802.1X , wired network, 40k clients, 250k devices

jorgensor · ‎03-03-2014

Hi,

We are about to start a project that shall secure an organisations wired network.

This organisation has 40k clients and around 250k network attached devices (clients, printers, cams, medical equipment, environmental equipment ...)

There are about 3000 Cisco switches connecting the clients.

802.1x and Cisco ISE are used for the wireless network (10k clients).

Is Cisco ISE the way to go for the wired network as well? Does it scale?

Things to think about when designing the solution?

/Jorgen

nspasov · ‎03-03-2014

ISE 1.2 can suport up to 250,000 conrurrent endpoints.

With that being said, you will have to use multiple PSN nodes in a distributed deployment.

**Thank you for rating helpful posts**

jj27 · ‎03-03-2014

Please check the following link:

Naveen Kumar · ‎03-12-2014

Description	Number
Maximum number of NADs	30,000
Maximum number of Network Device Groups	100
Maximum number of Internal users	25,000
Maximum number of Internal guests	50,000 (Total number of guest account per year is 1,000,000 as accounts get purged)
Maximum number of EndPoints	1,000,000
Maximum number of Authentication Rules	25 when Simple mode is used 100 combined rules when Policy Set mode is used
Maximum number of Authorization Rules	600 (Best Practice to keep it below 100. With 100+ rules rendering of GUI and user access will be negatively impacted.)
TrustSec Security Group Tags (SGT)	4,000
TrustSec Security Group ACLs (SGACLs)	2,500