02-17-2020 01:44 PM
1 trying to figure out if there is a known upper limit to the number of MACs that can be added to the ISE database for MAC auth bypass
2 Would the customer see a performance hit as the near they MAC limit?
Solved! Go to Solution.
02-17-2020 04:49 PM
The maximum number of endpoints in ISE 2.6 is 2,000,000. Check out this post: https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148
My guess is that as that number increases and gets large, the MAC lookup may take slightly longer; however, I wouldn't think it would be noticeable by the end user.
02-17-2020 04:49 PM
The maximum number of endpoints in ISE 2.6 is 2,000,000. Check out this post: https://community.cisco.com/t5/security-documents/ise-performance-amp-scale/ta-p/3642148
My guess is that as that number increases and gets large, the MAC lookup may take slightly longer; however, I wouldn't think it would be noticeable by the end user.
02-18-2020 08:35 AM
I came in to a customers 2.4 deployment which was up to 4.9 million known endpoints in the context visibility database. There was no observable performance impact due to that. The only impact was to me as an admin, exporting the endpoint database resulted in a 5GB csv file that was a pain to use, excel no longer works since it's only happy with less than a million rows.
I have since enabled aggressive purge policies and dropped that back down to around 500k.
My experience has been that, profiling and accounting syslogs result in more of an impact than just having endpoints in the DB. the
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide