The Radius Server itself is called centalized authentication facilityand the purpose of radius is to provide an authentication facility that involves less confusion. You can configure the Root AP with a local MAC list of devices that may associate, and with a static WEP key.
This is how it works:
The access point receives the authentication request and checks the local database of users to verify that the request is accompanied by a valid user name and password.If the user is not found on the local list, or if local authentication fails (User found, but incorrect password), the access point determines if a remote authentication server has been configured to handle authentication requests.
Check this out:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350scg/ap350ch8.htm#1076671