Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
4
Helpful
2
Replies

ISE Design Clarification

Go to solution
tolarosa@cisco.com
Cisco Employee
Cisco Employee

‎03-01-2018 09:35 AM

For a Large Deployment (20k+ endpoints) can I mix/match various appliances per node/pesona?

Example:

PAN – 3515 or equivalent VM

MNT – 3515 or equivalent VM

PSN – 3595 or equivalent VM

Or does every Node/Persona have to be a 3595/VM Equivalent?

1 Accepted Solution

Accepted Solutions

Go to solution
thomas
Cisco Employee
Cisco Employee

‎03-01-2018 05:57 PM

You must have 3595 as dedicated PANs and MNTs for >20,000 active sessions.

For PANs and MNT sizing, you need to be aware of the max Deployments Size. This is because they have to coordinate a lot of stuff for the entire deployment.

The ISE Installation Guide states deployment scaling sizes for PAN+MNT shared nodes :

You cannot do more than 7500 total active endpoints with 3515s with PAN+MNT shared on a single node.

And for Dedicated PAN or MNT nodes the 3515 is not listed because it is not Supported:

If you are doing Dedicated nodes it is because you want to scale BIG (> 20,000 active sessions) so you must have 3595 as dedicated PANs and MNTs.

View solution in original post

2 Replies 2

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎03-01-2018 02:55 PM

You can mix and match but 20k plus requires a 3495 minimum for pan and mnt per page 10 to scale from 20-250k endpoints

https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/install_guide/b_ise_InstallationGuide23/b_ise_InstallationGuide23_chapter_00.pdf

Go to solution
thomas
Cisco Employee
Cisco Employee

‎03-01-2018 05:57 PM

You must have 3595 as dedicated PANs and MNTs for >20,000 active sessions.

For PANs and MNT sizing, you need to be aware of the max Deployments Size. This is because they have to coordinate a lot of stuff for the entire deployment.

The ISE Installation Guide states deployment scaling sizes for PAN+MNT shared nodes :

You cannot do more than 7500 total active endpoints with 3515s with PAN+MNT shared on a single node.

And for Dedicated PAN or MNT nodes the 3515 is not listed because it is not Supported:

If you are doing Dedicated nodes it is because you want to scale BIG (> 20,000 active sessions) so you must have 3595 as dedicated PANs and MNTs.

Customers Also Viewed These Support Documents