Resolution
As a workaround for this issue, perform these steps:
- Make sure that the Network Access Server (NAS) is configured properly.
- Ensure that the shared secret is the same on both the Cisco Access Point (AP) and on the server.
- If the AP is configured for a local RADIUS server, the local LEAP authentication port must be 1812.
Note: For accounting, the port must be 1813.
Also, a WEP key must be in Native mode as part of the local LEAP configuration.
For more information, refer to the Troubleshooting Procedure section of LEAP Authentication with Local RADIUS Server.
Problem Type
Client / Device cannot authenticate
Error message
Products
Access point
Security Options
EAP
LEAP / RADIUS
ACS
IOS Errors, Warnings, Statistics and Log Messages
Bad request from NAS, failure code invalid message authenticator in EAP request