25 APs using two WDSes(one backup) authenticating using LEAP (all correctly registered), using ACS 4.2. Clients are authenticating using WPA2/AES/PEAP/MS-CHAPv2.
Normally, it work fine, for most of the clients. Then, numerous authentication fail, no log on ACS, WDS says either pass or nothing, infrastructure AP reports authentication failed. Sometimes during traffic monitoring using Wireshark, we see that AP sends a request to WDS but gets no response from it. Sometimes AP reports Authentication failed witout visible contact of the WDS (debug does give us anything).
We are using 12.3 (8) JEC1 on all APs. You can see a lot of sometimes, as we can not replicate the problem 1 on 1, it is just what we extract when we try many times. We have added the following changes fro the recomended configuration:
dot1x timeout supp-response 90
dot1x timeout supp-response 120 local
radius-server timeout 20
removed ARP dot11 cache, as we have many machines with network enabled with wireless at the same time.