Controller-less WLANs

When do we get "Bad request from NAS" message type from ACS server in IAP deployment?
Problem:

When do we get "Bad request from NAS" message type from ACS server in IAP deployment ?

In Cisco ACS server keeps seeing alert message "Bad request from NAS" message type.

 

Setup:

 

Wireless clients >> IAP >> Radius Server.



Diagnostics:

When the shared secret passwords are NOT synchronized between the access point and the authentication server, this may trigger this message.

 

In customer environment they  have two Radius server which is mapped with the same Ip address 10.175.8.18 but with different shared key and if the client  trying to authenticate against the Radius server with in-correct shared key, the error message is triggered on the ACS server. 

 

Example: There are 2 Radius servers with same IP address and with mis-match shared key shown below:

wlan auth-server RADIUS-FELTACS0003

ip 10.175.8.18    <================ 

port 1645

acctport 1646

key aadd657ec8b2518552f0b843c9d03cf3b388b22fc1032526d1819caf94891705

 

wlan auth-server RADIUS-HOUNCPP0002

ip 10.175.8.18    <==============

port 1812

acctport 1813

key 219e2934b88b9f86a56b3e25b1683efe8065d33ffd6dc791e0e2665782df9e3d

rfc3576

cppm-rfc3576-port 5999

 

 



Solution

By configuring the similar shared key on both the radius servers which matches the IAP shared key, the issue is been resolved.

Version history
Revision #:
2 of 2
Last update:
‎11-25-2015 04:02 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.