aaa group server radius rad_eap1
server 10.1.2.9 auth-port 1812 acct-port 1813
server 10.1.2.10 auth-port 1812 acct-port 1813
!
...
...
aaa authentication login eap_methods1 group rad_eap1
dot11 vlan-name healthy vlan 555
!
...
...
dot11 ssid VSW
vlan 555
authentication open eap eap_methods1
mobility network-id 555
!
...
...
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 556 key 1 size 128bit xxx transmit-key
encryption vlan 556 mode ciphers wep128
!
encryption vlan 555 key 1 size 128bit xxx transmit-key
encryption vlan 555 mode ciphers wep128
!
ssid VSW
!
!
...
...
radius-server host 10.1.2.9 auth-port 1812 acct-port 1813 timeout 6 retransmit 3 key 7 02110D5D02
radius-server host 10.1.2.10 auth-port 1812 acct-port 1813 timeout 6 retransmit 3 key 7 02110D5D02
In this config I use WEP encryption with Open Eap authentication, client authenticates by ACS server, and only there you must configure the type of authentication (TLS, MSCHAP, FAST), on access point you can't configure the type of authentication, you must use only this command "authentication open eap eap_methods"