Chapter 1 Overview
Cisco Secure ACS Specifications
User Guide for Cisco Secure ACS for Windows Server
•Maximum users supported by the CiscoSecure user database—There is
no theoretical limit to the number of users the CiscoSecure user database can
support. We have successfully tested Cisco Secure ACS with databases in
excess of 100,000 users. The practical limit for a single Cisco Secure ACS
authenticating against all its databases, internal and external, is 300,000 to
500,000 users. This number increases significantly if the authentication load
is spread across a number of replicated Cisco Secure ACSes.
•Transactions per second—Authentication and authorization transactions
per second is dependent on many factors, most of which are external to
Cisco Secure ACS. For example, high network latency in communication
with an external user database lowers the transactions per second that
Cisco Secure ACS can perform.
•Maximum number of AAA clients supported—Cisco Secure ACS can
support AAA services for approximately 5000 AAA client configurations.
This limitation is primarily a limitation of the Cisco Secure ACS HTML
interface. Performance of the HTML interface degrades when Cisco Secure
ACS has more than approximately 5000 AAA client configurations.
However, a AAA client configuration in Cisco Secure ACS can represent
more than one physical network device, provided that the network devices use
the same AAA protocol and use the same shared secret. If you make use of
this ability, the number of actual AAA clients supported approaches 20,000.
If your network has several thousand AAA clients, we recommend using
multiple Cisco Secure ACSes and assigning no more than 5000 AAA clients
to each Cisco Secure ACS. For example, if you have 20,000 AAA clients, you
could use four Cisco Secure ACSes and divide the AAA client load among
them so that no single Cisco Secure ACS manages more than 5000 AAA
client configurations. If you use replication to propagate configuration data
among Cisco Secure ACSes, limit replication of AAA client data to
Cisco Secure ACSes that serve the same set of AAA clients.
Cisco Secure ACS Windows Services
Cisco Secure ACS operates as a set of Microsoft Windows services and controls
the authentication, authorization, and accounting of users accessing networks.