IBNS 2.0 does concurrent 802.1x MAB authentications tax the ISE nodes
I will start by saying I have successfully implemented the IBNS 2.0 configuration and can make 802.1x and MAB authenticate instantly with one of them always failing of course and it's great!
I am going to ask a loaded question that I'm sure begins with "it depends" but does anyone know how much concurrent authentications really taxes the ISE servers?
We have some goals in mind while we roll out ISE.
1. we would REALLY like to have the same configuration across all access layer switches; no one wants to keep track of one-off stacks that do concurrent authentications while the majority do not.
2. we want everything to stay dynamic as we feel this is one of the reasons to use ISE, to have consistent policy no matter where a device plugs in. That said I would not want to hard code only a few ports to do concurrent authentication as that is not dynamic.
Cisco documentation gives you guidelines on building ISE nodes (we're doing VM's) based on concurrent sessions. In other words it depends on the number of devices with an active session in ISE. So if I built out my nodes to handle, say, 40,000 active endpoints/sessions does that number go down if I turn on concurrent authentications across the board vs just doing 802.1x then MAB?
In case it helps we are using Cisco 3850 switches all on 3.6.3 code or later and the ISE nodes are 2.0 patch 2
How can I get early access to beta features?
You can apply to join the Cisco Security Beta Program at this link:http://cs.co/security-beta-nominationParticipants receive early access to new features and direct lines to engineering, in e...
In dCloud we have the ISE Sandbox. It is provided as a quick opportunity on the new OS with minimal support. It comes with no documentation. The following document can be used with the Sandbox or the Secure Access Wizard as a basic flow and validation of ...
Portal Flow Overview:
Imagine you wanted to combine a Sponsored Guest and Hotspot portal from a single landing page - this document shows you how to achieve a portal flow as shown below:
ISE offers various types of guest por...