Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentCisco Access Registrar 4.2
11121314151617181920
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 16 of 42
You can calculate the load on ACS by applying this formula: (session length)/(number of connections). Using a value
of 25 connections per access point and a 10-minute (600-second) session timeout to force WEP rekeying, you get
600/25 = 24 seconds/connection, which translates into 1 transaction every 24 seconds, or 1/24 (0.042) transactions
per second. Table 5-1 below shows the transaction requirements for ACS based on the number of fully loaded access
points being supported by a single ACS system.
Fromthistablewecansee that a single ACS couldsupportabout1,000accesspointswith a rekey time of 10 minutes.
Astherekeytimeis extended, the number of access pointsthataACScansupport increases. Conversely, any decrease
in rekey time or increase in number of users per AP results in an increase of TPS and a lowering in the number of
access points that a ACS can support.
Note that this does not take into account issues of network latency and loading, delays caused by external database
usage, or network topographical issues.
Note:
You canuse Table 5-2to determine the scalability of other RADIUS servers using EAP-TLS if you know the
maximum number of transactions per second the RADIUS server can support when running EAP-TLS.
From a practical standpoint, the RADIUS server should be inside the general network, preferably within a secure
subnet designated for servers, such as Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS),
and so on. You should avoid requiring RADIUS requests to travel over WAN connections because of possible
network delays and loss ofconnectivity. This is not alwayspossible because of various reasons (that is,small, remote
subnets requiring authentication support from the enterprise intranet). These issues are illustrated in Figure 5-6.
Table 5-2 RADIUS Server Loading
Number of
Access Points
Number of
Connections
Session
Duration
(Minutes)
Session
Duration
(Seconds)
Session
Duration Per
Connection
Transactions
Per Second
(TPS)
1 25 10 600 24 0.042
1 25 30 1800 72 0.014
1 25 60 3600 144 0.007
10 250 10 600 2.4 0.417
10 250 30 1800 7.2 0.139
10 250 60 3600 14.4 0.069
100 2500 10 600 0.24 4.167
100 2500 30 1800 0.72 1.389
100 2500 60 3600 1.44 0.694
1000 25000 10 600 0.024 41.667
1000 25000 30 1800 0.072 13.889
1000 25000 60 3600 0.144 6.944