We donot have ISE in our network.

I am looking for the options that I can configure along with 802.1x without RADIUS server.

If you dont have RADIUS then there is no other option.

 Can  static WEP be combined? Can the MAC filtering be combined here along with 802.1x?

I have the APs joining this WLC on flexconnect mode.

you can combine: Static-WEP+ 802.1x  

more info about layer 2 and layer 3 security comptibility :

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/106082-wlc-compatibility-matrix.html

Regards

Dont forget to rate helpful posts

Basically, I am  looking for a solution that would provide 802.1x authentication for non domain clients. So this would involve L2 security as WPA+WPA2 and Authentication key management as 802.1x without a RADIUS server. Is this solution possible?

 As  a second option, can I have  WLC based WPA2 Personal (AES) + Client MAC Address Authentication.?

All the APs are on flex connect mode.

HI,

For 802.1x you need a RADIUS server else it will not work.

for your 2nd option(WPA2/AES+MAC filetr): Yes its possible but you need to enter all the MAC address in WLC locally.

FYI: The local user database in WLC is limited to a maximum of 2048 entries and is set to a default value of 512 entries. 

Regards

Dont forget to rate helpful posts

Cool.

So, the Layer2 security WPA+WPA2 and authentication key management as 802.1x and mac filtering will work?

The Aps are in flexconnect mode..  Would this combination work?

I notice in the WLC footnotes that mac filtering is not supported for flexconnect APs.

yes you are right..

MAC Filtering is not supported on FlexConnect access points in standalone mode. 

Regards

Dont forget to rate helpful posts