The Clean Access Server (CAS) acts as the gateway between the untrusted and trusted networks in a
Cisco Clean Access deployment. The Clean Access Server enforces the policies you defined in the Clean
Access Manager web admin console, including network access privileges, authentication requirements,
bandwidth restrictions, and Cisco Clean Access client system requirements.

Other services the Clean Access Server can perform include DHCP address allocation, network address
translation, and traffic routing services. For wireless clients, the CAS supports subnet roaming and
traffic encryption.

For user authentication, the Clean Access Server can validate user credentials locally, or it can relay
them to an external source for validation. The CAS works with the following authentication mechanisms:
Kerberos, LDAP, RADIUS, Windows NT, S/Ident, transparent Windows, and transparent 802.1x.

The Clean Access Server gets many of its runtime parameters from the Clean Access Manager and must
be added to the domain of a Clean Access Manager before it can operate. Once it is added to the Clean
Access Manager, the Clean Access Server is configured and monitored through the web administration
console.