Cisco Support Community

Unable to authenticate ONS with the RADIUS authentication on Cisco Secure ACS, and the "Exception = Invalid Login" error message appears on ONS

Core issue

In this issue, logs on the Cisco Secure ACS show that authentication has passed, but Optical Networking Subtechnology (ONS) shows that authentication login failed with the Exception = Invalid Login error message.


Complete these steps in order to resolve this issue:

  1. Make sure an attribute-value (AV) is properly configured. An AV pair represents a variable and one of the possible values that the variable can hold. Within ONS, users are mapped to different security groups based on Cisco AV Pair. This is an example:

    "shell:priv-lvl=X" where X can be value of 0 to 3:

    0 represents RTRV.
    1 represents PROV.
    2 represents MAINT.
    3 represents SUPER.

  2. In the ACS Radius IETF attributes, make sure that Service type = Login.

  3. Try to login again.

Refer to RADIUS Authentication Problems in ONS 15454 Version 6.0 for more information and other known problems with authentication.