Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6595
Views
0
Helpful
3
Replies

ACS 5+ license - maximum supported unique IP addresses?

Go to solution
Calin C.
Level 5
Level 5

‎02-28-2011 12:28 AM - edited ‎03-10-2019 05:51 PM

Hello all,

I have a question regarding ACS 5+ license. Here:

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/product_bulletin_c25-616320.html

There is this statement:

With the Base license, Cisco Secure ACS 5.2 appliances or software virtual machines can support deployments of up to 500 network devices (authentication, authorization, and accounting [AAA] clients)

......

The optional Large Deployment add-on license  allows a deployment to support more than 500 network devices. Only one  Large Deployment license is required per deployment as it is shared by  all instances.

Does anybody know how many devices are supported with Large Deployment? I understand that more than 500, but how much more (with approximation) ?

Thanks and cheers,

Calin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pablo1711
Level 1
Level 1
In response to Calin C.

‎03-18-2011 06:04 PM

It is unlimited - But they way ACS deals with it can be quite simple.

For example.

When I add 1 device with a single IP address it uses 1 of the 500 allowed hosts (on the standard licence)

If I add a /24 network range this is still one record but uses 255 hosts

If I add a /16 network range this again is still one record but would use 65535 hosts (and obviously you can do this on the base license)

From experience it is difficult to manage single devices in ACS and instead if is much simply to group these devices into IP ranges.


Therefore you could technically have 255 x /8 network ranges covering all possible IPv4 address space using 4 billion+  host records but still in just 1 record on ACS

Paul

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Calin C.
Level 5
Level 5

‎03-01-2011 12:51 AM

I found the anwser myself:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/admin_config.html#wpxref68935

It seems that with the addon license ACS support an unlimited number of managed devices.

Of course I think at some point there will be some limitation in regard to hardware used. Nothing in unlimited

0 Helpful

Go to solution
pablo1711
Level 1
Level 1
In response to Calin C.

‎03-18-2011 06:04 PM

It is unlimited - But they way ACS deals with it can be quite simple.

For example.

When I add 1 device with a single IP address it uses 1 of the 500 allowed hosts (on the standard licence)

If I add a /24 network range this is still one record but uses 255 hosts

If I add a /16 network range this again is still one record but would use 65535 hosts (and obviously you can do this on the base license)

From experience it is difficult to manage single devices in ACS and instead if is much simply to group these devices into IP ranges.


Therefore you could technically have 255 x /8 network ranges covering all possible IPv4 address space using 4 billion+  host records but still in just 1 record on ACS

Paul

0 Helpful

Go to solution
Calin C.
Level 5
Level 5
In response to pablo1711

‎03-21-2011 02:54 AM

Paul, thanks for your reply.

Since it's the only reply and you are right, I chose your answer as the correct one!

Cheers,

Calin

0 Helpful
Customers Also Viewed These Support Documents