Table of Contents

Unifi Dream Machine MAC Authentication

This guide explains how to configure MAC-based authentication (802.1x) on a Unifi Dream Machine using RADIUS. MAC authentication allows devices without user credentials to be authenticated onto your network using their MAC address.

Enable 802.1x Control on Networks

  1. Go to Settings → Networks.
  2. Under Global Switch Settings, check the box to enable 802.1x Control.
  3. Select RADIUS Profile (Default).
  4. Select Fallback VLAN.

Configure WiFi for RADIUS MAC Authentication

  1. Go to Settings → WiFi.
  2. Select the WiFi network you want to secure.
  3. Check the box to enable RADIUS MAC Authentication.
  4. Select MAC Address Format (e.g., aa:bb:cc:dd:ee:ff).
  5. Select Security Protocol (WPA-Enterprise).

Configure RADIUS Profile and Add Users

  1. Go to Settings → Profile → RADIUS.
  2. Select the Default profile.
  3. Check the boxes for Wired and Wireless Networks.
  4. Click Create New RADIUS User.
  5. Enter the following information for a MAC-authenticated device:
    • Username: Enter the MAC address (use the selected format).
    • Password: Enter the MAC address (use the selected format).
    • VLAN ID: Enter the desired VLAN.
    • Tunnel Type: 13 – Virtual LANs (VLAN).
    • Tunnel Medium Type: 6 – 802 (includes all 802 media plus Ethernet canonical format).
  6. Click Create User.

To add a standard user (not MAC-based):

  • Username: Enter User ID for the user.
  • Password: Enter a password for the user.
  • VLAN ID: Enter 0.
  • Tunnel Type: Leave as None.
  • Tunnel Medium Type: Leave as None.

Configure a New Host in RADIUS

To add a new device for MAC authentication:

  1. Go to Settings → Profile → RADIUS.
  2. Select the Default profile.
  3. Click Create New RADIUS User.
  4. Enter the following information:
    • Username: Enter MAC address (use selected format).
    • Password: Enter MAC address (use selected format).
    • VLAN ID: Enter desired VLAN.
    • Tunnel Type: 13 – Virtual LANs (VLAN).
    • Tunnel Medium Type: 6 – 802 (includes all 802 media plus Ethernet canonical format).
  5. Click Create User.

Note:

  • MAC authentication is less secure than user-based authentication, as MAC addresses can be spoofed. Use with caution and consider additional security controls.
  • Always use the MAC address format selected in the WiFi settings for both username and password fields.

For more details, refer to the Unifi documentation

Edit this page