This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have a question about PSN scaling.
At the moment CU is running ACS 5.8 and running MAB for about 350.000 Clients. The radius authentication requests are handled by 2 ACS-Servers without any performance issues. Clients are mix of PC's, printers and Cisco IP-Phones (about 160K).
Idle-Timer is 1200s and Reauth-Timer is 600s.
Now we are planing to migrate to ISE and I saw in the data sheets and sizing slides that a dedicated PSN (only Radius MAB) can handle max. 40K concurrent sessions. Is this number a "hard cut" or is it only a tested number and will only be supported in case of any issues ?.
CU is complaining about to have now about 10 PSN's + additional 10 PSN's for redundancy + PAN (prim + sec) + MnT (prim + sec).
PS: Still discussing to add load balancers into the ISE design to be more flexible and have the possibility to add profiling .. in the future without to "optimize" switch configurations ( talking about 12.000 Access-Switches)
Thanks in advance
-Dieter Grassler (email@example.com)
Solved! Go to Solution.
There is a great sizing sheet here:
The ISE 2.2 install guide, for large deployments (either VM or appliance) support well over your client requirements. It will just depend on your deployment model and device sizing
Dedicated (PAN, MnT, PXG, and PSN Nodes)
3495 as PAN and MnT
3595 as PAN and MnT
I know all this slides and guides, but key question is: are the 40K max. concurrent sessions a hard limit or more a "main guideline" ?
right otherwise you would have to manually load balance by watching and making certain PSNs primary and secondary depending on the NADs, then juggling them around if become an issue. Load balancer can easily add in another PSN is you go over