Cisco Cisco Clean Access 3.5
6-6
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 6 User Management: Auth Servers
Configure an Authentication Provider
RADIUS
The RADIUS authentication client in the Clean Access Manager can support failover between two
RADIUS servers. Basically, this allows the CAM to attempt to authenticate against a pair of RADIUS
servers, trying the primary server first and then failing over to the secondary server if it is unable to
communicate with the primary server. See the Enable Failover and Failover Peer IP field descriptions
below for details.
RADIUS servers. Basically, this allows the CAM to attempt to authenticate against a pair of RADIUS
servers, trying the primary server first and then failing over to the secondary server if it is unable to
communicate with the primary server. See the Enable Failover and Failover Peer IP field descriptions
below for details.
Figure 6-4
Add RADIUS Auth Server
1.
Go to User Management > Auth Servers > New Server.
2.
Authentication Type — Choose Radius from the dropdown menu.
3.
Provider Name — Type a unique name for this authentication provider. Enter a meaningful or
recognizable name if web login users will be able to select providers from the web login page.
recognizable name if web login users will be able to select providers from the web login page.
4.
Server Name – The fully qualified host name (e.g., auth.cisco.com) or IP address of the RADIUS
authentication server.
authentication server.
5.
Server Port – The port number on which the RADIUS server is listening.
6.
Radius Type – The RADIUS authentication method. Supported methods include: EAPMD5, PAP,
CHAP, MSCHAP, and MSCHAP2
CHAP, MSCHAP, and MSCHAP2
7.
Timeout (sec) – The timeout value for the authentication request.
8.
Default Role — Choose the user role assigned to users authenticated by this provider. This default
role is used if not overridden by a role assignment based on MAC address or IP address, or if
RADIUS mapping rules do not result in a successful match.
role is used if not overridden by a role assignment based on MAC address or IP address, or if
RADIUS mapping rules do not result in a successful match.
9.
Shared Secret – The RADIUS shared secret bound to the specified client’s IP address.