Max PEAP TPS with ACS 4.0 -

Unanswered Question
Sep 6th, 2007


We plan on rolling out 802.1x on the wire in a Multi-Campus Environment and are currently looking at ACS and the role it plays.

The following link demonstrates how to scale ACS in an 802.1x environment:

We are keen on being able to perform similar inhouse testing, in an effort to determine our future needs.

We currently run over 300 1200AP's (mostly 802.1x / WPA2) and over 550 3750's in the enterprise across 4 metropolitan sites interconnected via 10Gbe.

As an estimate, our infrastructure can support a maximum of 30000 users based on current port/ap capacity.

We have 2 ACS in failover, authenticating against AD, providing TACACS and wireless authentication,

with the following specs:

Windows Server 2003 Member Server

HP XEON 3.6 Quad


We also employ rather heavy radius logging.

Taking these points into consideration, we have the following questions specific to ACS:

1. What type of AAA simulator was used in the test setup? Is it available to customers?

2. Our numbers indicate we might need 2 more ACS Servers,(as a minumum and not taking into account DR). From a numbers perspective confirmation on this point would be appreciated.

3. Is it adviseable to install ACS on DC? We figure that pounding AUTH might impact elsewhere, particularily so when implemented as a member server.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Wed, 09/12/2007 - 13:19

I don't think any test software is available from cisco for testing AAA on ACS. The ACS has no restriction on the number of users that can authenticated, however you may use additional ACS for load balancing if the authentication requests are suffering some delay. Wether to install ACS at DC or not depends on your security policy, however it is advisable to use ACS everywhere for AAA if you are using it.


This Discussion