Problem:When do we get "Bad request from NAS" message type from ACS server in IAP deployment ?
In Cisco ACS server keeps seeing alert message "Bad request from NAS" message type.
Setup:
Wireless clients >> IAP >> Radius Server.
Diagnostics:When the shared secret passwords are NOT synchronized between the access point and the authentication server, this may trigger this message.
In customer environment they have two Radius server which is mapped with the same Ip address 10.175.8.18 but with different shared key and if the client trying to authenticate against the Radius server with in-correct shared key, the error message is triggered on the ACS server.
Example: There are 2 Radius servers with same IP address and with mis-match shared key shown below:
wlan auth-server RADIUS-FELTACS0003
ip 10.175.8.18 <================
port 1645
acctport 1646
key aadd657ec8b2518552f0b843c9d03cf3b388b22fc1032526d1819caf94891705
wlan auth-server RADIUS-HOUNCPP0002
ip 10.175.8.18 <==============
port 1812
acctport 1813
key 219e2934b88b9f86a56b3e25b1683efe8065d33ffd6dc791e0e2665782df9e3d
rfc3576
cppm-rfc3576-port 5999
SolutionBy configuring the similar shared key on both the radius servers which matches the IAP shared key, the issue is been resolved.