Problem Description/Purpose: Did you know that excessive channel overlap can cause problems with roaming and 802.1x authentication?

Solution/Action Plan: In installations where there is excessive overlap in channels and interference between AP's there can be problems with 802.1x authentication. In typical installations, authentication takes place immediately following a roam. In these cases, the client device will be located in a region where coverage of two or more APs overlaps. If the APs are using the same channel or channels that significantly overlap, this can lead to interference problems that will cause the client to fail authentication or take an excessively long time to authenticate. Care should be taken during installation to keep the channels configured on adjacent AP's separated to the greatest degree possible. In USA 802.11b installations, channels 1, 6, and 11 do not overlap at all. Whenever possible these channels should be used to keep interference to a minimum. Also keep in mind that AP's on neighboring floors or buildings may cause interference. Care should be taken to keep channels separated from these AP's as well.

 

 

Question
	I am using a pre-shared key on my terminals and I intermittently lose connection when roaming or after resume. What could be the problem?
	Answer
	WPA-PSK or WPA2-PSK requires several key packets to be exchanged between the access point and client. If several RF retries occur during this handshake, the timeout value on the AP may need to be extended. Note that this also applies to WPA-Enterprise. For Cisco autonomous access points: A hidden configure level command, dot11 wpa handshake timeout, can be used to increase the timeout between sending the WPA key packets from the default value (100 ms) to a value between 101 and 2000 ms. The command stores its value in the configuration across device reloads.