Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Point noted... And you are actively using 3,000 NAD groups? Ambitious and impressive. How do you use so many NAD groups without having thousands of rules? Perhaps I can learn some good efficiencies from you and this case.
Could I ask your model number? I've had VM+Physicals in the XX95 model ranges which have never had that problem, yet we defined almost 34k NADs on an endpoint authentication cluster and nearly 23k NADs defined on a TACACS+ authentication cluster.
If you're also seeing crashes with logstash and elastisearch, could you be logging too much data? What are your session re-authentications and your accounting updates? I mostly use session re-authentications of 8 hours, and the same for accounting ...
While I see an accounting timeout of 300 seconds / 5 minutes (why do you need updates that often, why not every 8+ hours?), I do not see a session timeout value. That makes me wonder if your port never bounced and your ISE state never changed. If so...
We had that problem with some Intercoms we onboarded last year. I think we had to remove the VLAN tag from the authorization profile->common tasks area, then set the authorization profile->common tasks checkbox for voice domain profile. We had anoth...
