A long shot, but a common problem is a setting on the wireless NIC sometimes called "Roaming Aggressiveness" or similar.
The name varies from vendor to vendor, but it is often a sliding scale or threshold value that can be set which controls how
quickly (at which dBm level) the NIC should consider the connection "lost" and trigger a re-scan.
Depending on the brand (wireless chip) a card can have an "Enterprise" or "SoHo" behaviour when a wireless connection is lost.
"Enterprise" cards immediately starts scanning for another AP (BSSID) broadcasting the same SSID, while a "SoHo" card
can cling on to the original AP until you stop being gentle with it :-)
Default is normally a more "SoHo" like behaviour, check if this threshold value can be lowered.
Remember - a roam is always the decision of the client! (Unless tricked by the WLC, like when load balancing...)
Many thanks for your message, appreciated . This is something really interesting that I wasn't aware of.
I requested my customer to change this settings.
A feedback from 2 customers should come over the next days, will keep you informed on the results...
Do you think we should consider looking elsewhere like on the WLC or Radius / DHCP or AD for this problem?
Or you think this is something really located on the client side?
I really would like to get rid of this, and all the suggestions are welcomed.
Thanks again for your feedback,
So feedbacks are very good, the reconnection time is now really better.
Many thanks for this good suggestion.
However, the problem isn't completely gone...
We still facing a second kind of problem which is more related to certificates.
It is like when the user is moving from one office to another sometime the computer is trying to authenticate without reaching its goal.
When there was a shut down, sometimes the connection is not possible, trying authentication, without achieving the connection > ending with exclamation point.
When the computer was working on Wifi then we put it on standby, then we resume it from standby, reconnection is less problematic.
It is like when the complete authentication process has to be done, we have sometimes a problem.
I'm not sure what could be the reason of this (IAS, WLC?).
But this seems not to be related to a specific site.
It is more happening when the connection was completely stopped. Then we connect again from another place and this thing happen...
Have you a suggestion on this one?
Good to hear that the reconnection time is better, and yes, this is something rarely mentioned...
Authentication is a bit more tricky, but I could use a bit more information:
- EAP-TLS is used, I suppose you use machine certificates?
- Detailed settings for EAP-TLS: verifying server certificates? "Fast reconnect" option enabled or not?
Have been away for two weeks, so have a bit of backlog, but will do my best....
I hope you had good holidays?
So, yes we use EAP-TLS with an IAS (MS) server.
We use users and machines certificates (via AD groups).
For this point :
Detailed settings for EAP-TLS: verifying server certificates? "Fast reconnect" option enabled or not?
Is this to verify into the IAS? WLC? I'm not sure of the location of this option...