Wireless Access

I would like to build an SSID that does *either* MAC or WPA2-PSK authentication.  The situation is that we have very old devices (doing MAC Auth) that we'd like on the same SSID as newer devices (that do support WPA2-PSK).  I've seen the l2-auth-fail-through table and it's a little confusing.  I think it works for one of my requirements, if MAC auth fails, do PSK.  But I can't determine (because the table is vague "fail" versus "-") whether a MAC auth'd machine will be allowed on if it cannot complete PSK.

Thanks in advance for your help!

I think I understand your answer, but so I understand 100% let me ask a different way. 

Assuming I use "l2-auth-fail-through" on a single SSID, is it possible to have the following two users associated?  One has authenticated with MAC-Auth only, the other has authenticated with WPA2-PSK only.

I don't need both authentication methods to ever succeed together (for a single device), I'm simply seeing if I can do one or the other on a single SSID.

Thanks again

There's no such thing as MAC-Auth encryption. If you stand up a WPA2-PSK SSID, that is encrypted, and ALL clients on that SSID would have to support WPA2-PSK encryption on the wireless card. My guess is from your original email, you have older devices that likely are OPEN or WEP only and currently you use MAC Filtering on an Open or WEP-based SSID. In that case, if those clients cannot do WPA2-PSK, you will need two separate SSIDs, or will have to move all clients to the lowest commonly supported WiFi encryption (Open or WEP). 

Your options on a single SSID would be:

    Open

    Open + MAC-Auth

    PSK

    PSK + MAC-Auth

Thanks for helping me out guys, much appreciated