Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1532
Views
1
Helpful
7
Replies

How many maximum mac address can create in endpoint identity ?

Go to solution
jewfcb001
Level 4
Level 4

‎05-30-2023 11:47 PM

Hi All , 
I try to find information about Maximum Mac Address can create in endpoint identity on Cisco ISE 2.7 or 3.x 
My deployment is 2 Cisco ISE HA (Admin+PSN+Monitor) Primary and Secondary . 


I see  link below but not found the exact maximum number of mac address can create in endpoint identity.

https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html

Please advise me . 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-05-2023 12:44 PM

The concurrent sessions are well documented on the performance and scale page.
https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html

The total known endpoints has turned in to tribal knowledge, there used to be stated scale in the performance and scale guide but the number is no longer published. You can look at the 2.6+ endpoint scale on an archive of this old scale document. Search for "maximum endpoints" in this table and you will find the 2 million number on the far right column. This was increased from 1.5 million that 2.4 or older supported. 
https://web.archive.org/web/20210710140104mp_/https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--1312516075

View solution in original post

7 Replies 7

Go to solution
jewfcb001
Level 4
Level 4

‎05-31-2023 09:58 PM

I still waiting someone to help. 

0 Helpful

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎06-01-2023 03:46 PM

I don't believe there is a theoretical maximum for the number of MAC addresses that can be stored in the endpoint database, but the maximum validated is 2 million.

With your 2 node cluster, the number you would need to be concerned about would be the supported concurrent sessions based on the platform specs you are using (which you have not mentioned).

0 Helpful

Go to solution
jewfcb001
Level 4
Level 4
In response to Greg Gibbs

‎06-01-2023 07:57 PM

@Greg Gibbs 

Thank you for information. I deploy VM Small Type If reference from concurrent sessions VM Small type support 10000 concurrent . Can I use this value for mac address (endpoint ) store in database ? 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to jewfcb001

‎06-01-2023 08:12 PM

Yes, you can store 2 million mac address entries in the context visibility database. 

A small VM will support up to 10,000 unique endpoint/macs being online and active on the network at any given point in time. This number is up to 10,000 though, there are many variables that can impact this like rate of auth, auth type, etc. 

 

I've had customers exceed the 2 million total macs, one just under 5 million without issue. The scale for this used to be stated as 2 million, for some reason that specific scale number is no longer reported. 

0 Helpful

Go to solution
jewfcb001
Level 4
Level 4
In response to Damien Miller

‎06-01-2023 08:26 PM

@Damien Miller 
Can you provide official document to me ? or Can I refer from concurrent session? Because If a small VM support 10k concurrent but we add mac address greater than 10k ISE still handle 10K current also. Please advise me. 

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎06-05-2023 12:44 PM

The concurrent sessions are well documented on the performance and scale page.
https://www.cisco.com/c/en/us/td/docs/security/ise/performance_and_scalability/b_ise_perf_and_scale.html

The total known endpoints has turned in to tribal knowledge, there used to be stated scale in the performance and scale guide but the number is no longer published. You can look at the 2.6+ endpoint scale on an archive of this old scale document. Search for "maximum endpoints" in this table and you will find the 2 million number on the far right column. This was increased from 1.5 million that 2.4 or older supported. 
https://web.archive.org/web/20210710140104mp_/https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--1312516075

Go to solution
jewfcb001
Level 4
Level 4
In response to Damien Miller

‎06-05-2023 10:03 PM

@Damien Miller 

Thank you so much for information . 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents