Using a 4402, ver 4.0.185,
I'm configuring a WLAN with no layer2 security, and I have configured the web-policy layer 3 security method with a preauth acl to allow connections to a couple of vpn concentrators for unauthenticated users.
Everything works fine, but I have observed a few things that worry me
a. When a client disassociates from my wlan, the wireless controller takes about 5 minutes to discover that this has happened. It looks as if it doesn't get the disassociation event.
b. if the client has not authenticated through the web-auth page, every about 5 minutes the client seems to be briefly disconnected from the WLAN and connect again immediately. This displays an annoying popup to the user and one-two packets are lost (I see this from a continuous ping I run concurrently)
The client statistics on the PC show that a roaming event has occurred but since the only AP with adequate signal is next to the PC I don't see any reasons for roaming.