I know iOS is a pain, plenty of articles asking why they keep deauthenticating on the wireless. As you can see, out of the 5 device types and 26 client devices with issues, only 3 are non iOS:
I've done a little testing on one of my sites to see if I could find the most compatible iOS configuration for dashboard. At this point the guest wifi is in a simple NAT mode.
My plan, if the wireless health doesn't get any better, is to isolate a bridge mode SSID for guest wifi and enable 802.11r adaptive to see if it gets any better. Any thoughts on that? I don't see many incompatible devices on-site and, if it solves the iOS issues, it would be worth it.
I'd like to crowd source some answers. How have you handled iOS devices deauthenticating on the wireless and, if you're not experiencing any issues, what's your setup?
Are you using WPA2 Enterprise or PSK? If PSK then 802.11r, in any mode, is not recommended because it is a security issue. Dashboard will warn you if you deploy this type of config.
I was under the impression this was only an issue if the PSK was something that needed to be secure, it's going to be for guest wifi where guests can just ask what the password is to get in.
"allowing attackers to obtain the PSK being used for the particular SSID."
What would be the security risk in an isolated bridge mode SSID where the PSK is given out?
Sorry if it's a newbie question!
If there is more than one access point then bridge mode gives the best roaming experience.
NAT mode causes the users TCP sessions to be torn down every time a roam is done.
The problem I’m having in particular is not the roaming but the initial association. Do you think there would be any improvement if I did try the bridge mode or is there something you’re using besides NAT mode that you would recommend?
Whether you use bridge or NAT mode will have no impact on initial authentication. It may have an impact on re-association due to roaming.
I don't see association issues like this normally (except when using 802.1x, the user has changed their password, but not updated it on their device yet).
What method of authentication (if any) are you using at the moment?
You shouldn't be having any authentication issues.
Any chance this is simply user error, and people typing in the PSK wrong the first couple of times?
One thing to remember is that iOS versions are very important when it comes to WiFi connectivity. Apple has released multiple versions of iOS with WiFi issues and fixes recently so if a device is on one of these iOS versions it's not a surprise there is WiFi issues.
Finally made the switch from NAT mode to Bridge 802.11r adaptive for the guest wifi, all association problems stopped as soon as I made the switch. Went from ~25% failing to associate to around ~1% failing.
Now my only worry is that I misread that warning stating not to enable 802.11r on bridge mode for security risks.
Since this is for the guest wifi and anyone can get the password that walks up to the front desk, it's not an issue, right?
Any input would be appreciated!