@bigtone wrote:
I don't want to authenticate using mac address, I want to authenticate using wpa2. I just want to filter which ones are allowed to use wpa2 psk. I did find that I could probably just create a mac policy and add each person's mac address that I want to allow.
The answer is, first create a wireless network or Virtual AP that allows you to do WPA2-PSK and get that working. After that, go back into the AAA profile of that WLAN and add a mac authentication profile as well as a mac authentication server group. That will add mac authentication to that WLAN. If a devices does not pass mac authentication, it will simply not be able to get on.
In 6.1 in the AAA profile there is a parameter called l2 failthrough, where if it does not pass mac authentication, it will then allow devices to get on using WPA2-PSK or 802.1x or whatever the SSID is configured for.