cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1167
Views
5
Helpful
6
Replies

ISE 2.6 Small Network Deployment Query

dot1x
Participant
Participant

Hi,

 

We intend to deploy ISE 2.6 for a small network.

Based on the Installation Guide, we can configure two nodes.

Node 1: Primary (Admin, Monitoring, Policy)

Node 2: Secondary (Admin, Monitoring, Policy)

 

My question is, if we need to add another Policy Node for the "Guest Access", could we make it part of the above deployment?

Would this work? or we'd need to create another standalone node for the "Guest Access" with Admin, Monitoring, and Policy personas? and manage it separately?

Thanks.

6 REPLIES 6

balaji.bandi
VIP Guru VIP Guru
VIP Guru

yes, you can use exiting infra what you have.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks.

All we need to do is to make?

1st node Primary (Admin, Monitoring, Policy)

2nd node Secondary (Admin, Monitoring, Policy)

3rd Node (Policy only)

jewfcb001
Participant
Participant

@dot1x 

 

I accept from balaji recommend . You can use existing infra. 

Damien Miller
VIP Advisor VIP Advisor
VIP Advisor

Officially a three node ISE Deployment is not a BU tested and supported deployment methodology. ISE will allow you to add the third node, but it's a grey area because you are between a 2 node standalone deployment and a 4+ node hybrid. 

If you want to stay above board, you would really want to go to either 4 or 5 nodes in the deployment. 
2x PAN/MNT
2x or 3x PSN

 

Is there a reason you need to add the PSN specific for guest? 

The client was using the 5 node hybrid solution, but they would like to reduce the number of nodes as they won't have more than 1500 users.

Also, they would like to keep the Guest Auth separate.

If they want to stay above board, then they could go to two separate 2 node deployments, and leverage the same pool of smart licenses, or stay with a 5 node deployment. Officially speaking a 3 node deployment is not a BU tested deployment model. It works in the sense ISE will allow it, they can do it, but it's a grey area since it falls between a standalone and hybrid design. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: