RADIUS-based MAC Authentication (802.1X) allows you to use your database of MAC Addresses to authenticate wired and wireless clients connecting to your network.
Note: If you don't already have a RADIUS server configured with MAC addresses, or you have a small quantity of devices, consider using the MAC Access Control List option.
Configure a RADIUS Profile
- Navigate to Settings > Profiles > RADIUS.
- If using a UniFi Gateway, select the Default RADIUS profile.
- If using a third-party RADIUS server, select Create New.
- Create a new RADIUS User with the following settings:
Username & Password: MAC Address of the device
- Every User’s MAC Address must be formatted the same way (ex., aabbccddeeff, aa-bb-cc-dd-ee-ff, aa:bb:cc:dd:ee:ff, or AABBCCDDEEFF)
- For UniFi Gateways, the MAC address format must be AABBCCDDEEFF for both the username and password.
- VLAN ID: 0
- Tunnel Type: None
- Tunnel Medium Type: None
- Username & Password: MAC Address of the device
Note: MAC-based authentication accounts can only be used for wireless and wired clients. L2TP remote access does not apply.
Apply the Profile
- Navigate to Settings > WiFi and select your WiFi
- In your WiFi Settings, enable RADIUS MAC Authentication.
- Select the MAC Address Format that matches the format you’ve used (see point 2.a.i of Configure a RADIUS Profile, above)
To apply this globally, go to Settings > Networks > Global Switch Settings. To individually configure a port, follow these steps:
- Navigate to Settings > Profiles > Ethernet Ports
Create a New Profile with the following settings:
- Primary Network: Default or another specific network
- 802.1X Control: MAC-based
- Navigate to a UniFi Switch’s Port Manager.
- UniFi Devices > Select a Switch > Port Manager
- Select your port.
- Select Ethernet Port Profile and choose the profile you’ve just built.
- Apply Changes.