03-04-2016 09:11 AM
Hi All,
I need you to size an installation of ISE to manage 50000 devices via TACACS+,
in term of licenses I understand it's enough to quote 100 end points base license and 1 license for TACACS+
in term of servers I don't know which is the methodology.....
should I consider the device as an end-point? and calculate the numbers of servers for 50K end-points?
other method?
please help me to understand how I should procedure
Thanks in advance
Guido
Solved! Go to Solution.
03-04-2016 10:34 AM
Hi Guido,
TACACS+ devices administration requires the device to be added to ISE like any other network access device that would perform authentication. Today, ISE will only support up to 30K network access devices so you would need to have two different deployments just for device administration. Future versions of ISE will likely support more network devices. If You can find general sizing guide for TACACS+ with ISE here<https://communities.cisco.com/docs/DOC-63930>.
Regards,
-Tim
03-04-2016 10:34 AM
Hi Guido,
TACACS+ devices administration requires the device to be added to ISE like any other network access device that would perform authentication. Today, ISE will only support up to 30K network access devices so you would need to have two different deployments just for device administration. Future versions of ISE will likely support more network devices. If You can find general sizing guide for TACACS+ with ISE here<https://communities.cisco.com/docs/DOC-63930>.
Regards,
-Tim
03-04-2016 10:39 AM
Hi Guido,
Here is a community page for TACACS+ deployment sizing and ACS vs ISE Comparison that provides guidance on this.
For more information on planning TACACS+ deployment and scale of PSN's, ACS to ISE migration doc is a good reference point.
ISE 2.0 supports 30k network objects, and ISE supports subnets only for network objects not ranges. So if you can subnet these devices to 30k network objects you should be OK. That said, we dont have information upper limit of network devices if you subnet these. It is important to pay attention to the TPS for TACACS+ in deployment sizing guide for command accounting etc and scale your network accordingly.
The scale on the network devices is going to be improved in the upcoming release.
Good luck.
Thanks
Krishnan
03-10-2016 07:07 AM
Hi Krishnan,
could you please explain me the data about the Device managed with ISE?
the table says 30K network object (no IP-address), my customer should manage 80K (TACACS+) devices, how many ISE instances should they use? 3? or more?
Thanks for the explanation
Guido
03-10-2016 07:13 AM
Guido,
Since ISE 2.0 can only manage 30K TACACS+ devices (switches, routers, etc), it would take 3 separate ISE deployments to manage 80K network devices. Future updates to ISE will increase TACACS+ scalability. If your customer is currently using ACS to manage more than 30K network devices with TACACS+, it is recommend they continue to do so until ISE can support their environment with one deployment.
Regards,
-Tim
03-10-2016 07:46 AM
Hi Timothy,
Thanks for the info and suggestions
could you share any info about the roadmap?
when will ISE support more then 30K devices?
Thanks
Guido
03-10-2016 08:23 AM
Guido,
Unfortunately, roadmap information cannot be shared in this forum.
Regards,
-Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide