Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
0
Replies

CGR 1120 and 802.1x

lpassmore
Level 1
Level 1

‎09-17-2017 06:31 PM - edited ‎03-05-2019 09:08 AM

Hi gurus

We have a CGR1120 and are trying to apply 802.1x authentication using ISE.  The configuration and DACLs that we have in place are working throughout a sizeable organisation, but when we try to apply these to a CGR1120, we get only one interface working and applying the DACL correctly.  Any other interface seems to run out of resources and the following message appears in the log:

'%Error: Out of Rule Resources'

 

When this happens, the switch doesn't apply any DACL to the interface so the connected device works as if NAC hasn't been applied.  

 

The datasheet for the CGR1000 series says they support 802.1x but can't find anything about limits (like it supports 802.1x on one interface only).

Interestingly, on the one port which does apply a DACL, if a quarantine DACL is applied and the device is a phone (without the appropriate certificate or address in MAB), the phone registers and works correctly.  But if the device is a PC, it doesn't.  I don't mind this situation but it is obviously not quite correct.

 

Does anybody have any experience in this area?

 

 

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card