Filter
Top Products
2-11
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 2 Deploy the Access Control Servers
Determining How Many ACSs to Deploy (Scalability)
Placement of the RADIUS Server
From a practical standpoint, the RADIUS server should be inside the general network, preferably within
a secure subnet designated for servers, such as DHCP, Domain Name System (DNS), and so on. You
should avoid requiring RADIUS requests to travel over WAN connections because of possible network
delays and loss of connectivity. Due to various reasons, this type of configuration is not always possible;
for example, with small remote subnets that require authentication support from the enterprise.
You must also consider backup authentication. You may use a system that is dedicated as the RADIUS
secondary. Or, you may have two synchronized systems that each support a different network segment
but provide mutual backup if one fails. Refer to the documentation for your RADIUS server for
information on database replication and the use of external databases.
Determining How Many ACSs to Deploy (Scalability)
A number of factors affect the scalability of an ACS installation (that is, how effectively each ACS can
process user access requests) and how many ACS servers you should deploy in the network.
For detailed information on scalability considerations, see the following white papers on ACS
deployment, which are available on Cisco.com at:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_white_papers_list.html
• Building a Scalable TACACS+ Device Management Framework
• Catalyst Switching and ACS Deployment Guide
• Deploying Cisco Secure ACS for Windows in Cisco Aironet Environment
• EAP-TLS Deployment Guide for Wireless LAN Networks
• Guidelines for Placing ACS in the Network
This section contains:
• Number of Users, page 2-11
• Number of Network Access Servers, page 2-12
• LAN Versus WAN Deployment (Number of LANs in the Network), page 2-12
• WAN Latency and Dependability, page 2-12
• Determining How Many ACS Servers to Deploy in Wireless Networks, page 2-13
Number of Users
In all topologies, the number of users is an important consideration. For example, assuming that an ACS
can support 21,000 users, if an wireless access point can support 10 users, then a given ACS could
support 2,100 wireless access points in a WLAN environment.