We intend to deploy ISE 2.6 for a small network.
Based on the Installation Guide, we can configure two nodes.
Node 1: Primary (Admin, Monitoring, Policy)
Node 2: Secondary (Admin, Monitoring, Policy)
My question is, if we need to add another Policy Node for the "Guest Access", could we make it part of the above deployment?
Would this work? or we'd need to create another standalone node for the "Guest Access" with Admin, Monitoring, and Policy personas? and manage it separately?
Officially a three node ISE Deployment is not a BU tested and supported deployment methodology. ISE will allow you to add the third node, but it's a grey area because you are between a 2 node standalone deployment and a 4+ node hybrid.
If you want to stay above board, you would really want to go to either 4 or 5 nodes in the deployment.
2x or 3x PSN
Is there a reason you need to add the PSN specific for guest?
If they want to stay above board, then they could go to two separate 2 node deployments, and leverage the same pool of smart licenses, or stay with a 5 node deployment. Officially speaking a 3 node deployment is not a BU tested deployment model. It works in the sense ISE will allow it, they can do it, but it's a grey area since it falls between a standalone and hybrid design.