Hello,

Here's what I would use. The AP is actually unaware of the EAP type:

aaa group server radius rad_eap

server RADIUS_IP auth-port 1812 acct-port 1813

!

aaa authentication login eap_methods group rad_eap

aaa authorization exec default local

aaa session-id common

!

!

dot11 ssid SSID_PRIVATE

VLAN X

authentication open eap eap_methods

authentication key-management wpa

guest-mode

!

!

username cisco password 0 cisco

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan x mode ciphers aes-ccm

broadcast-key vlan x change 360

!

ssid SSID_PRIVATE

!

interface Dot11Radio0.x

encapsulation dot1Q x

!

interface FastEthernet0.x

encapsulation dot1Q x

radius-server attribute 32 include-in-access-req format %h

radius-server host RADIUS_IP auth-port 1812 acct-port 1813 key 0 RADIUS_KEY

radius-server timeout 30

radius-server vsa send accounting

Serge