This article describes how to configure 802.1X Control on UniFi switches to authenticate wired client devices.
Requirements & Notes
- A UniFi gateway or UniFi OS Console with a built-in gateway is required to run RADIUS.
- A third-party RADIUS server can be used by creating a new RADIUS profile.
- 802.1X Control mode ‘Auto’ requires the usage of a third-party RADIUS server.
- The fallback VLAN is used when a client device fails to authenticate.
Configuring MAC-Based Authentication
1. Enable 802.1X Control for all or individual UniFi switches and optionally specify the Fallback VLAN.
- All – Settings > Networks > Global Switch Settings > 802.1X Control
- Individual – UniFi Devices > select switch > Settings > Advanced > 802.1X Control
2. Select the Default RADIUS profile when using a UniFi gateway or Create New RADIUS profile when using a third-party RADIUS server.
3. Create the RADIUS users that match the MAC addresses of the wired clients.
Settings > Profiles > RADIUS > Default > Create New RADIUS User
- Username – Mac address in capital letters without any dashes or colons, for example ABCDEF123456.
- Password – Mac Address in capital letters without any dashes or colons, for example ABCDEF123456.
- VLAN ID – 0
- Tunnel Type – None
- Tunnel Medium Type – None
4. Create a new Port Profile and select MAC-based under the Advanced settings.
Settings > Profiles > Switch Ports > Create New Port Profile
- Native Network – Default or specific network
- Allowed Networks – None
- Voice Network – None
- 802.1X Control (Advanced) – MAC-based
5. Apply the 802.1X Control profile to the port(s) on the UniFi switch where a wired client device is connected.
UniFi Devices > select switch > Ports > Port Manager > select port(s) > Port ProfileĀ
Source :
https://help.ui.com/hc/en-us/articles/115004589707-UniFi-Network-802-1X-Control-Advanced-