Hi  @RF_Dude 

May I have the SSID settings, and EAP model&firmware version you are testing?

Please try disable PMF on your SSID advanced settings, the WPA mode choose WPA2-PSK-AES, don't use WPA3. 

For Apple devices only, please also disable 802.11r.

Please disable 2.4Ghz for testing, since 2.4Ghz can be easily disturbed.

For your reference, "WPA authentication timeout" will happen not only when the device has wrong password, it also happens when "the device does not have a good wifi signal".

RF_Dude wrote

Symptom: Cellular WiFi calling drops calls.  WiFi phones using conference or phone software (like WhatsApp) show reconnecting for as much as 10 seconds when moving between AP's.  

 

System consists of 10 access points inside and around resort buildings operating through 3 Omada managed switches, ER7206 GW and OC200 controller. 9 of the 10 AP's are hardwired, only one is mesh connected.  AP signal overlap is plenty to facilitate seamless roaming.  802.11r is enabled, as are Advanced Features and all the roaming checkboxes.   

 

A ThinkPad laptop (.50), and Samsung SmartPhone (.46) were used to test roaming.  Laptop Wireshark capture shows DHCP process invoked for a reconnection.  Smartphone experiences failed authentication and multiple DHCP attempts.  Omada log confirms and shows multiple instances of DHCP issuance. In the worst cases, phone test devices running WiFi Man shows dragging AP's too far when stronger AP's are available. It is as if a neighbour list is not advertised properly.    

 

Omada Logs show many WiFi mobile devices randomly failing authentication during roaming.  The WiFi client device knows the SSID and PW... how does this fail authentication?  Isn't "fast roaming" supposed to reduce the number of authentication steps when moving between AP's?  There is one EAP110 outdoor that is worst for this "fail authentication" issue, but it occurs everywhere in the site.  

 

Roaming just seems broke!   Log Sample: 

 

Galaxy-S20-Ultra-5G is roaming from Dom2 Lopa[Channel 153] to Marko Garage[channel 6] with SSID Dom3  Jun 10, 2024 21:40:01    
ThinkPad-T470p is roaming from Dom3 West Wall[Channel 1] to Marko Garage[channel 6] with SSID Dom3  Jun 10, 2024 21:40:01    
DHCP Server allocated IP address 192.168.33.50 for the client[MAC: 2e-bf-f0-36-09-f7].  Jun 10, 2024 21:40:00    
DHCP Server allocated IP address 192.168.33.46 for the client[MAC: e4-70-b8-53-6f-d3].  Jun 10, 2024 21:39:58    
DHCP Server allocated IP address 192.168.33.46 for the client[MAC: e4-70-b8-53-6f-d3].  Jun 10, 2024 21:39:55    
DHCP Server allocated IP address 192.168.33.46 for the client[MAC: e4-70-b8-53-6f-d3].  Jun 10, 2024 21:39:53    
ThinkPad-T470p is roaming from Dom1 West Wall[Channel 1] to Dom3 West Wall[channel 1] with SSID Dom3  Jun 10, 2024 21:39:31    
[Failed]Galaxy-S20-Ultra-5G failed to connected to Dom2 Lopa with SSID "Dom3" on channel 153 because WPA Authentication failed.(1 time in a minute) Jun 10, 2024 21:39:30   
 

Cellular WiFi calling doesn't tolerate connection gaps and requires seamless handoffs between AP's.  Some IP TV's will buffer and hang, which I suspect happens when on the edge between AP's and roaming happens... that seems to invoke a full reconnection, instead of "fast roaming".  There are other "Poltergeist" issues that I've been monitoring to determine if it is the user equipment, or a TP-Link issue. 

 

Any insight appreciated.    

 

Tony 

Hi  @RF_Dude 

I don't have any better suggestions on Android/Phones APP(that shows roaming process). 

I had an idea about why some of your devices may downgrade to 2.4Ghz before roaming. I believe it is caused by the high transmitting power of outdoor AP. Outdoor version has higher transmitting power, if the "neighbor AP" is too far away, the device may switch to 2.4Ghz so it can connect the AP in a farther distance. 

You can try to change the transmit power of 2.4Ghz to "Medium" or "Low", to improve the roaming experience.