Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1140
Views
10
Helpful
4
Replies

Maximum SGACLs

Go to solution
omadrile
Cisco Employee
Cisco Employee

‎08-02-2018 03:42 AM

Hi team,

 

In this document ISE Performance & Scale | Cisco Communities  it's mentioned that the maximum number of SGACLs supported in ISE 2.2 was 2500, and it seems it's decreased to 1000 in ISE 2.4, is that correct or a doc typo? On the other hand, do we have any limits in terms of maximum Source / Destination SGTs supported when creating the TrustSec Policy Matrix?

 

Thanks,

Oriol

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jeaves@cisco.com
Cisco Employee
Cisco Employee
In response to omadrile

‎08-03-2018 12:09 AM

Hi,

if you have N number of SGT's added into ISE then the matrix will have N rows and N columns. So, the matrix will be N x N.

So, in ISE 2.4 there is now a limit of a 10k x 10k matrix BUT that would be for a very very special use-case.

 

Most customers are using less than 250 SGTs, almost all are using less than 500. Some customers are using 2000 SGTs but we know exactly what platforms they are using and have worked through it carefully. You can have large no.s if the specific infrastructure and use cases are carefully understood.
We do support multiple matrices in ISE so you could maybe have a matrix per use case and we do have custom matrix views plus a tree view to make management easier.
Normally keeping it simple to meet the customer needs is the way to go.

Regards, Jonothan.

View solution in original post

4 Replies 4

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎08-02-2018 08:30 AM

I'm checking with the author of the doc to be sure but it does seem we have rolled back the amount of SGACLs. I'll update once I hear back. As for the second part of your question, I'm not sure I understand. Could you elaborate?

Regards,
Tim

Go to solution
Craig Hyps
Level 10
Level 10
In response to Timothy Abbott

‎08-02-2018 10:01 AM

Performance and Scale page updated. 

0 Helpful

Go to solution
omadrile
Cisco Employee
Cisco Employee
In response to Timothy Abbott

‎08-02-2018 11:10 AM

Thanks for your reply Tim. What I meant in the second question is whether there's a max NxN dimension limit for the TrustSec Policy Matrix in ISE. Given that the max number of SGTs in ISE 2.4 is 10000, does that mean that the max dimension for such matrix is 100 x 100 ?

0 Helpful

Go to solution
jeaves@cisco.com
Cisco Employee
Cisco Employee
In response to omadrile

‎08-03-2018 12:09 AM

Hi,

if you have N number of SGT's added into ISE then the matrix will have N rows and N columns. So, the matrix will be N x N.

So, in ISE 2.4 there is now a limit of a 10k x 10k matrix BUT that would be for a very very special use-case.

 

Most customers are using less than 250 SGTs, almost all are using less than 500. Some customers are using 2000 SGTs but we know exactly what platforms they are using and have worked through it carefully. You can have large no.s if the specific infrastructure and use cases are carefully understood.
We do support multiple matrices in ISE so you could maybe have a matrix per use case and we do have custom matrix views plus a tree view to make management easier.
Normally keeping it simple to meet the customer needs is the way to go.

Regards, Jonothan.

Customers Also Viewed These Support Documents