Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2131
Views
0
Helpful
4
Replies

ISE 2.0 TACACS+ sizing

Go to solution
Istvan Segyik
Cisco Employee
Cisco Employee

‎02-12-2016 06:45 AM

Dear Colleagues,

We have to size ISE for TACACS+. All together 20.000 network devices.

The customer is using 4 ACS clusters to handle this load at the moment.

Any sizing assistance would be useful.

Could anyone who is able to help contact me in unicast, please? I don't want to share customer details here.

Best regards,

Istvan

Istvan Segyik

Escalations Engineer, Security

CCIE Security #47531

Global Virtual Engineering

WW Partner Organization

Cisco Systems, Inc

*** private contact information removed by moderator

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎02-12-2016 10:27 AM

Hi Istvan,

See here for general sizing guidance:  ISE 2.0 TACACS+ Deployment & Sizing Guidance.

RADIUS and TACACS+ are very different. Check Aaron's blog for the differences There are two different models described in the deployment sizing doc above.

For TACACS+ implementation, to determine the number of PSN’s for programmatic device administration model as discussed above, for simplicity you can replace an ACS server with a ISE PSN node.

For human device administration model, you can use the sample calculation used in device administration model  to determine the transactions per second (TPS) for command authorization and accounting for your environment.

I will be publishing the first draft of migration doc in a day or two. Please look out for more information

Thanks

Krishnan

View solution in original post

0 Helpful
4 Replies 4

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎02-12-2016 10:27 AM

Hi Istvan,

See here for general sizing guidance:  ISE 2.0 TACACS+ Deployment & Sizing Guidance.

RADIUS and TACACS+ are very different. Check Aaron's blog for the differences There are two different models described in the deployment sizing doc above.

For TACACS+ implementation, to determine the number of PSN’s for programmatic device administration model as discussed above, for simplicity you can replace an ACS server with a ISE PSN node.

For human device administration model, you can use the sample calculation used in device administration model  to determine the transactions per second (TPS) for command authorization and accounting for your environment.

I will be publishing the first draft of migration doc in a day or two. Please look out for more information

Thanks

Krishnan

0 Helpful

Go to solution
algoldst
Cisco Employee
Cisco Employee
In response to kthiruve

‎12-20-2016 08:29 AM

Hi Krishnan,

Could you please provide the definition of 'Programmatic' which is referred to in the link that is provided.

Thank you,

0 Helpful

Go to solution
kthiruve
Cisco Employee
Cisco Employee
In response to algoldst

‎12-20-2016 08:55 AM

Hi Alex,

Programmatic model refers to device administration model using scripts. Larger customers will typically have scripts(programs) they use to login to the network device and perform management tasks. This method of using scripts for device administration is called as programattic model.

Programmatic model is described in my how to guide and the ACS to ISE Migration- Planning - VOD in

ACS to ISE Migration

Thanks

Krishnan

0 Helpful

Go to solution
algoldst
Cisco Employee
Cisco Employee
In response to kthiruve

‎12-20-2016 08:57 AM

Hi Krishnan,

Thank you! That's what I thought, but making an assumption could get you in trouble ;-)

Happy Holidays!

0 Helpful
Customers Also Viewed These Support Documents