I assume you mean WPA/PEAP not LEAP, because LEAP is a Cisco proprietary modification to WEP and does not support WPA/WPA2.
If you are using a Cisco ACS or Microsoft IAS server as your RADIUS server, then WPA1/PEAP roam times will be 1 to 2 seconds, depending on load on the RADIUS server, because of a complete re-auth. As if you were authenticating all over again to the Microsoft AD.
There are two solutions to this problem:
1. Using Cisco autonomous (standalone) APs (as it appears you have configured) and configure the APs to be members of a WDS. Also, your clients must support CCKM in one form or another.
Depending on your client wireless NIC and driver capabilities, you may be able to use WPA1 with CCKM or may be forced to use EAP-FAST and/or a Cisco wireless NIC. The Intel 2200BG, 2915ABG, and 3945ABG NICs have good support for Cisco radios and CCX standards. Most others do not.
You will NOT be able to use the MS zero-config client, you MUST use the driver supplied by the NIC vendor.
2. Upgrade your autonomous APs to the centralized model using a Cisco Airespace controller.
The Cisco WLCs have always supported WPA2/PEAP-MSCHAPv2 with fast roaming (configured on your client, controller, and RADIUS server) and recently have supported CCKM as above.
The important note is the fast roaming (under 100 ms) is ONLY supported with
1. Cisco's proprietary CCKM (with WPA1/WPA2 and PEAP-MSCHAPv2 or EAP-FAST), depending on client NIC and wireless driver. This NOT supported by the MS zero-config client.
2. WPA2/MSCHAPv2 with 'fast reconnect' enabled on the client, controller and RADIUS server. This is supported with the MS zero-config client with nearly any wireless NIC and wireless driver but requires XP SP2 with several hotfixes (NOT SECURITY PATCHES).
In short, there is nothing you can do with an autonomous AP and WPA1 with the MS zero-config client for fast roaming. Depending on the load on the AP, RADIUS server and MS AD DC(s), you may experience roam times measured in tens of seconds to a minute...
You may be losing the pings because of coverage holes. To detect the holes I would recommend walking with your laptop watching ping responses as well as signal strength by some means (Cisco Aironet Client Utility, NetStumbler, or AirMagnet). If there is a correlation between bad signal strength and ping failures you have coverage holes. If the strength of the signal is good but ping still fails you may be experiencing interference between the channels and you may want to revisit your channel allocation plan. Depending on your AP vendor request them few seamless roaming suggestions.
We experience the same problems. The Intel clients usually have zero problem re-authenticating and connecting, while other/older cards can take minutes or sometimes don't re-authenticate at all and have to do it manually.
You can try 3rd party software or use WDS as others said.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...