topic Re: Method of identifying total number of NAD in Network Access Control https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485266#M540493 <HTML><HEAD></HEAD><BODY><P>Hi Aaron, Viktor,</P><P></P><P>Thanks for your reply.</P><P>Customer may move some NAD to other locations, then these NAD has different ip address but these NAD has same address range. The total number of NAD is still 10,000. In this case, if ISE still has NAD's old ip address in database, the limitation(recommendation&nbsp; limit) will be reached in future. That's why I asked it. Don't I need to consider old ip NAD?</P><P></P><P>Regards,</P><P>Makoto</P></BODY></HTML> Fri, 12 Feb 2016 06:58:32 GMT mimaoka2 2016-02-12T06:58:32Z Method of identifying total number of NAD https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485262#M540489 <HTML><HEAD></HEAD><BODY><P>Hi Experts,
</P><P>
</P><P>How does ISE count the total number of NAD?
</P><P>
</P><P>[Condition]
</P><P>There are 10,000 switches as NAD in the network. These NAD's ip are within 10.10.0.0/16. ISE's configuration of Network Device List is only one record with ip address range like 10.10.0.0/16.
</P><P>
</P><P>Does ISE count 10,000 NAD though the configuration is only one record?
</P><P>
</P><P>Thanks in advance.
</P><P>
</P><P>Best regards,</P><P>Makoto</P></BODY></HTML> Wed, 10 Feb 2016 07:47:26 GMT https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485262#M540489 mimaoka2 2016-02-10T07:47:26Z Re: Method of identifying total number of NAD https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485263#M540490 <HTML><HEAD></HEAD><BODY><P>Adding an entire /16 range will count as 65,536 Network Devices - in theory.</P><P></P><P>There are no hard-limits (licensing wise) with ISE.&nbsp; With that said, it is never recommended to add them in these bulk ranges - because it will can hurt things like CoA/SNMP queries/Shared Secrets, etc.</P><P></P><P>I.e.: if you go to change the shared secret, you have to change it at exactly the same time on all 10,000 switches. </P><P></P><P>-Aaron</P></BODY></HTML> Wed, 10 Feb 2016 13:53:26 GMT https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485263#M540490 Aaron Woland 2016-02-10T13:53:26Z Re: Method of identifying total number of NAD https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485264#M540491 <HTML><HEAD></HEAD><BODY><P>Thinking out loud, 30K NAD limit (or recommendation) is probably based on number of records in the database. A /16 definition is still just one row in the database. Shouldn't that count as a single device as far as the 30k limit is concerned.</P><P></P><P>Thanks</P></BODY></HTML> Wed, 10 Feb 2016 15:16:57 GMT https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485264#M540491 vibobrov 2016-02-10T15:16:57Z Re: Method of identifying total number of NAD https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485265#M540492 <HTML><HEAD></HEAD><BODY><P>Viktor, it's all about what's tested and therefore supported, too. </P></BODY></HTML> Thu, 11 Feb 2016 18:54:22 GMT https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485265#M540492 Aaron Woland 2016-02-11T18:54:22Z Re: Method of identifying total number of NAD https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485266#M540493 <HTML><HEAD></HEAD><BODY><P>Hi Aaron, Viktor,</P><P></P><P>Thanks for your reply.</P><P>Customer may move some NAD to other locations, then these NAD has different ip address but these NAD has same address range. The total number of NAD is still 10,000. In this case, if ISE still has NAD's old ip address in database, the limitation(recommendation&nbsp; limit) will be reached in future. That's why I asked it. Don't I need to consider old ip NAD?</P><P></P><P>Regards,</P><P>Makoto</P></BODY></HTML> Fri, 12 Feb 2016 06:58:32 GMT https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485266#M540493 mimaoka2 2016-02-12T06:58:32Z Re: Method of identifying total number of NAD https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485267#M540494 <HTML><HEAD></HEAD><BODY><P>Each NAD can take multiple IP addresses so we may retain the same number of NADs with old and new addresses.</P><P></P><P><IMG alt="Screen Shot 2016-02-17 at 12.35.23 PM.png" class="image-1 jive-image" src="/legacyfs/online/fusion/93109_Screen Shot 2016-02-17 at 12.35.23 PM.png" style="height: auto;" /></P></BODY></HTML> Wed, 17 Feb 2016 20:36:16 GMT https://community.cisco.com/t5/network-access-control/method-of-identifying-total-number-of-nad/m-p/3485267#M540494 hslai 2016-02-17T20:36:16Z