A customer wants to implement Virtual IP redundancy, such that in case of a ClearPass server outage. 802.1x authentications will not be interrupted. The administrator has enabled a single Virtual IP address on two ClearPass servers.
Which statement is true? (Choose two.)
To implement Virtual IP redundancy in ClearPass, the primary node will handle all authentication requests sent to the Virtual IP address when it is active. This ensures there is no interruption in 802.1x authentications if the primary node remains operational. The NAD (Network Access Device) should be configured with the virtual IP address for RADIUS authentications, utilizing the redundancy feature properly. This configuration allows seamless failover to secondary nodes if the primary node becomes unavailable.
from comments under Herman's video (from Jo2241 cooment): "Herman Robers There is no real need. If you want to load-balance between the two devices, it may be good to have two virtual IPs which can mutually fail over. For just redundancy, a single VIP is fine. And you can also still use the radius server backup in your switches, APs, etc, but that in general is slower than a virtual IP on the ClearPass. I found that this works for me, in other situations different approaches may work. Also, if you are at the point where the choice between one or multiple VIPs really makes impact, you probably should have a look at an external network load balancer as that is even faster and much more flexible in how you route/distribute your traffic." BE is correct
If you have two virtual IPs, you can just have no virtual IP, it defeats the whole purpose... I think BE makes the most sense here.
Virtual IP redundancy is an "active / passive" feature. Only one Clearpass server can answer to requests sent to the virtual IP. The NAD must send his requests to the virtual IP in order to benefit from redundancy. Answers are B and E
We should have 2 VIP for redundancy, see Herman's video around 6:00 https://www.youtube.com/watch?v=yUTZcDwaEvM