Q: I am setting up Internal 802.1X Authentication on the BSC. The BSC is configured to proxy to RADIUS. Do I need to configure a RADIUS client in the RADIUS server for every single access point or just the BSC?

A: With internal 802.1X both BSAPs and 3rd Party APs are configured to send RADIUS requests to the BSC. The BSC is the RADIUS server and terminates EAP. The BSC then proxies inner methods i.e. PAP, CHAP, MSCHAP, MSCHAPv2 to the external RADIUS server. All RADIUS requests are sourced by the BSC's protected interface IP address and therefore you are not required to configure a RADIUS client in the RADIUS server for every single AP. You only need to configure a RADIUS client in the RADIUS server for the BSC with the protected interface IP address or DNS name.