08-09-2022 06:02 AM
Gentlemen,
I was reading about Cisco ISE and happened to come across the term "Enable Single Connect Mode". I understand by selecting this option, Cisco ISE will minimize the number of TCP connections opened for duplicate transactions and retain the connection for AAA transactions. What is the drawback of enabling this option instead of "Legacy" mode for a network node in ISE?
Solved! Go to Solution.
08-09-2022 06:08 AM
@paheeradan.nagulan as per the Cisco Device Administration guide. https://community.cisco.com/t5/security-knowledge-base/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365
Note: IPv4 and IPv6 supports Single connect Mode connection. Optionally you can enable Single Connect Mode with TACACS+ Draft Compliance Single Connect support option if you have chatty Network devices. The TCP connection for Single mode connections is not disconnected for every single Transactions and would ensure reliability but it is very resource intensive. Use it with caution only on certain Network devices.
08-09-2022 06:13 AM
As you noticed the Defaul is Legacy, that is Cisco recomment,.
as you rightly said single connection mode is more of chatty devices in the network and also ISE should agreed based on the frst handshake
For chatty devices that sends traffic bursts, ISE has a TACACS+ feature called “single connect mode” that retains the TCP connection instead of tearing it immediately, however you need to make sure to keep track of the number of sessions not to overwhelm ISE with too many open connections.
08-09-2022 06:08 AM
@paheeradan.nagulan as per the Cisco Device Administration guide. https://community.cisco.com/t5/security-knowledge-base/cisco-ise-device-administration-prescriptive-deployment-guide/ta-p/3738365
Note: IPv4 and IPv6 supports Single connect Mode connection. Optionally you can enable Single Connect Mode with TACACS+ Draft Compliance Single Connect support option if you have chatty Network devices. The TCP connection for Single mode connections is not disconnected for every single Transactions and would ensure reliability but it is very resource intensive. Use it with caution only on certain Network devices.
08-09-2022 06:38 AM
Thanks for the explanation. Appreciate it.
08-09-2022 06:13 AM
As you noticed the Defaul is Legacy, that is Cisco recomment,.
as you rightly said single connection mode is more of chatty devices in the network and also ISE should agreed based on the frst handshake
For chatty devices that sends traffic bursts, ISE has a TACACS+ feature called “single connect mode” that retains the TCP connection instead of tearing it immediately, however you need to make sure to keep track of the number of sessions not to overwhelm ISE with too many open connections.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide