  ___  ____    __        _        ___  ___  ___   ______
 / _ \/ / /___/ /______ ( )___   ( _ )/ _ \|_  | <  <  /
/ // /_  _/ _  / __/ _ \|/(_-<  / _  / // / __/_ / // /
\___/ /_/ \_,_/\__/\___/ /___/  \___/\___/____(_)_//_/
             _   _           _           _   _
  ___  _ __ | |_(_)_ __ ___ (_)___  __ _| |_(_) ___  _ __
 / _ \| '_ \| __| | '_ ` _ \| / __|/ _` | __| |/ _ \| '_ \
| (_) | |_) | |_| | | | | | | \__ \ (_| | |_| | (_) | | | |
 \___/| .__/ \__|_|_| |_| |_|_|___/\__,_|\__|_|\___/|_| |_|
      |_|
             _     _
  __ _ _   _(_) __| | ___
 / _` | | | | |/ _` |/ _ \
| (_| | |_| | | (_| |  __/
 \__, |\__,_|_|\__,_|\___|
 |___/

=== 04dco 802.11 optimisation guide ===
This guide is a general rule of thumb and does not need to be copied verbatim.
Wireless configuration depends heavily on what you want to do and the
surrounding environment, but remember, there is always a way.
Last updated: 2022-12-29

1. SSID (0-32 char string)
The Extended Set Service Identifier (SSID) is your network's name as it
appears on client devices. Set it to something recognisable but not
overly personal. Changing it from the factory one is strongly
recommended, particularly on older ISP modems/routers because their
default password could be guessed from the default SSID and Wi-Fi MAC
address using a common algorithm.

Using a 0 char/hidden SSID is not recommended as it does not protect
against any remotely skilled attackers and might reduce airtime
efficiency and therefore throughput.

Append _optout_nomap to the end of the SSID to opt the network out from
location services that use Wi-Fi to improve GPS fix time (Google calls
this Location Services, wigle.net maintains a public database of SSIDs
and their locations gathered through wardriving and such).

Set the same SSID on all APs to make the client treat them as one big network
and in some cases seamlessly roam between them, this way you don't need to add
multiple network with the same password on client devices.


2. Encryption/Authentication
For a PSK auth (shared password), always use WPA3-SAE or WPA2-PSK with
AES where possible, only use WPA2 with TKIP or WPA if you need to be
compatible with really old clients like Windows XP.
Never use WEP if possible as it is very easy to attack and it has only
marginally better security than no encryption (open).

For an enterprise (EAP) network, TLS or TTLS authentication is usually
best unless there are specific requirements or criteria that need to be
met in the deployment.


3. Password (8-63 char string)
The password is the main way WEP, WPA and WPA2 protect a network from
unauthorized access. It should be at least 12 characters, with length
mattering more than complexity. Do not set it the same as the SSID or a
common pattern like 12345678, password, dogsname2019, etc. Always change
the default password as they are usually weak, 8 characters and
sometimes can be calculated from the default SSID and MAC address (see
1. SSID, 1st paragraph).

Changing the password is inconvenient as it must be re-entered on all
client devices, for temporary access create a 2nd network (usually
called guest) with a different password and delete it after you're done.


4. Channel (int, total 11 or 13 on 2.4 GHz, 5-196 with gaps on 5 GHz,
41 standard and 59 if low power indoor on 6 GHz)
The channel is important to prevent interference between other networks,
since Wi-Fi is a shared medium on an unlicensed band, every network gets
their turn to transmit and every network must wait their turn before
transmitting.

In most cases this should be set to auto. If for whatever reason the AP
chooses a channel with external interference that is not also Wi-Fi, you
may choose one manually. Prefer channels 1, 5 and 11 (2.4 GHz) as they
are non overlapping and are subject to less interference from nearby
networks.

The number of available channels differs by region, for example for the
2.4 GHz ISM band, America (governed by the FCC) gets 11 channels, Europe
(governed by ETSI) gets 13 and Japan gets 14, however channel 14 is only
usable in 802.11b networks.

On 5GHz avoid dynamic frequency selection (DFS) channels as they are
frequencies shared with weather radar and to avoid interference, the AP
waits 60 seconds before it starts broadcasting its network initially,
then, periodically listens for weather radar and stops the network from
transmitting if it is detected.

For a detailed list of current Wi-Fi channels for every region, check
either the Linux wireless CRDA regdb from master or
https://en.wikipedia.org/wiki/List_of_WLAN_channels


5. Mode (802.11a/b/g/n/ac/ax etc.)
Pretty much all APs and clients today support at least 802.11n-2009,
operating on the ISM 2.4 GHz band. 802.11b/g are older, slower, more
inefficient modes used in the past on old Wi-Fi gear (modern devices
still support them). In general setting your 2.4 GHz network as
802.11n-only and 5 GHz network as 802.11ac-only (or n+ax/ac+ax if
supported) is the most efficient unless you need to support old clients.

The higher the frequency, naturally the lower the range if there are
obstacles in the way. In the bands are usually used as follows:
2.4 GHz for range or older/cheaper devices
5 GHz for better throughput and worse range
6 GHz for even better throughput (only supported by Wi-Fi 6E devices)
Higher frequency bands have more channels and as such less interference.


6. Channel width (5/10/20/40 MHz on 2.4 GHz, 20/40/80/160 MHz on 5 and 6
GHz)
Since the 2.4 GHz spectrum is generally very crowded, especially in
urban environments, the channel width should be always set at 20 MHz
unless you are in the middle of nowhere and need extra throughput.
The larger the channel width, the less non-overlapping channels can be
used.
On the 5 and 6 Ghz spectrum, generally 20 MHz should be used as it provides
enough bandwidth and is much more efficient on spectrum usage. 160 MHz may only
be useful for an AP to AP wireless backhaul. More APs with narrower channels
will always have better throughput than less APs and wider channels, especially
in crowded environments.


7. WMM (bool)
Wireless MultiMedia extensions is a QoS system that allows automatic
prioritisation of traffic. It should always be enabled as modern clients
are slowed to at most 54 Mbps if this is disabled.


8. Polarisation/antenna orientation (vertical/horizontal)
Polarisation is important in many radio environments, including 802.11.
Radio waves are most efficient when both the sender and receiver have
their antennas polarised the same. Polarisation can either be horizontal
or vertical. Most consumer APs have a vertical polarisation (antennas
pointed at the sky). For maximum efficiency, point at least one antenna
horizontally to account for antenna polarization in mobile devices. For
example, most laptops have horizontally polarized antennas present in
the top of the lid.

   |
   |
   |       ____________
,__T_______T__.
|             |
`-------------'


9. Regulatory Domain/Country Code (ISO 3166-1 alpha-2 two-letter contry
codes)
This should always be set to the country the network is operating in as
it restricts it to the right channels and transmit power for legal
operation. Some APs have this setting locked to the country it was
bought in or made for.


10. Transmit power (from 1 mW up to 4 W in some regions on some bands)
This should be set to the minimum necessary power for the network to
operate as it reduces interference from nearby network if there are
many. It can be augmented with a more dense distribution of APs as more
APs with low transmit power are better than less APs with more transmit
power. In Europe it is usually limited to 20 dBm (100 mW) with
exceptions for some 5 and 6 GHz frequencies. In the US is is limited to
at most 30 dBm (1000 mW).

In general this should not be set over the legal limit as defined by the
regdomain as it could cause overheating, hardware issues, excess noise
or making the local neighbors, WISPs or telecom regulator angry.


11. Basic data rates/Coverage cell density (int 1-3)
This defines the minimum negociated bandwidth with the AP, higher
settings make the minimum bandwidth requirement higher. This can boost
throughput at the cost of some range and support for some older devices.


12. RTS/CTS threshold (int 1-2346 in bytes)
The Request to Send/Clear to Send threshold is used to solve the hidden
node problem and to help with crowded spectrum, if used on a clear
spectrum it can add significant overhead. Setting this to 2346 bytes
effectively disables it. A common value where RTS/CTS is needed is 500
bytes.


13. Fragmentation threshold (int 256-2346 bytes)
The fragmentation threshold limits the size of packets transmitted over
the Wireless network. If a packet exceeds the fragmentation threshold,
it is sent as multiple 802.11 frames. Like RTS/CTS, it is only useful if
there is heavy interference in the area and can cause overhead if
enabled with a clear spectrum. Setting this to 2346 bytes effectively
disables it.


14. DTIM interval (int 1-255)
The delivery traffic information message interval is a frame sent every
X beacon frames which causes the radio in the client to wake up to
receive packets. The lower the value, the less time the client radio
spends sleeping thus the more power it uses but the lower the network
latency. Typical values are as follows:
1 for specialized hardware audio/video devices
2 for voice data like VoLTE
3-4 for most networks
By default this value is either 1 or 2, Apple permits a minimum value of
3 to be set by the network.


15. Beacon interval (int 15-65535 ms)
The beacon interval determines the time between beacon frames which
broadcast the SSID to the surrounding clients. It is commonly set by
default at 100 ms and should not be changed unless there are very good
reasons to do so.


16. Preamble (bool, short/long)
The preamble is used to communicate to the receiver that data is on its way. It
allows the receiver to acquire the wireless signal and synchronize itself with
the transmitter. In general this should be set to short unless you need
compatibility witn 802.11b clients.


17. WPS (bool)
Wi-Fi Protected Setup is an easy pairing method between the network and client.
It has two operating modes: PIN and push-button configuration (PBC). It is
strongly recommended to disable WPS or at the very least set the PBC mode. The
PIN has a fixed length of 8 digits can be guessed in a few hours with tools
such as reaver leading to the attacker finding the network password.


18. MAC filter (array)
The Media Access Control filter is a way to filter clients that can connect to
the network based on their Wi-Fi MAC address. Every wireless adapter should
have a unique MAC address in the format of XX:XX:XX:YY:YY:YY where XX defines
the MAC vendor/manufacturer and YY defines a random part for uniqueness. There
are online "OUI" databases that can look up vendors based on MAC address.

MAC filtering is a weak protection method because it can easily bypassed by
changing the client adapter's MAC address, it only keeps out script kiddies and
honest people. You can incorporate it together with other protection methods
but should not rely solely on it.


19. Band steering (bool)
Band steering is a setting on some commercial APs with proprietary firmware
that tries to get the client to use a better band such as 5 GHz when both 2.4
and 5 GHz are available. It is not standardized and every vendor implements it
differently. Turn this off if your clients have problems roaming between APs or
connecting. It can be implemented in OpenWrt via Decentralized Wifi Controller
(DAWN).


20. Client isolation
This setting prevents wireless clients from communicating with each other but
still allows communication with the default gateway. It is useful mostly for
guest or restricted networks.


21. 802.11w management frame protection
Keeps this at required unless some devices refuse to connect, in that case set
it to optional. It protects from malicious frames injected into the data stream
as part of a deauthentication or other attack. This can make capturing the 4
way handshake (which can be used to crack the network password) more tedious.


22. 802.11r fast BSS transition
This standard permits continuous connectivity among devices that roam between
APs, similar to a GSM mobile network. Enabling this will advertise it in the
APs beacons but can make capturing a suitable file for cracking easier using
the PMKID.


23. 802.11k neighbor reports
Complements 802.11r in providing information to discover the best available AP
for the client to connect to.


24. 802.11v BSS transition management frames
It provides clients with spectrum information which drastically reduces the
time wasted scanning the spectrum for other APs, improves data throughput,
saves battery life and makes real time applications like voice calls drop less
packets. Like 802.11r and 802.11k, it assist with roaming.


25. GTK rekey interval
The group rekey interval specifies how often the AP changes the group temporal
key, which is a cryptographic key that is used to encrypt all broadcast and
multicast traffic between APs and clients. Default is 3600 seconds, do not
change unless absolutely necessary.


26. Guard interval
This is used to ensure that distinct transmissions do not interfere with one
another, introducing immunity to propagation delays, echoes and reflections.
The standard guard interval is 0.8 usec, 802.11n added a 0.4 usec mode to
increase data throughput by 11%. Shorter guard interval means higher packet
error rate.


27. 802.11n Greenfield mode
Also called N-only, this increases available bandwidth significantly but should
not be used in environments with b/g devices and may also decrease range since
N modulation is too complex to decode reliably at low signal levels so clients
may fall back to b/g.


28. 802.11d country IE
This standard adds support for additional regulatory domains, the base standard
only defining Americas (FCC), Europe (ETSI), Japan, China, Israel, Singapore
and Taiwan.


== Other great resources ==
* QCA wireless settings from the DD-WRT wiki, do note that most are DD-WRT
  specific.
https://wiki.dd-wrt.com/wiki/index.php/QCA_wireless_settings

* Wikipedia for more in-depth explanations and history

* NIST Special Publication 800-63B: Digital Identity Guidelines: Authentication
  and Lifecycle Management
https://csrc.nist.gov/publications/detail/sp/800-63b/final

* Wi-Fi throughput in relation to channel widths
https://divdyn.com/wi-fi-throughput/

* Does a wireless-N (802.11n) network have poor performance when in b/g "mixed"
  mode?
https://superuser.com/questions/430185/does-a-wireless-n-802-11n-network-have-poor-performance-when-in-b-g-mixed-mo