It looks like "Token Server" template may work to setup an external radius server. It looks like clearpass acts as a RADIUS proxy in this case. I set it up and did some tests with a bogus account and with clearpass packet capture i see the radius request go out with "AVP - proxy state" defined.. I also see the external radius sever sends "access-rejects" in response to the proxy requests. its rejected because I used a bogus account.
But seems like this would work... It makes sense since AmigoPod claimed that it could talk to external RADIUS servers a while back. I guess it doesn't matter anymore since 6.5 has explicit support for external radius. My guess is that its similar setup to the token server on 6.4.
Thanks for pointing out the 6.5 support bit. I'll play with that when I upgrade.