BAY

All versions of the BAY software prior to 18.0.2 are broken in regards to the Message-Authenticator. The software sends a strictly MD5 encoded secret instead of the encoding required by the RFC. This has been fixed in 18.0.2 only.

If you see messages in the radius log like:

Then you MUST upgrade the software on your Bay Annex. There is NO other solution to the problem.