Cloud Gateways WiFi Switching Camera Security Door Access New Integrations Accessory Tech Identity
UISP
Support Dropdown arrow
Store
User
Help Center UniFi Help Articles UISP Help Articles Community UniFi Design Center UISP Design Center Contact Support Tech Specs Large Project Assistance Professional Phone Support
Sign Up UniFi Site Manager
Ubiquiti Logo Ubiquiti Logo
User User
Sign Up UniFi Site Manager
Cloud Gateways WiFi Switching Cameras & Security Door Access New Integrations Accessory Tech Identity UISP Store

Support

Help Center UniFi Help Articles UISP Help Articles Community Contact Support Tech Specs Large Project Assistance Professional Phone Support

Social

Facebook Twitter Youtube Instagram

Company

Careers Contact Us Investors

Training

Courses Calendar Trainers Become a Trainer

Tools

WiFiman UniFi Design Center UISP Design Center
  1. Ubiquiti Support and Help Center
  2. UniFi
  3. Network
  4. Advanced
Help Center
Back to Top

RADIUS-Based MAC Authentication and 802.1X

2023-12-05 19:20:05 UTC

RADIUS-based MAC Authentication (802.1X) allows you to use your database of MAC Addresses to authenticate wired and wireless clients connecting to your network.

Note: If you don't already have a RADIUS server configured with MAC addresses, or you have a small quantity of devices, consider using the MAC Access Control List option.

Configure a RADIUS Profile

  1. Navigate to Settings > Profiles > RADIUS.
    1. If using a UniFi Gateway, select the Default RADIUS profile.
    2. If using a third-party RADIUS server, select Create New.
  2. Create a new RADIUS User with the following settings:
    1. Username & Password: MAC Address of the device
      1. Every User’s MAC Address must be formatted the same way (ex., aabbccddeeff, aa-bb-cc-dd-ee-ff, aa:bb:cc:dd:ee:ff, or AABBCCDDEEFF)
      2. For UniFi Gateways, the MAC address format must be AABBCCDDEEFF for both the username and password.
    2. VLAN ID: 0
    3. Tunnel Type: None
    4. Tunnel Medium Type: None

Note: MAC-based authentication accounts can only be used for wireless and wired clients. L2TP remote access does not apply.

Apply the Profile

Wireless Devices

  1. Navigate to Settings > WiFi and select your WiFi
  2. In your WiFi Settings, enable RADIUS MAC Authentication.
    1. Select the MAC Address Format that matches the format you’ve used (see point 2.a.i of Configure a RADIUS Profile, above)

Wired Devices

To apply this globally, go to Settings > Networks > Global Switch Settings. To individually configure a port, follow these steps:

  1. Navigate to Settings > Profiles > Ethernet Ports
  2. Create a New Profile with the following settings:
    1. Primary Network: Default or another specific network
    2. 802.1X Control: MAC-based
  3. Navigate to a UniFi Switch’s Port Manager.
    1. UniFi Devices > Select a Switch > Port Manager
  4. Select your port.
  5. Select Ethernet Port Profile and choose the profile you’ve just built.
  6. Apply Changes.
Was this article helpful?
174 out of 438 found this helpful