10-06-2020 06:28 PM
Hi,
We intend to deploy ISE 2.6 for a small network.
Based on the Installation Guide, we can configure two nodes.
Node 1: Primary (Admin, Monitoring, Policy)
Node 2: Secondary (Admin, Monitoring, Policy)
My question is, if we need to add another Policy Node for the "Guest Access", could we make it part of the above deployment?
Would this work? or we'd need to create another standalone node for the "Guest Access" with Admin, Monitoring, and Policy personas? and manage it separately?
Thanks.
10-07-2020 12:16 AM
yes, you can use exiting infra what you have.
10-08-2020 04:20 PM
Thanks.
All we need to do is to make?
1st node Primary (Admin, Monitoring, Policy)
2nd node Secondary (Admin, Monitoring, Policy)
3rd Node (Policy only)
10-07-2020 12:20 AM
10-07-2020 07:10 AM
Officially a three node ISE Deployment is not a BU tested and supported deployment methodology. ISE will allow you to add the third node, but it's a grey area because you are between a 2 node standalone deployment and a 4+ node hybrid.
If you want to stay above board, you would really want to go to either 4 or 5 nodes in the deployment.
2x PAN/MNT
2x or 3x PSN
Is there a reason you need to add the PSN specific for guest?
10-08-2020 04:18 PM
The client was using the 5 node hybrid solution, but they would like to reduce the number of nodes as they won't have more than 1500 users.
Also, they would like to keep the Guest Auth separate.
10-08-2020 05:06 PM
If they want to stay above board, then they could go to two separate 2 node deployments, and leverage the same pool of smart licenses, or stay with a 5 node deployment. Officially speaking a 3 node deployment is not a BU tested deployment model. It works in the sense ISE will allow it, they can do it, but it's a grey area since it falls between a standalone and hybrid design.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide