PEAP authentication takes approximately 30 seconds to re-authenticate when roaming between APs
Protected EAP (PEAP) is a draft EAP authentication type that is designed to allow hybrid authentication. PEAP employs server-side Public Key Infrastructure (PKI) authentication. For client-side authentication, PEAP can use any other EAP authentication type. Because PEAP establishes a secure tunnel through server-side authentication, non-mutually authenticating EAP types can be used for client-side authentication (such as EAP Generic Token Card (GTC) for one-time passwords (OTP), and EAP MD5 for password-based authentication).
When PEAP authentication is used, there is a delay when users roam between Cisco Access Points (APs). PEAP takes a long time to authenticate because it must re-authenticate user credentials to the RADUIS server every time the user roams.
Do not use WPA/TKIP with PEAP to avoid delays.
Refer the article 826942 to obtain the patch which fixes the authentication delays.
Using Fast reconnect is another option to decrease the re-authentication delays. This should be enabled on the client and the authentication server. Refer URL configuring ACS for PEAP