If you want to do just MAC auth, you may need to choose wpa-psk-aes or wpa-psk-tkip from the above list.
From AAA profile , all you need to do is to choose the mac authentication profile , mac authentication server-group & default-role.
Profile would be your mac address format by default it is none, server-group will be default (internal db on controller) role would be guest by default (but configurable)
To do mac authentication there is no need to enable 802.1x authentication or termination as that going to be optional and required if we need to.
When you enable 802.1x authentication on aaa profile, then first mac-auth will happen for the client followed by 802.1x authentication.
Thank you.