11n or 802.11a
  • 802.11n is preferred over 802.11a
  • 80 MHz channel width is preferred over 40 MHz or 20 MHz
  • 40 MHz channel width is preferred over 20 MHz

Understanding how clients roam — as well as your knowing the required signal strength of a candidate BSS — can help you design a wireless network that supports real-time services, like voice and video.

Roaming optimisation support

Finding a valid network and access point is only part of the process. The client must complete the roam process quickly and without interruption so the user doesn’t experience downtime. Roaming involves the client authenticating against the new BSSID and de-authenticating from the current BSSID. The security and authentication method determines how quickly this can happen.

First, 802.1X-based authentication requires that the client complete the entire EAP key exchange. Then, it can de-authenticate from the current BSSID. Depending on the environment’s authentication infrastructure, this might take several seconds. End-users could experience interrupted service because data can’t be passed on the network until authentication is complete.

iPhone, iPad, a Mac with Apple silicon and Apple Vision Pro can support 802.11 standard amendments 802.11k, 802.11r and 802.11v. Even if a device doesn’t support 802.11r, all devices support PMKID caching. With this type of caching, the device checks the Pairwise Master Key Identifier (PMKID) that the client sent. You can use PMKID caching with some wireless equipment to improve roaming between access points. Another form of caching — sticky key caching (SKC) — optimises roaming back to previously associated access points. Sticky key caching isn’t equal to or compatible with opportunistic key caching. If you want to support devices that are FT capable and that have PMKID caching, you may need more service set identifiers.

Radio measurement (802.11k)

802.11k allows these devices to quickly identify nearby access points that are available for roaming. When the signal strength of the current AP weakens and your device needs to roam to a new one, the device already knows which access point offers the best connection.

A roam scan is the process used by a device to check for access points that support the currently associated ESSID. The device checks all available channels in the 2.4 GHz, 5 GHz and primary scanning channels in 6 GHz. In addition, 6 GHz networks are discovered out-of-band by listening for the Reduced Neighbour Report information element of beacons in the 2.4 GHz and 5 GHz bands.

The roam scan runs more quickly if 802.11k is enabled on the network. This helps because supported Apple devices and operating systems use the first six entries in the Neighbour Report to prioritise the channels to be scanned. If the 802.11k Neighbour Report isn’t enabled, those devices must scan more methodically.

For example, a user who is on a call might walk to the other side of the building. When the iPhone crosses the -70 dBm threshold, it scans for roam targets. If it uses the Neighbour Report that 802.11k provides, it finds APs that support the current ESSID on three channels. It immediately scans those channels, finds that the AP on a channel has the appropriate signal strength, and roams. If 802.11k isn’t enabled on the network, the client has to scan every channel on each band to find a roam target. This can add several seconds to the process.

Fast BSS transition (802.11r)

802.11r streamlines the authentication process using a feature called Fast BSS Transition (FT) when your device roams from one AP to another on the same network. FT allows the devices to associate with APs more quickly. Depending on your Wi-Fi hardware vendor, FT can work with both pre-shared key (PSK) and 802.1X authentication methods. Intel-based Mac computers don’t support Fast BSS Transition, but they interoperate with Fast BSS Transition networks so that additional SSIDs don’t need to be deployed.

On Cisco networks, Adaptive 802.11r is supported to allow Apple devices that support FT to co-exist with legacy devices that don’t support FT on an SSID configured to allow FT and non-FT clients simultaneously. Supported Apple devices and Cisco APs mutually signal that Adaptive 802.11r is supported by the network and that FT can be used. Legacy wireless clients that don’t support 802.11r can still join the same network but are unable to benefit from faster FT roaming. Adaptive 802.11r requires Cisco release 8.3 or later and supported Apple devices using iOS 10, iPadOS 13.1 and macOS 10.13, or later.

PMKID caching

PMKID caching speeds up the reconnection process. A client device — having previously established a Pairwise Master Key by completing an initial EAP (Extensible Authentication Protocol) authentication and key exchange — can return to the same access point where its PMKID has been cached. By speeding up the reconnection from one access point or BSS to another previously joined access point, roaming time is improved. iOS, iPadOS and macOS support static PMKID caching to help optimise roaming between BSSIDs in the same ESSID.

Interworking with external networks (802.11u)

Organisations use 802.11u (also known as Wi-Fi Certified Passpoint or HotSpot 2.0) to allow their users to automatically move from one Wi-Fi network to another — similar to cellular roaming — without changing any sign-in information. When a device detects an authorised 802.11u access point, the device automatically connects to that network.

Wireless network management (802.11v)

802.11v provides additional information about nearby access points that could be optimal candidates to join. When a device must roam, the BSS transition data (supplied by the network) is reviewed so the device can quickly determine which access points are best for roaming.

How to Configure UniFi WiFi for Fast Roaming on iphones


First Steps:

  • Update UniFi Firmware: Ensure you’re using the latest firmware for both the controller and APs, as updates often address roaming-related issues.
  • Check iPhone Settings: *** Disable Wi-Fi Assist and Private Address settings on iPhones, as they can interfere with roaming behaviour. Also ideally once the iPhone is now on its new fixed IP address – make that IP static in the UniFi device settings for that device.
  • Monitor Wi-Fi Performance: Use the UniFi Network Controller’s “Clients” and “Events” sections to monitor client connections and roaming events. Identify consistent issues with specific clients or APs and adjust settings accordingly.

General Settings:

  • Minimize Channel Overlap: Ensure neighboring APs use non-overlapping channels to reduce interference. Use the UniFi Network Controller’s “Wireless Overview” tool to visualize overlap.
  • Adjust Transmit Power: Set Global WiFI APs to AUTO or consider lowering transmit power on APs, especially in dense deployments, to encourage handoffs between APs.
  • Enable Optimize Network: This automatically adjusts settings for improved performance, including roaming behaviour. Monitor its impact and fine-tune if needed.

Advanced Settings:

  • Set DTIM to 3: This controls how often clients check for new APs, potentially improving roaming responsiveness.
  • Set Minimum Data Rate Control to 5.5/6Mbps or higher on 2G and 12Mbps on 5G. See example image.
  • Enable UAPSD/Power Saving: This allows clients to enter deeper sleep states while receiving broadcast/multicast traffic, improving battery life and roaming efficiency. This may make things better or worse but try it.
  • Adjust Beacon Interval (Caution): Lowering the beacon interval slightly (e.g., to 75 from 100) can prompt iPhones to scan more frequently, potentially improving handoffs. However, monitor stability as a shorter interval can increase network traffic.
  • As a last resort which is probably not needed: Consider Dedicated 5GHz Band for iPhones: If feasible, set up a separate 5GHz band solely for iPhones to minimize interference and improve roaming performance.
  • RSSI – Try globally adjusting your WiFi APs to force roaming when minimum RSSI is -70 to -75dBm – Experiment with settings around this range.
    UniFi understanding minimum RSSI
    Excellent Video Explaining More Roaming Options In Detail
    iPhone Roaming Specifications in Detail

Apple Devices Wi-Fi Roaming Specifications:

The following is an ‘excerpt’ from Apples website:

Trigger threshold

This is the minimum signal level a client needs to maintain a connection.

iPhone, iPad, and iPod touch monitor and maintain the Basic Service Set Identifier (BSSID)’s connection until the Received Signal Strength Indicator (RSSI) exceeds -70 dBm. Then, the device scans for roam candidate BSSIDs for the new Extended Service Set Identifier (ESSID).

Keep this in mind when you design wireless cells and calculate their signal overlap. For example, you might design 5 GHz cells that have a -67 dBm overlap. In this case, the device keeps its connection to the BSSID longer than you expect. This is because the device uses -70 dBm as the trigger. If the BSSID’s RSSI is greater than -65 dBm, the device prefers a 5 GHz network.

Be sure to use the target device to measure cell overlap. Antennas on a laptop computer are much larger and more powerful than antennas on a smartphone or tablet. So if you use a laptop to measure overlap, iPhones and iPads will have different cell boundaries than you expect.

Roam scan

This is when stations check for access points (APs) that support the current ESSID. The stations check all available channels in either the 2.4 GHz band or the 5 GHz band.

The roam scan runs more quickly if you turn on 802.11k on your control plane. This helps because iPhone, iPad, and iPod touch use the first six entries in the neighbor report and reviews them to prioritize its scans. If you don’t turn on 802.11k, iOS has to scan more methodically. This can add several seconds to the discovery process.

For example, a user who is on a call might walk to the other side of the building. When the device crosses the -70 dBm threshold, it scans for roam targets. If it uses the neighbor report that 802.11k provides, it finds APs that support the current ESSID on three channels. It immediately scans those channels, finds that the AP on a channel has the appropriate signal strength, and roams. If you don’t turn on 802.11k, the client has to scan every channel on each band to find a roam target. This can add several seconds to the process.

Roam candidate selection criteria

This information can help you design a wireless network that supports real-time services, like voice and video. iOS considers information shared by networks about channel utilization and quantity of associated clients. iOS uses these details along with signal strength measurements (RSSI) to score candidate networks. Higher score networks offer a better Wi-Fi experience.

If multiple 5 GHz SSIDs are scored the same, iOS chooses a network based on the following criteria:

  • 802.11ax is preferred over 802.11ac
  • 802.11ac is preferred over 802.11n or 802.11a
  • 802.11n is preferred over 802.11a
  • 80 MHz channel width is preferred over 40 MHz or 20 MHz
  • 40 MHz channel width is preferred over 20 MHz

iOS and iPadOS select target BSSIDs based on:

  • Whether the client transmits or receives a series of 802.11 data packets
  • The difference in signal strength against the current BSSID’s RSSI

When the device sends or receives data, it picks target BSSIDs whose RSSI is eight dB or greater than the current BSSID’s RSSI. When the device doesn’t send or receive data, use a 12 dB differential.

For example, the RSSI of the current connection might drop to -75 dBm during a Voice over WLAN (VoWLAN) call. When this happens, the device later searches for BSSIDs that have an RSSI of at least -67 dBm.

No alt supplied for Image

If the call ends and the device stops sending or receiving data, the device searches for BSSIDs that have an RSSI of at least -63 dBm. Note that 802.11 Management Frames and Control Frames don’t count as data.

Roam performance

“Roam performance” is the amount of time that a client needs to authenticate to a new BSSID. To authenticate, the client has to find a valid roam candidate, then complete the roam process quickly. Otherwise, the user experiences an interruption in service.

Roaming occurs when the client authenticates against the new BSSID and deauthenticates from the current BSSID. The amount of time that this takes depends on the security and authentication method that you use.

If you use 802.1X-based authentication, the client must complete the EAP key exchange before it de-authenticates from the BSSID. This can take several seconds, depending on the environment’s authentication infrastructure. When this happens, the user experiences an interruption of service.

Similar Posts

Leave a Reply