Bad Request from NAS Error log on Cisco ACS for Wireless controller

Unanswered Question
Apr 29th, 2010
User Badges:

Dear Experts,


"Bad Request from NAS" error log on Cisco ACS for the Wireless controller IP.


I have checked the shared secret key on ACS and WCS, It is perfectly matching.


I am trying a lot fix this issue. Can anybody help me to know the cause of this issue and the solution for the same.



Thanks a lot in advance


Regards,

Thiyagarajan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rahurao Thu, 04/29/2010 - 20:46
User Badges:

Hi Thiyagarajan,


As per the issue which you are facing  you recieve the Bad request from NAS, failure code invalid message authenticator in EAP request error message
Resolution     As a workaround for this issue, perform these steps::





   1. Make sure that the Network Access Server (NAS) is configured properly.


      
   2. Ensure that the shared secret is the same on both the Cisco Access Point (AP) and on the server.


      
   3. If the AP is configured for a local RADIUS server, the local LEAP authentication port must be 1812.




      Note: For accounting, the port must be 1813.


      Also, a WEP key must be in Native mode as part of the local LEAP configuration.


For more information, refer to:


Troubleshooting Procedure

This section provides troubleshooting information relevant to this configuration.


http://www.cisco.com/en/US/customer/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml#proc


and

LEAP Authentication on a Local RADIUS Server


http://www.cisco.com/en/US/customer/products/hw/wireless/ps4570/products_configuration_example09186a00801c0912.shtml






I hiope this helps!



thiyagarajankal... Fri, 05/07/2010 - 13:16
User Badges:

Dear All,

In order to pin point the error, I have issued the command "Debug aaa all enable" on the Wireless Controller from where this error message getting logged.


Below is the debug output:


Unable to apply override policy for station 00:19:d2:34:5d:53 - VapAllowRadiusOverride is FALSE
Fri May  7 16:15:15 2010: 00:19:d2:34:5d:53 Sending Accounting request (0) for station 00:19:d2:34:5d:53


Can anybody help me to know what causes the above error message?

What AAA parameters needs to be changed at the client side?



Regards,

Thiyagarajan

Actions

This Discussion