Showing results for 
Search instead for 
Did you mean: 

CGR 1120 and 802.1x


Hi gurus

We have a CGR1120 and are trying to apply 802.1x authentication using ISE.  The configuration and DACLs that we have in place are working throughout a sizeable organisation, but when we try to apply these to a CGR1120, we get only one interface working and applying the DACL correctly.  Any other interface seems to run out of resources and the following message appears in the log:

'%Error: Out of Rule Resources'


When this happens, the switch doesn't apply any DACL to the interface so the connected device works as if NAC hasn't been applied.  


The datasheet for the CGR1000 series says they support 802.1x but can't find anything about limits (like it supports 802.1x on one interface only).

Interestingly, on the one port which does apply a DACL, if a quarantine DACL is applied and the device is a phone (without the appropriate certificate or address in MAB), the phone registers and works correctly.  But if the device is a PC, it doesn't.  I don't mind this situation but it is obviously not quite correct.


Does anybody have any experience in this area?



0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers