Warning! The maximum supported latency between ISE 1.x/2.0 nodes is set at 200ms. ISE 2.1+ raises guidance to maximum 300ms roundtrip latency between PSN nodes and the PAN. However, there is no substitute for good design to optimize data replication and reduce impact due to latency.
The ISE Bandwidth Calculator has two worksheets:
Single-Site Calculator - Used to determine bandwidth required between a remote location with distributed ISE nodes and single head-end data center that contains the Primary Administration and Monitoring nodes.
Multi-Site Calculator – Used to show overall bandwidth required between all remote locations with ISE nodes to one or two head-end data centers that contain the Administration and Monitoring nodes. Aggregate bandwidth at head-end sites is also shown along with graphical depiction
Bandwidth Calculator Assumptions
ISE Auth Suppression enabled
Profiling Whitelist Filter enabled
One node group per location
For Single-Site calculation, primary PAN and MnT nodes are deployed in primary Data Center to which bandwidth is calculated; For Multi-Site calculation, primary PAN is deployed in primary DC.
Mobile endpoints authenticate/reauthenticate as frequently as 10/hr and refresh IP 1/hr
Non-Mobile endpoints authenticate/reauthenticate no more than once per Reauth Interval and refresh IP address no more than once per DHCP renewal (1/2 Lease Period)
Bandwidth required for NAD or Guest Activity logging is not included. These logging activities are highly variable and should be treated separately based on deployment requirements.
Bandwidth required for general RADIUS auth and accounting traffic is not included. RADIUS traffic is generally less significant but actual requirement is highly contingent on multiple factors including total active endpoints, reauth intervals, and the authentication protocols used.
Deployments where all ISE nodes are deployed in one location are not considered by this calculator. All nodes deployed in the same location are assumed to be connected by high-speed LAN links (Gigabit Ethernet or higher)
Max round-trip latency between any two ISE nodes is currently set at 200ms.
Mobile versus Non-Mobile Endpoint
For the purposes of this bandwidth calculator, Mobile and Non-Mobile Endpoints have the following characteristics:
Mobile Endpoints: Authenticate/reauthenticate as frequently as ten times per hour and refresh IP address as frequently as once per hour. Typical devices that fall under this category include wireless tablets, smart phones, and notebooks that are used to provide continuous network access while user is mobile.
Non-Mobile Endpoints: Authenticate/reauthenticate no more than once per Reauth Interval and refresh IP address no more than once per DHCP renew period (1/2 Lease). Typical devices that fall under this category include stationary network devices, desktops, and even wireless laptops that tend to stay in the same location for extended periods.
Hi, im having problems with a site-to-site between an azure web server and my cisco 2900, wich randomly disconnects with the following debug message : Sep 22 19:16:32.831: IPSEC:(SESSION ID = 99405) still in use sa: 0x2471925CSep 22 19:16:32.83...
Hello,I'm testing API access on 2 ASAs. One 9.12 and one 9.16. Both with API 7.16.1. Interacting with 9.12 ASA works as expected. When requesting a token from 9.16 I get a 401 Unauthorized. Trying to access the documentation at https://asa-ip/doc/ re...
We're currently making our network more resilient. Our current setup is Single ASA with Single ISP. Our plan ahead and currently testing is utilizing 2 ASA configure FPR2000 series firewalls with port channel redundancy connected to a stacked C9200's.&nbs...
I am not able to login to my Standby Firewall as SSH is Broken now. And I need to run this command at Standby ASA. I have Access to Standby ASA through ASDM and If I run this command from GUI it does not get executed shows message as below. How...