12-17-2018 05:11 AM
Dear Cisco,
After running into the session limit (20k) of our ISE 3495, we followed tacacs recommendation of Cisco TAC to implement single-connection feature:
We encountered some issues during our POC:
This seems to happen on all C3560 (12.2(53)SE2)
Is there Cisco recommendation concerning where to implement this feature?
Kind regards,
Lieven Stubbe
Infrabel
Solved! Go to Solution.
12-17-2018 06:03 AM
I think on both is correct answer
12-17-2018 05:53 AM
I think this is expected. You configure the switch single-connection to one side but if you not configure the ISE single connection tick box it will ignore single connection from switch . Thats why it work after you check the tick box.
12-17-2018 06:02 AM
We only have this behaviour on our C3560 devices, so my question remains: on which side do you need to activate the single-connection feature?
Lieven
12-17-2018 06:03 AM
I think on both is correct answer
12-20-2018 03:41 AM
Hello Cisco,
Did some Wireshark and it seems that "both" is the correct answer, when you disable the feature on ISE and/or Switch the TACACS stream is split in several TCP sessions. When active on both ends, everything is in one TCP session.
Kind regards,
Lieven Stubbe
Infrabel
08-15-2019 10:19 AM
Any issue with the TACACs server running out of resources with single connect if you have thousands of TACACS clients? I'm thinking 10K to 20k clients, each with a an open TCP connections when single-connection configured.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide