ACS Deployment Scale & Limits
Attribute | System Maximum / Limits |
|---|---|
ACS Instances | 22 |
| Hosts | 200,000 for 35xx appliance |
Users | 400,000 for 35xx appliance |
| Identity Groups | 1,000 |
| Active Directory Group Retrieval | 1,500 |
Network Devices | 150,000 on 35xx appliance |
Network Device Groups (NDGs) Unique, Top-Levels | 12 |
Network Device Group Hierarchical Levels | 6 |
| Network Device Group Locations | 10,000 |
| Network Device Group Device Types | 350 |
| Services | 25 |
| Authorization Rules | 320 |
| Conditions | 8 |
| Authorization Profile | 600 |
| Service Selection Policy (SSP) | 50 |
| Network Conditions (NARs) | 3,000 |
| ACS Admins | 50 9 static roles |
| dACLs | 600 dACL with 100 ACEs each |
ACS Hardware Platforms
VMs must have the equivalent of the hardware platforms or better.
VM resources must be dedicated to ACS and not shared with other VMs.
Hardware Platform | ACS | Processor | RAM | Hard Disk | RAID | Ethernet NIC | EoS |
|---|---|---|---|---|---|---|---|
| Cisco SNS 3595 | 5.8.1 | Dual socket Intel Xeon E5-2640 v3 series CPU @ 2.60GHz, 8 total cores, 8*2 total threads | 64GB | 4 x 600-GB 10k SAS HDDs (1200 GB total) | RAID 10 | 6 x Integrated Gigabit NICs | - |
| Single socket Intel Xeon E5-2620 v3 series CPU @ 2.40GHz, 6 total cores, 6*2 total threads | 16GB | 1 x 600-GB 10k SAS HDD (600 GB total) | No | 6 x Integrated Gigabit NICs | - | ||
(Large UCS) | Cisco UCS C220 M3 2 x Quad-Core Intel Xeon CPU E5-2609 @ 2.40 GHz, 8 total cores, 8 total threads | 32 GB | 2 x 600-GB disks | RAID 0+1 | 4 GE network interfaces | 07-Oct-2016 | |
(Small UCS) | Cisco UCS C220 M3 Single socket Intel E5-2609 2.4Ghz CPU 4 total cores, 4 total threads | 16 GB | 1 x 600-GB disk | Embedded Software RAID 0 | 4 GE network interfaces | 07-Oct-2016 | |
Cisco 1121 Secure Access Control System Hardware (CSACS-1121) | Intel Core 2 Duo 2.4-GHz processor with an 800-MHz front side bus (FSB) and 2 MB of Layer 2 cache. | 4GB SDRAM | 2 x 250-GB SATA disks | - | 4 x 1 GB network interface | 27-Aug-2013 | |
| Cisco 1120 Secure Access Control System Hardware (CSACS-1120) | 5.0.x 4.2 | ? | ? | ? | ? | ? | ? |
Cisco Secure ACS-VM (VMware) | Minimum: 2 CPUs (dual CPU, Xeon, Core2 Duo or 2 single CPUs) | 4GB minimum 64 GB maximum | 60GB minimum 1.2TB maximum | NIC—1 GB NIC interface required (You can install up to 4 NICs.) | ? |
ACS TACACS+ Performance
SNS-34xx and 35xx appliance performance was done with ACS 5.8 patch 1 as a dedicated authentication node.
Recommend dedicating resources for VM performance equivalent to hardware.
Authorization Method | Identity Store | Cisco SNS-3415 (Auth/Second) | Cisco SNS-3495 (Auth/Second) | Cisco SNS-3515 (Auth/Second) | Cisco SNS-3595 (Auth/Second) |
T+ PAP | Internal | 1114 | 1869 | 2215 | 2563 |
T+ CHAP | Internal | 1116 | 1872 | 2328 | 2472 |
Accounting | 1234 | 1226 | 1646 | 1956 | |
Authorization(session) | 900 | 1961 | 2726 | 2710 | |
Ms-chap | 1138 | 1972 | 2456 | 2580 |
ACS RADIUS Performance
SNS-34xx and 35xx appliance performance was done with ACS 5.8 patch 1 as a dedicated authentication node.
Recommend dedicating resources for VM performance equivalent to hardware.
Authentication Method | Identity Store | Cisco SNS-3415 (Auth / second) | Cisco SNS-3495 (Auth/ second) | (Auth/ second) | (Auth / second) |
PEAP (MSCHAPv2) | Internal | 1214 | 1876 | 1203 | 3869 |
PEAP (MSCHAPv2) | Active Directory | 162 | 241 | 201 | 354 |
PAP | Internal | 1310 | 1911 | 2857 | 3891 |
PAP | Active Directory | 549 | 574 | 622 | 784 |
EAP-TLS | Internal | 935 | 1024 | 963 | 1998 |
EAP-FAST (MSCHAPv2) | Internal | 1011 | 1263 | 1773 | 2435 |
EAP-FAST (MSCHAPv2) | Active Directory | 224 | 368 | 433 | 586 |
EAP-FAST (GTC) | Internal | 1001 | 1223 | 1689 | 2345 |
EAP-FAST (GTC) | Active Directory | 221 | 376 | 414 | 510 |