03-22-2020 05:03 PM
It is a best practice to configure an ISE PX-GRID as a stand-alone on an existing deployment or as another secondary? This also applies to an ISE 2.6 that I wish to dedicate as PSN for device administration (TACACS). I currently have two 3615's running ISE 2.6 patch 5 running as primary/secondary. I have 2 3515's running ISE 2.6 patch 5 that I would like to incorporate PX-GRID and DEVICE Admin
Solved! Go to Solution.
03-22-2020 05:26 PM - edited 03-22-2020 05:27 PM
In a standalone deployment (one or two nodes hosting everything) such as you have where all services are hosted in HA across each other, you are fine to run pxgrid and device admin on them as well. This is a supported and tested deployment model.
With that in mind, the scaling numbers are much lower when shared with the PAN/MNT/PSN. In this case, 3600 series appliances don't have published pxgrid scaling numbers, but as of 2.4 and 3500's we had the following guidance.
3515's - 20 pxgv2 subscribers, but only 2 pxgv1
3595's - 30 pxgv2 subscribers, again only 2 pxgv1
Published here for the 3500's and 2.4, and the BU is aware that they need some updates on this guide. In the mean time we can safely assume you can support 20 version 2 subscribers.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--2097652494
03-22-2020 05:26 PM - edited 03-22-2020 05:27 PM
In a standalone deployment (one or two nodes hosting everything) such as you have where all services are hosted in HA across each other, you are fine to run pxgrid and device admin on them as well. This is a supported and tested deployment model.
With that in mind, the scaling numbers are much lower when shared with the PAN/MNT/PSN. In this case, 3600 series appliances don't have published pxgrid scaling numbers, but as of 2.4 and 3500's we had the following guidance.
3515's - 20 pxgv2 subscribers, but only 2 pxgv1
3595's - 30 pxgv2 subscribers, again only 2 pxgv1
Published here for the 3500's and 2.4, and the BU is aware that they need some updates on this guide. In the mean time we can safely assume you can support 20 version 2 subscribers.
https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148#toc-hId--2097652494
03-22-2020 05:45 PM - edited 03-22-2020 06:21 PM
03-22-2020 06:01 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide