The Remote Authentication Dial-In User Service (RADIUS) Authentication Server template, which exists as a consequence of an added controller, obtains zero values for integral fields that do not allow zero values.
For example, the acceptable value range of the vpnIkeLifetime field is 1800 - 345600, but when the template object materializes from the controller, the value sets to zero. Note that the vpnIkeLifetime field depends upon the ipsecStatus field, which is disabled in the controller case. For a normally created template, even if the ipsecStatus field is set to false, the Wireless Control System (WCS) sets the default values for the dependent fields, which includes the vpnIkeLifetime field.
A template that materializes through the addition of a controller cannot be changed, because validation exceptions occur for the zero value set in the database for the vpnIkeLifetime field.The exact error message can read: Error(s): You must correct the following error(s) before proceeding: Error: Value for "vpnikeLifetime is less than the minimum allowed value "1,800"
Check Enable for IPSec.
Type 1800 for Lifetime, in seconds.
Uncheck Enable for IPSec.
Change the template to the defined parameters.
Choose Apply to Controllers.
Apply the template to the controllers.
Wireless Control System
LEAP / RADIUS
Wireless Devices Errors, Warnings, Statistics and Log Messages
WCS Errors, Warnings and Log Messages
This problem is documented in Cisco bug ID CSCse81548. In order to workaround this issue, complete these steps: