Apple Devices https://wlc.mmki.co.id/bp/helpfiles/r-apple-devices.

html

Apple Devices
WLAN Configuration
Description—Allows you to identify if the WLAN is configured with recommended L2 security, QoS, and advanced settings for
Apple devices. Application Visibility should be enabled.
Status:
Compliant—At least one WLAN is compliant with all the recommended WLAN configuration for Apple devices.
Non-Compliant—There is no WLAN that is compliant with all the recommended WLAN configuration for Apple devices.
CLI Option—Multiple features have to be configured by entering these commands:
Security
Set Fast Transition to enabled or Adaptive:
(Cisco Controller) >config wlan security ft {enable | adaptive enable} wlan-id
Enable FT PSK when FT is enabled:
(Cisco Controller) >config wlan security wpa wpa2 enable wlan-id
(Cisco Controller) >config wlan security wpa akm ft psk enable wlan-id
Enable FT 802.1X when FT is enabled:
(Cisco Controller) >config wlan security wpa wpa2 enable wlan-id
(Cisco Controller) >config wlan security wpa akm ft 802.1x enable wlan-id
Set Layer 3 Security to None:
(Cisco Controller) >config wlan security web-auth disable wlan-id
Disable Over-the-DS:
(Cisco Controller) >config wlan security ft over-the-ds disable wlan-id
QoS
Enable Fastlane:
(Cisco Controller) >config qos fastlane enable wlan-id
Set WLAN QoS to Platinum (Voice):
(Cisco Controller) >config wlan qos wlan-id platinum
Enable AVC profile and apply AUTOQOS-AVCPROFILE for the WLAN:
(Cisco Controller) >config wlan avc wlan-id visibility enable
(Cisco Controller) >config wlan avc wlan-id profile AUTOQOS-AVCPROFILE
WMM policy is set to Required:
(Cisco Controller) >config wlan wmm require wlan-id
Advanced
Enable 802.11k neighbor list or dual band:
(Cisco Controller) >config wlan assisted-roaming neighbor-list enable wlan-id
Enable 802.11v BSS Transition:
(Cisco Controller) >config wlan bss-transition enable wlan-id
Set WLAN radio policy to be All or 802.11a or 802.11a/g:
(Cisco Controller) >config wlan radio wlan-id {all | 802.11a-only | 802.11ag}
Enable mDNS snooping:
(Cisco Controller) >config wlan mdns enable wlan-id

5 GHz Enabled
Description—Enable the 5-GHz radio to provide a faster and less interfering network for Apple devices.
Status:

1 of 3 12/20/2022, 11:24 AM
Apple Devices https://wlc.mmki.co.id/bp/helpfiles/r-apple-devices.html

Compliant—5-GHz radio is enabled on the network.

Non-Compliant—5-GHz radio is disabled on the network.
CLI Option—Enable the 5-GHz radio on the network by entering this command:
(Cisco Controller) >config 802.11a enable network

5 GHz EDCA Fastlane

Description—Configuring the EDCA Profile as Fastlane helps improve Apple Device performance on 5-GHz networks.
Status:
Compliant—EDCA Profile name is Fastlane.
Non-Compliant—EDCA Profile name is not Fastlane.
CLI Option—Set the EDCA Profile name to Fastlane on a 5-GHz network by entering this command:
(Cisco Controller) >config advanced 802.11a edca-paramter fastlane

5 GHz MCS Rates

Description—All the MCS Rates (0-31) should be enabled on the 5-GHz networks to help improve the performance of Apple
client devices.
Status:
Compliant—All the MCS rates are enabled on the 5-GHz network.
Non-Compliant—Some of the MCS rates are disabled on the 5-GHz network.
CLI Option—Enabled MCS rates on a 5-GHz network by entering this command:
(Cisco Controller) >config 802.11a 11acsupport mcs tx {mcs8 | mcs9} ss {1-4} enable

QoS Trust DSCP

Description—Enabling the QoS Map and Trust DSCP Upstream helps improve the performance of Apple client devices.
Status:
Compliant—QoS Map is enabled and Trust DSCP Upstream is selected for QoS Map Upstream.
Non-Compliant—QoS Map is disabled or UP to DSCP Map is selected for QoS Map Upstream.
CLI Option—Enable QoS Map values by entering these commands:
(Cisco Controller) >config qos qosmap enable
(Cisco Controller) >config qos qosmap trust-dscp-upstream enable

QoS Platinum Profile

Description—The Unicast and Multicast priority should be Best Effort for Platinum Profile to help improve the performance of
Apple client devices.
Status:
Compliant—QoS Platinum Profile has Best Effort for Unicast and Multicast priority.
Non-Compliant—QoS Platinum Profile does not have Best Effort for either Unicast or Multicast priority.
CLI Option—Enable Best Effort on the Platinum Profile by entering this command:
(Cisco Controller) >config qos priority platinum besteffort besteffort besteffort

mDNS or Bonjour
Description—mDNS or Bonjour snooping and policy are enabled for Apple client devices to identify local devices such as
projectors, printers, and so on, that support the mDNS service.
Status:
Compliant—mDNS snooping and policy are enabled.
Non-Compliant—Either mDNS snooping or policy or both are disabled.
CLI Option—Enable mDNS snooping and policy by entering these commands:

2 of 3 12/20/2022, 11:24 AM
Apple Devices https://wlc.mmki.co.id/bp/helpfiles/r-apple-devices.html

(Cisco Controller) >config mdns snooping enable

(Cisco Controller) >config mdns policy enable

Optimized Roaming Disabled

Description—Optimized roaming should be disabled because Apple devices use the newer 802.11r, 802.11k, or 802.11v
roaming improvement.
Status:
Compliant—Optimized roaming is disabled.
Non-Compliant—Optimized roaming is enabled.
CLI Option—Disable optimized roaming by entering this command:
(Cisco Controller) >config advanced 802.11{a | b} optimized-roaming disable

3 of 3 12/20/2022, 11:24 AM