RADIUS-Based MAC Authentication and 802.1X

RADIUS-based MAC Authentication (802.1X) allows you to use your database of MAC Addresses to authenticate wired and wireless clients connecting to your network.

Note: If you don't already have a RADIUS server configured with MAC addresses, or you have a small quantity of devices, consider using the MAC Access Control List option.

Configure a RADIUS Profile

  1. Navigate to Settings > Profiles > RADIUS.
    1. If using a UniFi Gateway, select the Default RADIUS profile.
    2. If using a third-party RADIUS server, select Create New.
  2. Create a new RADIUS User with the following settings:
    1. Username & Password: MAC Address of the device
      1. Every User’s MAC Address must be formatted the same way (ex., aabbccddeeff, aa-bb-cc-dd-ee-ff, aa:bb:cc:dd:ee:ff, or AABBCCDDEEFF)
    2. VLAN ID: Optionally add a VLAN ID to assign the client. If it is left blank, the client will be assigned to the VLAN associated with the switch port or WiFi it is connected to.
      1. If a VLAN is added:
        1. Tunnel Type: None
        2. Tunnel Medium Type: None
      2. If no VLAN is added:
        1. Tunnel Type: 13
        2. Tunnel Medium Type: 6

Note: MAC-based authentication accounts can only be used for wireless and wired clients. L2TP remote access does not apply.

Apply the Profile

Wireless Devices

  1. Navigate to Settings > WiFi and select your WiFi
  2. In your WiFi Settings, enable RADIUS MAC Authentication.
    1. Select the MAC Address Format that matches the format you’ve used (see point 2.a.i of Configure a RADIUS Profile, above)

Wired Devices

To apply this globally, go to Settings > Networks > Global Switch Settings. To individually configure a port, follow these steps:

  1. Navigate to Settings > Profiles > Ethernet Ports
  2. Create a New Profile with the following settings:
    1. Primary Network: Default or another specific network
    2. 802.1X Control: MAC-based
  3. Navigate to a UniFi Switch’s Port Manager.
    1. UniFi Devices > Select a Switch > Port Manager
  4. Select your port.
  5. Select Ethernet Port Profile and choose the profile you’ve just built.
  6. Apply Changes.
Was this article helpful?
216 out of 540 found this helpful