Hello Paheeradan,

“Enable Single Connect Mode” makes the network device use one TCP session for all the TACACS request originating from that device.
This is typically only used on a device that is going to be generating a lot of TACACS traffic, for instant a bot. Typically, an administrator does not need it.
If you disable it, it will use a new TCP session for each TACACS request. If you're not using bots, the likely hood is you will not see much performance increase.
The two options, Legacy Cisco Device vs TACACS Draft Compliance Single Connect Support are pretty similar.
The main difference are the flags at a protocol level and how the single connect mode ends.
To understand the difference, we need to understand the very basic of Single Connect mode.
Basically, if enabled on the switch, a flag is set in the request that asks for the mode. If the server is set, it responds with a “yes, Single Connect mode is good”.

All in all, not a very used feature unless you are going to have a mass amount of connections and need to save that overhead.

Talking about drawback of enabling this option: In some of the cases, I have seen CPU usage of NAD may spike. 

You can also learn more about ISE through our live Ask the Experts (ATXs) session. Check out Cisco Endpoint Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

Great. Thanks for the explanation! Appreciate it