Filter
Top Products
2-12
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 2 Deploy the Access Control Servers
Determining How Many ACSs to Deploy (Scalability)
The size of the LAN or WLAN is determined by the number of users who use the LAN or WLAN:
For a detailed formula, see the white paper Deploying Cisco Secure ACS for Windows in Cisco Aironet
Environment, which is available on Cisco.com at this location:
http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_white_papers_list.html
Number of Network Access Servers
An ACS can support up 5,000 discrete network access servers (NASs). You can use the multi-NAS
capability of ACS to increase this number.
LAN Versus WAN Deployment (Number of LANs in the Network)
In general, you should provide one ACS server per LAN. If a backup ACS is required, the backup ACS
may reside on the same LAN or can be an ACS on another LAN.
WAN Latency and Dependability
The distance between LANs in a large network (25,000 to 50,000 users) is also a consideration.
If the network is centralized, one primary ACS and one secondary ACS might be sufficient.
If the network is geographically dispersed, the number of ACS servers required varies with the needs of
the regions. For example:
• Some regions may not need a dedicated ACS.
• Larger regions (regions with over 10,000 users), such as corporate headquarters, might need several
ACSs.
The distance between subnets is also a consideration. If subnets are close together, the connections will
be more reliable, and fewer ACS servers will be needed. Adjacent subnets could serve other buildings
with reliable connections. If the subnets are farther apart, more ACS servers might be needed.
The number of subnets and the number of users on each subnet is also a factor. For example, in a WLAN,
a building may have 400 potential users and the same subnet might comprise four buildings. One ACS
assigned to this subnet will service 1,600 users (about one tenth of the number of current users). Other
buildings could be on adjacent subnets with reliable WAN connections. ACSs on adjacent subnets could
then be used as secondary systems for backup.
If the WAN connections between buildings in this subnet are short, reliable, and pose no issue of network
latency, two ACSs can service all of these buildings and all the users. At 40-percent load, one ACS would
take half of the access points as the primary server, and the other ACS would take the remaining APs.
Each ACS would provide backup for the other. Again, at 40-percent load, a failure of one ACS would
Size Users
Small LAN 1 to 3,000
Medium-sized LAN 3,000 to 25,000
Large LAN 25,000 to 50,000
Very large LAN or WLAN Over 50,000