cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

203
Views
4
Helpful
2
Replies
Highlighted
Cisco Employee

ISE high load and big impacts after building power outage/restore

Hi,

I have a customer which had experienced ISE high load and big impacts after building power outage.

When they restored power, every switch comes up in a synchronized timeframe and load on ISE was critical. Also at each reauthentication the same happened.

Do we have any workaround for that? Like we have for critical « authentication critical recovery delay ».

Something that can throttle interface bring up at switch boot up?


Regards,

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

Re: ISE high load and big impacts after building power outage/restore

We perform scale testing to validate that all endpoints can be reauthenticated within a few minutes, but certainly is one of the use cases to consider buffer capacity under such extreme cases.  By setting reauth timers via server, it would be possible to return reauth timers that are dispersed by minutes or tens of minutes to reduce a periodic wave that resonates at the same interval.

Craig

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: ISE high load and big impacts after building power outage/restore

Hi Jeremy,

Please take a look at the ISE best practices suggestions made in the CIsco Live sessions.

There are several things you can do in an enterprise infrastructure. In ISE you can reduce duplicate authentication requests by ignoring it totally, there are best practices around reauth, idle timer etc.

Designing ISE for Scale & High Availability (2017 Berlin)

Thanks

Krishnan

Highlighted
Advocate

Re: ISE high load and big impacts after building power outage/restore

We perform scale testing to validate that all endpoints can be reauthenticated within a few minutes, but certainly is one of the use cases to consider buffer capacity under such extreme cases.  By setting reauth timers via server, it would be possible to return reauth timers that are dispersed by minutes or tens of minutes to reduce a periodic wave that resonates at the same interval.

Craig

View solution in original post