You configure WLC to make APs configure against the Radius Server. On the WLC Web GUI:Security>RADIUS authentication>New> , Add ACS server IP, ASCII Shared secret, port number and check the boxes for
network user, management, IPSEC if used for AAA authentication , On the ACS server: Network Configuration>Add entry>
Add WLC hostname, IP address and matching shared key, for authenticate , using select RADIUS Cisco Aironet or Cisco Airespace if using ACS 4.0 , To configure the WLC so AP's authenticate against ACS: On the WLC: Security>AP Policies>Select the checkbox for Authorize APs against AAA, On the ACS server:, Add a user account for the MAC address of the AP with no dots or dashes, the password will also be the MAC address of the AP with no dots or dashes.