Cisco Cisco Clean Access 3.5

The RADIUS authentication client in the Clean Access Manager can support failover between two 
RADIUS servers. Basically, this allows the CAM to attempt to authenticate against a pair of RADIUS 
servers, trying the primary server first and then failing over to the secondary server if it is unable to 
communicate with the primary server. See the Enable Failover and Failover Peer IP field descriptions 
below for details. 

Go to User Management > Auth Servers > New Server.

Authentication Type — Choose Radius from the dropdown menu. 

Provider Name — Type a unique name for this authentication provider. Enter a meaningful or 
recognizable name if web login users will be able to select providers from the web login page.

Server Name – The fully qualified host name (e.g., auth.cisco.com) or IP address of the RADIUS 
authentication server. 

Server Port – The port number on which the RADIUS server is listening. 

Radius Type – The RADIUS authentication method. Supported methods include: EAPMD5, PAP, 
CHAP, MSCHAP, and MSCHAP2

Timeout (sec) – The timeout value for the authentication request. 

Default Role — Choose the user role assigned to users authenticated by this provider. This default 
role is used if not overridden by a role assignment based on MAC address or IP address, or if 
RADIUS mapping rules do not result in a successful match.

Shared Secret – The RADIUS shared secret bound to the specified client’s IP address.