Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1488
Views
5
Helpful
6
Replies

ISE 2.6 Small Network Deployment Query

dot1x
Level 3
Level 3

‎10-06-2020 06:28 PM

Hi,

 

We intend to deploy ISE 2.6 for a small network.

Based on the Installation Guide, we can configure two nodes.

Node 1: Primary (Admin, Monitoring, Policy)

Node 2: Secondary (Admin, Monitoring, Policy)

 

My question is, if we need to add another Policy Node for the "Guest Access", could we make it part of the above deployment?

Would this work? or we'd need to create another standalone node for the "Guest Access" with Admin, Monitoring, and Policy personas? and manage it separately?

Thanks.

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎10-07-2020 12:16 AM

yes, you can use exiting infra what you have.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

dot1x
Level 3
Level 3
In response to balaji.bandi

‎10-08-2020 04:20 PM

Thanks.

All we need to do is to make?

1st node Primary (Admin, Monitoring, Policy)

2nd node Secondary (Admin, Monitoring, Policy)

3rd Node (Policy only)

0 Helpful

jewfcb001
Level 4
Level 4

‎10-07-2020 12:20 AM

@dot1x 

 

I accept from balaji recommend . You can use existing infra. 

0 Helpful

Damien Miller
VIP Alumni
VIP Alumni

‎10-07-2020 07:10 AM

Officially a three node ISE Deployment is not a BU tested and supported deployment methodology. ISE will allow you to add the third node, but it's a grey area because you are between a 2 node standalone deployment and a 4+ node hybrid. 

If you want to stay above board, you would really want to go to either 4 or 5 nodes in the deployment. 
2x PAN/MNT
2x or 3x PSN

 

Is there a reason you need to add the PSN specific for guest? 

0 Helpful

dot1x
Level 3
Level 3
In response to Damien Miller

‎10-08-2020 04:18 PM

The client was using the 5 node hybrid solution, but they would like to reduce the number of nodes as they won't have more than 1500 users.

Also, they would like to keep the Guest Auth separate.

0 Helpful

Damien Miller
VIP Alumni
VIP Alumni
In response to dot1x

‎10-08-2020 05:06 PM

If they want to stay above board, then they could go to two separate 2 node deployments, and leverage the same pool of smart licenses, or stay with a 5 node deployment. Officially speaking a 3 node deployment is not a BU tested deployment model. It works in the sense ISE will allow it, they can do it, but it's a grey area since it falls between a standalone and hybrid design. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents