Information
The default role policy for the remote user with invalid (or no) CiscoAVPairs returned by the AAA server. CiscoAVPairs provide support for Remote Access Dial-In User Service attribute-value (AV) pairs. The options are:
- Assign Default Role
- No Login
The default is No Login.
Solution
Log into the Cisco APIC Web Console:
Navigate to 'Admin' -> 'AAA' -> 'Authentication'
In the 'Properties' section ensure 'Remote user login policy' is not set to 'Assign Default Role'