IBNS 2.0 does concurrent 802.1x MAB authentications tax the ISE nodes
I will start by saying I have successfully implemented the IBNS 2.0 configuration and can make 802.1x and MAB authenticate instantly with one of them always failing of course and it's great!
I am going to ask a loaded question that I'm sure begins with "it depends" but does anyone know how much concurrent authentications really taxes the ISE servers?
We have some goals in mind while we roll out ISE.
1. we would REALLY like to have the same configuration across all access layer switches; no one wants to keep track of one-off stacks that do concurrent authentications while the majority do not.
2. we want everything to stay dynamic as we feel this is one of the reasons to use ISE, to have consistent policy no matter where a device plugs in. That said I would not want to hard code only a few ports to do concurrent authentication as that is not dynamic.
Cisco documentation gives you guidelines on building ISE nodes (we're doing VM's) based on concurrent sessions. In other words it depends on the number of devices with an active session in ISE. So if I built out my nodes to handle, say, 40,000 active endpoints/sessions does that number go down if I turn on concurrent authentications across the board vs just doing 802.1x then MAB?
In case it helps we are using Cisco 3850 switches all on 3.6.3 code or later and the ISE nodes are 2.0 patch 2
Where can I find out how to integrate my Cisco products with Threat Response?
There are quick start guides and instructional videos to help you get set up with your Cisco products and the Cisco Threat Response platform.
Inviting all Security & Networking professionals! We want you to tell us what devices you use to do your work and its screen resolution. Your response will help us improve network and security management tools.
Click here to take the 5-minute s...
This guide is intended to show some nifty and powerful use cases that a lot of customers either want or don’t know they want. There are tons of other content out there for specific knobs or capabilities, but this is looking to be a more complete...
Since ASDM 7.12(2) I am no longer able to run ASDM on CentOS 7 using javaws. It appears to launch and dies. However, I am now running ASDM directly in java and it works fine.First attempt "javaws https://<ip of firewall>/admin/public/asd...