Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Increase or not ACS 5.x cluster

Hi,

how can i now know if my ACS 5 cluster needs another Server?

is there any tool to measure the ocupation of ACS, like CPU and disk size ocupation?

thanks

Antero Vasconcelos

Everyone's tags (2)
2 REPLIES

Increase or not ACS 5.x cluster

Hi,

This is a good question, this really depends on your architecture. Which depends on your deployment, here are a few questions that I would like to know.

Radius or tacacs or both?

if tacacs, how many devices are managed by tacacs? Around how many tacacs authentications per second at the highest peak?

if radius, which eap authentication protocol (eap-tls, peap...) are you performing machine and user authentication?

if radius, what is your reauthentication interface for you users?

How many users do you currently authenticate?

How many current acs servers do you have on your network? Are they dedicated appliances or virtual machines?

Thanks,

Tarik Admani

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*

Re: Increase or not ACS 5.x cluster

Hi,

You know that you need another server when you experience a dely for users when they authenticate and/or if there is high load auth requests on your servers.

From the log collector, login to the ACS view then:

Monitoring and Reports -> Dashboard.

Form there if you go to the "ACS Health" tab then you will have all your server's listed.

Click on one server's name to open a page of all information regarding CPU and Memory utilization, Authentication delay...etc.

You can find those information useful to know how your servers are utilized.

Note that you may distribute the AAA clients among your servers in a better way so that the authentication get distributed almost evenly on all servers. if one server is configured as the primary on all your AAA clients then the primary server will be highly utilized while other servers are almost idle.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
267
Views
0
Helpful
2
Replies