Hello Amin,
You might want to check the following:
Performance
A single ACS 5.3 server that does not act as the log collector can process more than 100 authentications per second. You should make sure that a single ACS server processing AAA requests is able to manage the load during peak hours. Peak hours typically occur when users arrive to work, or when network equipment reboots. This creates a large amount of authentications requests.
For example, 50,000 employees of a company log on to a network evenly, over a fifteen minute period. This translates to approximately 56 authentications per second as the peak authentication rate. In this case, a single ACS server which does not act as the log collector, can support this peak authentication rate.
Table 1-5 shows the number of authentications a single ACS server can support for different time periods, assuming a minimal rate of 100 authentications per second.
1 second | 100 authentications |
|---|---|
60 seconds | 6000 authentications |
5 minutes | 30000 authentications |
15 minutes | 90000 authentications |
1 hour | 360000 authentications |
There are many factors that affect ACS authentication performance, such as configuration size, policy complexity, communication with external servers and authentication protocol complexity.
Table 1-6 lists the ACS performance for different authentication environments. This performance data represents the lower range of authentication rates observed while testing ACS with complex configurations. The performance is higher for simpler configurations.
Authentication Types | Identity Stores | ||
|---|---|---|---|
Internal | AD | LDAP | |
PAP | 500 | 100 | 800 |
CHAP | 500 | 500 | N/A |
TACACS+ | 400 | 160 | 1200 |
MSCHAP | 500 | 300 | N/A |
PEAP-MSCHAP | 200 | 100 | N/A |
PEAP-GTC | 200 | 100 | 300 |
EAP-TLS | 200 | 180 | 270 |
LEAP | 330 | 280 | N/A |
FAST-MSCHAP | 120 | 120 | N/A |
FAST-GTC | 130 | 110 | 190 |
MAC-Auth Bypass | 750 | N/A | 2000 |
Note 
The above numbers assume fast reconnect and session resume is in use for the applicable EAP methods.
There is an approximate 50% drop in authentication performance if the ACS server is also being used as the log collector for the Monitoring and Report Viewer.
There is an approximate 10% to 15% increase in performance, on the CSACS 1121 appliance than the numbers shown in Table 1-6.
Performance on a virtual machine is slower than on an actual 1120 appliance because of the virtual machine overhead. Performance of a virtual machine increases when you increase the CPU resources.
For virtual machine environments, the minimum requirements are similar to the 1121 appliance. For more information on virtual machine environments, refer to the Installation and Upgrade Guide for the Cisco Secure Access Control System 5.3.
I hope the above clarifies it.
If you find the information provided helpful please rate.
Best Regards.
