We've been having a bunch of issues with iPhone 5(s) iPad mini's and newer iPads roaming between APs when using 802.1x. Running a 650 on code 6.3.1.4 with AP-105's.
Already opened a ticket with TAC but not having much luck getting this working.
Some of the things we've tried:
aaa authentication dot1x "WiFi"
timer idrequest_period 3
reauth-max 2
timer wpa-key-period 2000
timer wpa2-key-delay 100
timer wpa-groupkey-delay 100
no opp-key-caching
validate-pmkid
Result: Dot11i key exchange was not happening when the client device had roamed to the new AP (this was on 6.1.3.7)
Suspected client issue: Upgraded to 6.1.3.11
We tested with iPhone 5 & iPad3 by running a ontinuous ping using an app from client.
Saw more than 20 ping drops while an iPhone roams from one AP to another.
Disabled scanning on the arm profile. Then when checked with iPad there was not more than 2 ping drops.
Tried with another iPhone 5, even with this phone we saw more than 20 drops.
Per TAC upgraded to 6.3.1.4 (current release at the time)
After upgrade to latest code - still unable to roam between APs.
FYI - When roaming between APs the iPhone's MAC address is listed in the address table - the key exchange just fails.
Authentication works fine with OSX and Windows clients.
Any insight would be greatly appreciated.
Other info: IAS is running Windows Server 2003 Standard.