Thursday, April 26, 2018

ISE and TACACS+ on the same Cisco ISE box?

Hi, I can't find much info on this but I know someone may help here. I'm planning a deployment of about 20000 endpoint with ISE (most functionality, using Base/Plus/Apex/Anyconnect licenses), and would certainly use a 3595 server for it, which should support the endpoints with no issues, but I also want to enable the Device Admin license to configure a number of devices (let's say 2000). How should I decide if the almost topped 3595 will support a number of TACACS+ sessions (say 1000, don't fix on my numbers, I know that 1000 sessions for 2000 devices is way off). How can I know if the device can handle all the traffic? In Cisco I can find comparison tables with number of simultaneous devices for RADIUS sessions (NAC), and TACACS+ sessions per second, but I can't find the limit for the TACACS+ sessions. I'm pretty sure that I can mix them, but the main thing is that we want to find a technical reason to NOT mix the two.

Thanks for your time.



No comments:

Post a Comment