cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1975
Views
0
Helpful
4
Replies

ISE 2.0 TACACS+ sizing

Istvan Segyik
Cisco Employee
Cisco Employee

Dear Colleagues,

We have to size ISE for TACACS+. All together 20.000 network devices.

The customer is using 4 ACS clusters to handle this load at the moment.

Any sizing assistance would be useful.

Could anyone who is able to help contact me in unicast, please? I don't want to share customer details here.

Best regards,

Istvan

Istvan Segyik

Escalations Engineer, Security

CCIE Security #47531

Global Virtual Engineering

WW Partner Organization

Cisco Systems, Inc

*** private contact information removed by moderator

1 Accepted Solution

Accepted Solutions

kthiruve
Cisco Employee
Cisco Employee

Hi Istvan,

See here for general sizing guidance:  ISE 2.0 TACACS+ Deployment & Sizing Guidance.

RADIUS and TACACS+ are very different. Check Aaron's blog for the differences There are two different models described in the deployment sizing doc above.

For TACACS+ implementation, to determine the number of PSN’s for programmatic device administration model as discussed above, for simplicity you can replace an ACS server with a ISE PSN node.

For human device administration model, you can use the sample calculation used in device administration model  to determine the transactions per second (TPS) for command authorization and accounting for your environment.

I will be publishing the first draft of migration doc in a day or two. Please look out for more information

Thanks

Krishnan

View solution in original post

4 Replies 4

kthiruve
Cisco Employee
Cisco Employee

Hi Istvan,

See here for general sizing guidance:  ISE 2.0 TACACS+ Deployment & Sizing Guidance.

RADIUS and TACACS+ are very different. Check Aaron's blog for the differences There are two different models described in the deployment sizing doc above.

For TACACS+ implementation, to determine the number of PSN’s for programmatic device administration model as discussed above, for simplicity you can replace an ACS server with a ISE PSN node.

For human device administration model, you can use the sample calculation used in device administration model  to determine the transactions per second (TPS) for command authorization and accounting for your environment.

I will be publishing the first draft of migration doc in a day or two. Please look out for more information

Thanks

Krishnan

Hi Krishnan,

Could you please provide the definition of 'Programmatic' which is referred to in the link that is provided.

Thank you,

Hi Alex,

Programmatic model refers to device administration model using scripts. Larger customers will typically have scripts(programs) they use to login to the network device and perform management tasks. This method of using scripts for device administration is called as programattic model.

Programmatic model is described in my how to guide and the ACS to ISE Migration- Planning - VOD in

ACS to ISE Migration

Thanks

Krishnan

Hi Krishnan,

Thank you! That's what I thought, but making an assumption could get you in trouble ;-)

Happy Holidays!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: