https://community.cisco.com/t5/network-access-control/mac-limitation-and-performance-impact-for-adding-to-ise-database/m-p/4031687#M453866 <P>I came in to a customers 2.4 deployment which was up to 4.9 million known endpoints in the context visibility database.&nbsp; There was no observable performance impact due to that.&nbsp; The only impact was to me as an admin, exporting the endpoint database resulted in a 5GB csv file that was a pain to use, excel no longer works since it's only happy with less than a million rows.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>I have since enabled aggressive purge policies and dropped that back down to around 500k.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>My experience has been that, profiling and accounting syslogs result in more of an impact than just having endpoints in the DB.&nbsp; &nbsp;the&nbsp;</P> Tue, 18 Feb 2020 16:35:46 GMT Damien Miller 2020-02-18T16:35:46Z https://community.cisco.com/t5/network-access-control/mac-limitation-and-performance-impact-for-adding-to-ise-database/m-p/4031214#M453864 <P><SPAN>1 trying to figure out if there is a known upper limit to the number of MACs that can be added to the ISE database for MAC auth bypass</SPAN><BR /><SPAN>2 Would the customer see a performance hit as the near they MAC limit?</SPAN></P> Mon, 17 Feb 2020 21:44:36 GMT https://community.cisco.com/t5/network-access-control/mac-limitation-and-performance-impact-for-adding-to-ise-database/m-p/4031214#M453864 jlubick 2020-02-17T21:44:36Z https://community.cisco.com/t5/network-access-control/mac-limitation-and-performance-impact-for-adding-to-ise-database/m-p/4031277#M453865 <P>The maximum number of endpoints in ISE 2.6 is 2,000,000.&nbsp; Check out this post: &nbsp;<FONT><A href="https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148" target="_blank" rel="noopener">https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148</A></FONT></P><P>My guess is that as that number increases and gets large, the MAC lookup may take slightly longer; however, I wouldn't think it would be noticeable by the end user.</P> Tue, 18 Feb 2020 00:49:18 GMT https://community.cisco.com/t5/network-access-control/mac-limitation-and-performance-impact-for-adding-to-ise-database/m-p/4031277#M453865 Colby LeMaire 2020-02-18T00:49:18Z https://community.cisco.com/t5/network-access-control/mac-limitation-and-performance-impact-for-adding-to-ise-database/m-p/4031687#M453866 <P>I came in to a customers 2.4 deployment which was up to 4.9 million known endpoints in the context visibility database.&nbsp; There was no observable performance impact due to that.&nbsp; The only impact was to me as an admin, exporting the endpoint database resulted in a 5GB csv file that was a pain to use, excel no longer works since it's only happy with less than a million rows.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>I have since enabled aggressive purge policies and dropped that back down to around 500k.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>My experience has been that, profiling and accounting syslogs result in more of an impact than just having endpoints in the DB.&nbsp; &nbsp;the&nbsp;</P> Tue, 18 Feb 2020 16:35:46 GMT https://community.cisco.com/t5/network-access-control/mac-limitation-and-performance-impact-for-adding-to-ise-database/m-p/4031687#M453866 Damien Miller 2020-02-18T16:35:46Z