For ISE NAC WLANs, the MAC authentication request is always sent to the external RADIUS server. The MAC authentication is
not validated against the local database. This functionality is applicable to Releases 8.5, 8.7, 8.8, and later releases via
the fix for CSCvh85830.
Previously, if MAC filtering was configured, the controller tried to authenticate the wireless clients using the local MAC
filter. RADIUS servers were attempted only if the wireless clients were not found in the local MAC filter.