cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

296
Views
0
Helpful
4
Replies
marcairn
Cisco Employee

Dedicated ISE 2.4 scale with 3515s

Scale is published for dedicated deployments with 3595s. What is the scale if we were to dedicate 3515s from an existing ACS deployment (2) Admin nodes, (2) MnT nodes, (4) PSNs? Second, do we support any increase in scale by eliminating services such as no profiling/posture/pxgrid, assuming very basic VPN and wireless 802.1x with standard authentications/authorizations that would be covered in base license features.

 

Thanks

2 ACCEPTED SOLUTIONS

Accepted Solutions

The numbers are for all services running. We don’t test or support higher limits if you decide not to run different services as the overhead is mainly memory session tracking.

The information is right in the guide
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.html#DeploymentSizeandScalingRecommendations

View solution in original post

No the 3515 cannot be used for that purpose as the don’t have the needed resources to serve that role

I thought you were talking about running them as standalone or PSN which is the only purpose they can fulfill

Customer would need to purchase Associated appliance or deploy VMs accordingly

View solution in original post

4 REPLIES 4
skilpatr
Cisco Employee

The scale is published in the Cisco Live presentation. From what I read, with 2.4 you can scale to 7.5k sessions with dedicated 3515 and 40k with dedicated 3595. Not sure if scale increases by eliminating services on the PSN.

Cisco Live Presentation:

https://ciscolive.cisco.com/on-demand-library/?search=ISE&search.event=ciscoliveus2018#/session/1511296160606001Af1J

 

The numbers are for all services running. We don’t test or support higher limits if you decide not to run different services as the overhead is mainly memory session tracking.

The information is right in the guide
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/install_guide/b_ise_InstallationGuide24/b_ise_InstallationGuide24_chapter_00.html#DeploymentSizeandScalingRecommendations

View solution in original post

Thank you.

Unfortunately, I don’t see where we show the scale of an entire deployment when running dedicated Admin and MnT on separate 3515s. Whenever I see the dedicated deployment scale, it references the large nodes, which would be expected when you talk about 20K sessions and up. In this case, I have existing 3515s running ACS today and want to know the scale if they are re-purposed to dedicated nodes with a planned ISE migration. I’m good with the hybrid deployment max of 7500 and the 7500 limit per dedicated PSN.

 

https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148

No the 3515 cannot be used for that purpose as the don’t have the needed resources to serve that role

I thought you were talking about running them as standalone or PSN which is the only purpose they can fulfill

Customer would need to purchase Associated appliance or deploy VMs accordingly

View solution in original post

Content for Community-Ad