Hi Tarik,

Thanks for your answer.

I think you are talking about Disk Usage

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/viewer_sys_ops.html#wp1068157

In ACS status:

Is memory equal to disk in ACS?

I thought that memory utilization means RAM utilization.

Could you confirm please?

Thanks,

Patrick

Patrixk you are correct. Is the acs in a distributed deployment or is it a standalone unit?

If standalone then this is to be expected. How many authentications per second does your box see on average?

This is a small ACS deployment as described on http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/installation/guide/csacs_deploy.html#wp1104113

ACS manages 2 authentications per second on average.

Patrick

In your initial.email you mentioned 20k auth per day. Also in your acs deployment is the primary acs also the log collector?

Yes there are 20 k auths per day

Most of them are between 9 AM and 17 PM so ACS received 2 auths per second on average.

I confirm that the primary ACS is also the log collector.

Thanks for your advice.

I will try as soon as possible

Regards,

Patrick

Hi Tarik,

I tested your solution in a test environment.

Memory Utilization decreases on primary.

Memory Utilization increses on secondary.

Is there a limit?

What will happen when memory utilization reach this limit?

What can we do to purge memory utilization? (reboot, service restart...)

Thanks,

Patrick

How high is the memory utilization on the secondary ACS? Also do you have your load for radius authentications split? Meaning that half of your deployment chooses the primary ACS server as it is first radius target the other half has the secondary ACS server as their first radius target?

I have seen that 80 percent memory utilization is to be expected, here is some documentation regarding performance numbers:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/migration/guide/Migration_Deploy.html#wp1054828

You may want to consider adding another ACS server to your deployment to see if this helps lighten the load if the 80 percent memory utilization becomes a concern. If you calculate all these numbers and something still doesnt add up, you can upgrade to the latest code (5.3 patch 5), if that doesnt help then you can try to open a tac case to see if they can look at, but in my honest opinion with 20k auth per day I am thinking this is expected.

Thanks,

Tarik Admani
*Please rate helpful posts*

I changed log collector on a non-production platform. There are very few authentications on this platform.

Secondary ACS memory utilization is 25%...

Primary ACS memory utilization falls from 27% to 17%.

I didnt split the radius authentications for the moment because I thought ACS is far away from its performance limits.

I have planned to split for other services which will need RADIUS.

I think that I will reconsider this because memory is growing more than expected.

Thanks for all your advices.

Patrick