I have a wlan configured on my 5508 with WPA2/802.1x, and I have my radius server's configured to accept connections from clients using EAP-TLS certificates. This is working well.
I do however have a couple of devices that do not support EAP-TLS, and some that just don't support any 802.1x configuration. I enabled mac filtering on the SSID, and expected it to use 802.1x if applicable, and if it fails, then use mac filtering and present the mac address as the username and password to the radius server for authentication.
Is this not how it works?
What I found that happened is it only wanted to use mac filtering for authentication, and not EAP-TLS.