We plan on rolling out 802.1x on the wire in a Multi-Campus Environment and are currently looking at ACS and the role it plays.
The following link demonstrates how to scale ACS in an 802.1x environment:
We are keen on being able to perform similar inhouse testing, in an effort to determine our future needs.
We currently run over 300 1200AP's (mostly 802.1x / WPA2) and over 550 3750's in the enterprise across 4 metropolitan sites interconnected via 10Gbe.
As an estimate, our infrastructure can support a maximum of 30000 users based on current port/ap capacity.
We have 2 ACS in failover, authenticating against AD, providing TACACS and wireless authentication,
with the following specs:
Windows Server 2003 Member Server
HP XEON 3.6 Quad
We also employ rather heavy radius logging.
Taking these points into consideration, we have the following questions specific to ACS:
1. What type of AAA simulator was used in the test setup? Is it available to customers?
2. Our numbers indicate we might need 2 more ACS Servers,(as a minumum and not taking into account DR). From a numbers perspective confirmation on this point would be appreciated.
3. Is it adviseable to install ACS on DC? We figure that pounding AUTH might impact elsewhere, particularily so when implemented as a member server.