I recently extended my WiFi network coverage with a TP-Link EAP225 v3 access point in the garage, connected via an ethernet cable to the router in my office. The garage and my office are at opposite corners of the house, so this combination should provide excellent coverage overall.
This blog post is reminder to myself about the problems that can prevent devices from roaming between the two WiFi access points based on whichever has a stronger signal.
macOS in particular had a hard time switching to the stronger signal, and the cause turned out to be a slight discrepancy between the security protocols supported by the two access points. Despite having the same SSID and password, if the security protocols are not identical, the implicit roaming support in macOS would not function properly.
The most helpful tool to diagnose this issue was the command-line airport utility, which is located in /System/Library/PrivateFrameworks/Apple80211.framework/Resources
Running “airport -s” from this location will dump out all the SSIDs found, as well as their security settings. Any discrepancies need to be fixed…in my case the EAP225 was configured to support an extra protocol (TKIP) in addition to EAS. TKIP is less secure anyway, so disabling it not only solved the roaming problem but probably increased security as well.