Comware 7 radius admin access with Cisco ISE

Capricorn · ‎12-01-2025

Hi

I am trying to configure Cisco ISE for Comware 7 radius admin login

My radius configuration looks ok on the switch and the request is reaching Cisco ISE but I am getting error with authorization error -> Could not find selected Authorization Profiles.

I have tried different settings but nothing worked so far.

Access Type = ACCESS_ACCEPT
Service-Type = 6
H3C-User-Group = network-admin

Access Type = ACCESS_ACCEPT
Service-Type = 6
cisco-av-pair = "shell:roles=\"network-admin\""

Access Type = ACCESS_ACCEPT
H3C-Exec-Privilege = 3

This the error I can see on Cisco ISE

15011 Authorization Policy not configured
15019 Could not find selected Authorization Profiles

Returned RADIUS Access-Reject
Also tried few more but nothing worked so far.

If someone can help with this.

Thanks

ahollifield · ‎12-02-2025

https://cs.co/ise-interop

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356

Cristian Matei · ‎12-12-2025

Hi,

Message 15011 says that ISE can't match on any of the configured Authorization policies with the respective incoming request, while message 15019 says that ISE can't find the attached authorization profile, which is weird.

First, I would delete the exiting authorization profiles and authorization policies that you're using for your scope and recreate it. your read the switch documentation to see if for the respective code version, which RADIUS attributes you need to return for the authorization process. Also, ensure Let's see the outcome after you perform these steps.

Why don't you better off use TACACS integration instead of RADIUS? Saying this as since TACACS is the protocol supposed to be use for device adminitrations, using RADIUS might not always work as expected, especially across various code versions.

Thanks,

Cristian.