Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
3
Replies

Performance & Scale implication of running Radius & TACACS+ on same PSN

Go to solution
Abraham Joseph
Cisco Employee
Cisco Employee

‎10-04-2018 03:23 AM - edited ‎03-11-2019 01:50 AM

Does anyone know about how RADIUS / TACACS+ performance are affected if both services are run on the same PSN (SNS 3595). Has anyone looked into this before or know how the performance & scale figures for Radius and TACACS+ will be affected?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎10-04-2018 04:21 AM

Hi Abraham,

Please refer the ISE Tacacs+ deployment & sizing guidance: https://community.cisco.com/t5/security-documents/ise-tacacs-deployment-amp-sizing-guidance/ta-p/3612253

As per the guidance document,for mixed PSN(Radius + Tacacs) in cons they have mentioned 

Load from Network Access may impact Device Administration services and vice versa

-Aravind

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎10-04-2018 04:21 AM

Hi Abraham,

Please refer the ISE Tacacs+ deployment & sizing guidance: https://community.cisco.com/t5/security-documents/ise-tacacs-deployment-amp-sizing-guidance/ta-p/3612253

As per the guidance document,for mixed PSN(Radius + Tacacs) in cons they have mentioned 

Load from Network Access may impact Device Administration services and vice versa

-Aravind
0 Helpful

Go to solution
Abraham Joseph
Cisco Employee
Cisco Employee
In response to Aravind Ravichandran

‎10-04-2018 06:32 AM

Thanks Aravind, That is helpful.  I guess we do not have a specific number based on testing.   Think the following calculation given by Thomas is helpful to do some calculations.

 

[20 Device admin concurrent @ 1 command/s = 40 TPS  (command authz + acctng record)]

 

I am looking at a scenario where the customer roughly got around 10,000 endpoints and deployment is a fully distributed deployment. All nodes will be 3595 or 3595 equivalent.  PSNs will be running Radius + TACACS + pxGrid, I am assuming we will be good for up to 20,000 users.

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎10-04-2018 10:58 PM

Hello, 

I discussed this with engineering on this, this scenario was tested briefly with 90% TACACS+ and 10 % Radius traffic . 

the team did not observe any issues with TACACS performance and no Radius error  were seen either. 

For performance matrix on this platform, please refer the performance and scalability page  here- https://communities.cisco.com/docs/DOC-68347

Thanks,

Nidhi

 

0 Helpful
Customers Also Viewed These Support Documents