cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

769
Views
0
Helpful
1
Replies
Phanikumar Dharmavarapu
Cisco Employee

3595 ISE sizing - for 500K endpoints

As I understand from ISE 2.1 Admin guide, one ISE 3595 server supports 40000 End points in standalone PSN configuration.

So in a distributed deployment (PAN, MNT, PSN running seperately) Can the deployment scale to 500 K endpoints by using 13 PSN nodes? (13 X 40000 = 500000). PAN and MNT will have seperate nodes.

Are there any caveats to be considered here.

1 ACCEPTED SOLUTION

Accepted Solutions
gbekmezi-DD
Contributor

I’m sure you’ve already seen this, but just in case: https://communities.cisco.com/docs/DOC-68347

Of course there are lots and lots of caveats :). Is this just straight 802.1x/Radius? Do you have posture? Profiling? Guest? BYOD? This list can go on and on with the number of features ISE offers. That number of 40,000 per node doesn’t tell the whole story. You have to consider the types of authentications and workloads a given PSN will be handling and size it accordingly. I’d pay particular attention to these sections of that Performance & Scale document:

  • ISE PSN Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_PSN_Performance>

  • ISE TACACS+ Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_TACACS_Performance>

  • ISE 2.0 RADIUS Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_20_RADIUS_Performance>

Good luck!

George

View solution in original post

1 REPLY 1
gbekmezi-DD
Contributor

I’m sure you’ve already seen this, but just in case: https://communities.cisco.com/docs/DOC-68347

Of course there are lots and lots of caveats :). Is this just straight 802.1x/Radius? Do you have posture? Profiling? Guest? BYOD? This list can go on and on with the number of features ISE offers. That number of 40,000 per node doesn’t tell the whole story. You have to consider the types of authentications and workloads a given PSN will be handling and size it accordingly. I’d pay particular attention to these sections of that Performance & Scale document:

  • ISE PSN Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_PSN_Performance>

  • ISE TACACS+ Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_TACACS_Performance>

  • ISE 2.0 RADIUS Performance<https://communities.cisco.com/docs/DOC-68347#jive_content_id_ISE_20_RADIUS_Performance>

Good luck!

George

View solution in original post

Content for Community-Ad