When do we get "Bad request from NAS" message type from ACS server in IAP deployment?

MVP Expert
MVP Expert

When do we get "Bad request from NAS" message type from ACS server in IAP deployment ?

In Cisco ACS server keeps seeing alert message "Bad request from NAS" message type.




Wireless clients >> IAP >> Radius Server.


When the shared secret passwords are NOT synchronized between the access point and the authentication server, this may trigger this message.


In customer environment they  have two Radius server which is mapped with the same Ip address but with different shared key and if the client  trying to authenticate against the Radius server with in-correct shared key, the error message is triggered on the ACS server. 


Example: There are 2 Radius servers with same IP address and with mis-match shared key shown below:

wlan auth-server RADIUS-FELTACS0003

ip    <================ 

port 1645

acctport 1646

key aadd657ec8b2518552f0b843c9d03cf3b388b22fc1032526d1819caf94891705


wlan auth-server RADIUS-HOUNCPP0002

ip    <==============

port 1812

acctport 1813

key 219e2934b88b9f86a56b3e25b1683efe8065d33ffd6dc791e0e2665782df9e3d


cppm-rfc3576-port 5999




By configuring the similar shared key on both the radius servers which matches the IAP shared key, the issue is been resolved.

Version history
Revision #:
2 of 2
Last update:
‎11-25-2015 04:02 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: