Q: I am setting up Transparent 802.1x Authentication on the BSC. Do I need to configure a RADIUS client in the RADIUS server for every single access point or just the BSC?
A: With Transparent 802.1x both BSAPs and 3rd Party APs are configured to send RADIUS requests to the RADIUS server. BSAPs however tunnel these requests in EtherIP (IP Protocol 97) to the BSC and the BSC then forwards them on to the RADIUS server. All RADIUS requests from the BSAPs are sourced by the BSC's protected interface IP address and therefore you are not required to configure a RADIUS client in the RADIUS server for every single BSAP. You only need to configure a RADIUS client in the RADIUS server for the BSC with the protected interface IP address or DNS name.
3rd Party access points however do not tunnel RADIUS request to the BSC and therefore you are required to configure a RADIUS client in the RADIUS server for every single 3rd Party AP. Alternatively configure a RADIUS client in the RADIUS server for the 3rd Party APs with an IP range.