I've set up MAC authentication on an SSID intended for user-owned devices. I have not configured any security since my intention is to allow only authorized MACs to connect and use the SSID in question.
My understanding is that one needs to enable MAC authentication, choose InternalServer, and then add MAC address as username and password in the internal server database for each device I wish to allow.
I'm finding that clients can connect even though I have not added their MAC addresses to the database.
This is IAP firmware 6.3.1.2-4.0.0.4_42384.
There are 4 access rules in this order:
Allow DNS to All
Allow http to All
Allow https to All
Deny Any to All