We created a new SSID that authenticates smartphones/tablets with a cert issues from a MobileIron appliance. Authentication is working great, however connectivity sporadically drops every minute or two and takes another 30 seconds or so to reauthenticate.
Scouring the Internet for information and it appears there are a few issues to juggle with BYOD:
1. To conserve battery life, some manufacturers cause wireless NIC's to go dormant when data isn't being transmitted. A potential fix for this is to shorten beacon time from 60 seconds to 10 seconds so the device never have a chance to go dormant.
2. EAP/TLS appears to be a beefy authentication mechanism and does not reauthenticate very quickly. When an adjacent AP proves to be a more attractive option to a particular smart device, the smart device migrates to it. In our exprience that switch is not seemless, and because we're using cert authentication, the reauthentication on the new AP takes awhile.
For argument sake we tested smart devices on an SSID that authenticates with EAP-PEAP/AD Creds and it is seemless. You can roam all day long and never drop a ping.
So my question is, has anyone implemented a BYOD solution comprised of an SSID with EAP-TLS authentication and MobileIron as the MDM in the background? If so, what tweaks did you have to make to ensure stability? 802.11k? Beacon timers?
We can't be the only company out there that has mobile devices, MobileIron and Aruba wireless. Curious as to everyone else's experience. Thanks!