Controller-less WLANs

 View Only
last person joined: one year ago 

Articles relating to existing and legacy HPE Aruba Networking products and solutions including IAP, Central / HPE Aruba Networking Central, MSR, and Outdoor Mesh
Back to Library

When do we get "Bad request from NAS" message type from ACS server in IAP deployment? 

Nov 25, 2015 07:02 PM

Problem:

When do we get "Bad request from NAS" message type from ACS server in IAP deployment ?

In Cisco ACS server keeps seeing alert message "Bad request from NAS" message type.

 

Setup:

 

Wireless clients >> IAP >> Radius Server.



Diagnostics:

When the shared secret passwords are NOT synchronized between the access point and the authentication server, this may trigger this message.

 

In customer environment they  have two Radius server which is mapped with the same Ip address 10.175.8.18 but with different shared key and if the client  trying to authenticate against the Radius server with in-correct shared key, the error message is triggered on the ACS server. 

 

Example: There are 2 Radius servers with same IP address and with mis-match shared key shown below:

wlan auth-server RADIUS-FELTACS0003

ip 10.175.8.18    <================ 

port 1645

acctport 1646

key aadd657ec8b2518552f0b843c9d03cf3b388b22fc1032526d1819caf94891705

 

wlan auth-server RADIUS-HOUNCPP0002

ip 10.175.8.18    <==============

port 1812

acctport 1813

key 219e2934b88b9f86a56b3e25b1683efe8065d33ffd6dc791e0e2665782df9e3d

rfc3576

cppm-rfc3576-port 5999

 

 



Solution

By configuring the similar shared key on both the radius servers which matches the IAP shared key, the issue is been resolved.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.