Thank you for the responses!
I was refering to the Clearpass Authentication Source Cache. If it is caching only the attributes then a client have to go through a full 802.1x authentication. In short, the user credentials username/password are verified every time?. I have OKC with validate PMKID enable.
Is there a command in the controller tha show you if the user took advantage of the OKC feature?
The dorm building consit of 5 floors. Each floor have 25 dorm rooms. We have an AP-325 in every room of the buildling. Both bands are enable with 20Mhz channels. The power level for 5Ghz band is (min 9 max 18), and for 2.4Ghz (min 6 max 9). Mode aware and Client match is disable.
I verified the DHCP pool. We have a /20 with 1 hr lease time. From the controller we dont have more than 2,500 users connected at night (busiest time).
The student mentioned ramdomly the wireless connection will stop working, wifi icon spin, and they have to input credentials again. I asked if it happened stationary or when walking around. It seems it happen the most when moving around.
I walked the bulding and my Iphone did not ask me to authenticate when moving from floor to floor, so i suspecting is a client specific issue. However, i want to rule out the connection between Clearpass and AD. A reason why i was asking how to measure the response from Clearpass and AD (thank you again for the answers).
Moving to TLS seems a good approach. Would you have same SSID or diffrent SSID to onboard the devices? So, TLS would be faster because user credentials dont have to be validated. Once, a client have a valid certificate when Clearpass will validate it without AD?