Ars Technica

Cisco Aironet 1100 intermittantly failing RADIUS auth (with IAS)

I have several Aironet 1100s and more than one is exhibiting this problem, making me think this is a network or firewall issue (there's an OpenBSD firewall between the WAPs and the RADIUS/IAS server).
SDxCentral

VU#456537: RADIUS protocol susceptible to forgery attacks.

Overview A vulnerability in the RADIUS protocol allows an attacker allows an attacker to forge an authentication response in cases where a Message-Authenticator attribute is not required or enforced.