I am considering the same issue, but only have about 20 APs. We have 2 Radius servers, one is local the other is across the WAN. Performance is about the same across the WAN so it's not a problem when the APs fail over to my backup radius server. On the other hand, I have some units which are in manufacturing so they are more critical. If one server had a problem and the WAN went down at the same time, I could have a serious problem. I configured one access point with the local radius server enabled and one user name on it. In the unlikely yet possible event that both radius servers are unavailable, the access points will fall down to the third radius server (another access point), and I can use one user name to authenticate my critical clients. Since both radius servers have to be down for the APs to authenticate to the local AP, that logon will not function normally. On the client side, the normal profile will use the radius account, but the backup profile will have the local AP login which needs to be LEAP or EAP-FAST enabled. It will only work when the radius servers are down so it is fairly secure, but not secure enough for some installations. I plan to change the password on the AP when it is not needed just to be sure it can't be used. The client profiles should automatically connect if the first one fails. It's not ideal but works. If you can't get a second radius server you could do something similar.
I have one user name that works with EAP-FAST to radius and to the AP's local radius. That one user profile works on all three so a second client profile is not needed for that user name. The password must be kept syncronized though.
R Duke
