Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
1
Replies

Thresholds for using a load balancer in front of a PSN

Go to solution
blandrum
Cisco Employee
Cisco Employee

‎06-07-2018 12:03 PM

I have a large higher-ed customer who was burned a few years back on WiSM2s running out of RADIUS sessions IDs during class change.  They eventually spread their wireless clients out across 22 WiSM2s before they finally felt comfortable enough with the load to move forward.  Fast-forward a few years and they’re consolidating down to 5-7 8540 WLCs and are concerned about the same issue occurring, only worse due to number of devices growing over the years.  Do we have any kind of guidelines on maximum number of clients / RADIUS sessions to expect on a WLC -> ISE PSN before we should introduce a stateful load balancer to begin distributing? 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎06-08-2018 02:32 AM

You would need to reach out to wireless team to get the max sessions per WLC platform.

Max RADIUS sessions per ISE PSN is documented here: ISE Performance & Scale

Of course, max is not what you design against and should take into consideration bursts, HA/redundancy requirements, and unexpected activity from "misbehaving" clients or NADs.  Auth method is another consideration since web auth scale is lower than MAB only, or 802.1X.

I mention a number of items to consider to scale wireless and guest in Cisco Live session BRKSEC-3699 (reference version) available on ciscolive.com.

My general recommendation on use of load balancer to distribute load starts after 2 or 3 PSNs.  If a single WLC can fully accommodate the load including bursts and unexpected noise, then a basic A/S or mutual A/A redundancy scheme may suffice, but if require more PSNs to support load, then manual distribution efforts become challenging and more prone to error.  Plus there is the opex cost of having to reconfigure NADs when add/remove PSNs or change their addressing.

Craig

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Craig Hyps
Level 10
Level 10

‎06-08-2018 02:32 AM

You would need to reach out to wireless team to get the max sessions per WLC platform.

Max RADIUS sessions per ISE PSN is documented here: ISE Performance & Scale

Of course, max is not what you design against and should take into consideration bursts, HA/redundancy requirements, and unexpected activity from "misbehaving" clients or NADs.  Auth method is another consideration since web auth scale is lower than MAB only, or 802.1X.

I mention a number of items to consider to scale wireless and guest in Cisco Live session BRKSEC-3699 (reference version) available on ciscolive.com.

My general recommendation on use of load balancer to distribute load starts after 2 or 3 PSNs.  If a single WLC can fully accommodate the load including bursts and unexpected noise, then a basic A/S or mutual A/A redundancy scheme may suffice, but if require more PSNs to support load, then manual distribution efforts become challenging and more prone to error.  Plus there is the opex cost of having to reconfigure NADs when add/remove PSNs or change their addressing.

Craig

0 Helpful
Customers Also Viewed These Support Documents