Cisco Support Community

The "Value for "vpnikeLifetime is less than the minimum allowed value" 1,800" error message appears on the WCS when attempts are made to modify the RADIUS template

Core Issue

The Remote Authentication Dial-In User Service (RADIUS) Authentication Server template, which exists as a consequence of an added controller, obtains zero values for integral fields that do not allow zero values.

For example, the acceptable value range of the vpnIkeLifetime field is 1800 - 345600, but when the template object materializes from the controller, the value sets to zero. Note that the vpnIkeLifetime field depends upon the ipsecStatus field, which is disabled in the controller case. For a normally created template, even if the ipsecStatus field is set to false, the Wireless Control System (WCS) sets the default values for the dependent fields, which includes the vpnIkeLifetime field.

A template that materializes through the addition of a controller cannot be changed, because validation exceptions occur for the zero value set in the database for the vpnIkeLifetime field.The exact error message can read: Error(s):  You must correct the following error(s) before proceeding:
Error: Value for "vpnikeLifetime is less than the minimum allowed value "1,800"     


  1. Check Enable for IPSec.
  2. Type 1800 for Lifetime, in seconds.
  3. Click Save.
  4. Uncheck Enable for IPSec.
  5. Click Save.
  6. Change the template to the defined parameters.
  7. Click Save.
  8. Choose Apply to Controllers.
  9. Apply the template to the controllers.

Problem Type

Error message


Wireless Control System

Security Options


Wireless Devices Errors, Warnings, Statistics and Log Messages

WCS Errors, Warnings and Log Messages

This problem is documented in Cisco bug ID CSCse81548. In order to workaround this issue, complete these steps:

From the RADIUS Authentication Template: