This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I've just installed ACS 5.1 and noticed that it seems to count managed devices differently than previous versions.
I have a 500 count license which should be fine as I have about 100 devices which will use ACS for TACACS. On ACS 3.x and 4.x, I would set up AAA clients by using a wild card for the subnets that host our routers/switches, say 192.168.1.0/24, 172.16.1.0/24 and 10.1.1.0/24. when I do this with ACS 5, I get a Managed Device Count Exceeded error messasge becasue of the potential of more than 500 AAA clients. It seems to be counting every IP address in the subnet as a managed device, even if there are only a handful actually in use. Is there a way around this short of having to manually enter (and maintain) the exact IP Address of every managed switch and rotuer which will use the ACS server for TACACS?
thanks in advance!
We ran into the same problem. Bob had subnets 192.168.1.0/24, 172.16.1.0/24, and 10.1.1.0/24 which is 768 hosts. We had to add each device we wanted to use with TACACS in manually with a single IP address.
Are there any issue when you get this message "managed device count exceeded" on ACS?
I just add 50 Device to the ACS 5.1. ACS count 520 hosts but actually it´s working 300 device. I know ACS count all host included in the networks masks, for example, with /24 ACS count 256 devices. I get the alert "managed device count exceeded" but device authentication is working properly. Are ther any issue when I get this message. I think is only an advertisement but I´m not sure.
Can you help me?
The device count in ACS 5.x is made by the number of hosts inserted when adding Network device. so if you configure the device with a full class C ip range, it's counted on 254 devices.
the error appears but you can continue workking, and being authenticated.
the other option is to buy a licence of ACS 5 Large Deployment Add.
So, If I insert 501 host with mask /32 device won´t can work but, If I insert 300 host /32 and 1 network /24 I´ll can work properly despite I get the error message.
This is true?
Wesley, Thanks for this. I'm now re-attaching the hair I've pulled out after days trying to figure my customers migration out :-)