UniFi Network - 802.1X Control (Advanced)

2023-05-29 21:50:18 UTC

This article describes how to configure 802.1X Control on UniFi switches to authenticate wired client devices. 

Requirements & Notes

  • A UniFi gateway or UniFi Gateway Console is required to run RADIUS.
  • A third-party RADIUS server can be used by creating a new RADIUS profile.
  • 802.1X Control mode 'Auto' requires the usage of a third-party RADIUS server.
  • The fallback VLAN is used when a client device fails to authenticate.

Configuring MAC-Based Authentication

1. Enable 802.1X Control for all or individual UniFi switches and optionally specify the Fallback VLAN.

  • All - Settings > Networks > Global Switch Settings > 802.1X Control
  • Individual - UniFi Devices > select switch > Settings > Advanced > 802.1X Control

2. Select the Default RADIUS profile when using a UniFi gateway or Create New RADIUS profile when using a third-party RADIUS server.

3. Create the RADIUS users that match the MAC addresses of the wired clients.

Settings > Profiles > RADIUS > Default > Create New RADIUS User

  • Username - Mac address in capital letters without any dashes or colons, for example ABCDEF123456.
  • Password - Mac Address in capital letters without any dashes or colons, for example ABCDEF123456.
  • VLAN ID - 0
  • Tunnel Type - None
  • Tunnel Medium Type - None


4. Create a new Port Profile and select MAC-based under the Advanced settings.

Settings > Profiles > Switch Ports > Create New Port Profile

  • Native Network - Default or specific network
  • Allowed Networks - None
  • Voice Network - None
  • 802.1X Control (Advanced) - MAC-based


5. Apply the 802.1X Control profile to the port(s) on the UniFi switch where a wired client device is connected.

UniFi Devices > select switch > Ports > Port Manager > select port(s) > Port Profile 

Was this article helpful?
139 out of 346 found this helpful