How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?

How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?

How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-02-25 08:07:43 - last edited 2025-06-20 06:40:28

Background:

 

This post  introduce how to configure MAC-Based Authentication for wireless clients with the Built-in RADIUS of the Omada Controller, ensuring that only clients with authorized MAC addresses are granted network access.

 

This Article applies to:

 

Omada SDN Software Controller V5.15 and above.

Omada Cloud-Based Controllers.

 

Configuration Steps:

 

Step 1. Enable and Configure Built-in RADIUS

 

1. Launch Omada SDN controller, go to Global View > Settings > Server Settings, enable Built-in RADIUS, and click Apply.

 

 

Note: Enable Tunneled Reply: Allow the reply of the Tunneled Reply-related attributes to the device. Only after this switch is enabled can the client be assigned a VLAN.

 

Step 2. Create a Wireless Network

 

1. Go to Site View >  Settings > Wired & Wireless Networks > WLAN, click Create New Wireless Network: choose the security type as WPA-Personal.

 

 

 

Step 3. Create a RADIUS Profile

 

1. Go to Site View, choose Settings > Network Profile > RADIUS Profile, click Edit

 

 

2. Click Add New RADIUS User: select Authentication Type as MAC Authentication, enter the client’s MAC address in a proper format, and then click Apply.

 

 

 

Step 4. Enable MAC-Based Authentication

Go to site’s Settings > Authentication > MAC-Based Authentication to tick MAC-Based Authentication and select the target SSID. Choose Built-in RADIUS Profile as the RADIUS Profile. Set the other configurations (NAS ID / MAC-Based Authentication Fallback Empty Password) and choose the MAC Address Format based on your needs, but note that it must be consistent with the MAC address format that you entered in the Built-in RADIUS Profile.

 

Verification:

 

Connect the phone with the configured MAC address to the created SSID 11114, after input the correct password of the SSID, you will be connected successfully.

 

 

 

Note: Please make sure the Random MAC address option on the phone is disabled, and use the device MAC Address, otherwise, you will be rejected to connect to the network.

You can also import Raduis users via this button:

 

Recommended Threads:

 

How to Shut Down the Switch Port Connected to an EAP to Prevent Intrusion via 802.1X Authentication?

How to Configure Dynamic VLAN with the Built-in RADIUS Server of Omada SDN Controller via User Auth? 

 

Feedback:

 

  • If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
  • If there is anything unclear in this solution post, please feel free to comment below.

 

Thank you in advance for your valuable feedback!

 

------------------------------------------------------------------------------------------------

Have other off-topic issues to report? 

Welcome to > Start a New Thread < and elaborate on the issue for assistance.

  1      
  1      
#1
Options
12 Reply
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-02-25 18:33:10

  @Vincent-TP 

Hi Vincent,

I use this one in one site and it works perfectly since one year, at least!!! :)

 

Thank you,

Fra

  0  
  0  
#2
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-02-26 02:11:19

Hi  @nicolati 

 

Hello! Thank you so much for your continued support and trust in TP-Link products! We're thrilled to hear that you've been using our product for over a year and it's been working perfectly for you! This is the best affirmation of our product quality and stability.

 

  0  
  0  
#3
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-04-28 12:27:00

  @Vincent-TP Hi Vincent! I see that the built-in radius will be discontinued in v6. Can we understand why? Will it come back at some point?

  0  
  0  
#4
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-05-06 03:11:56

Hi  @mimi234 

 

Where did you see this info?

Please share with us the link of some screenshots.

  0  
  0  
#5
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-05-06 06:46:11

  @Vincent-TP 

hi Vincent! I don't have access to that device anymore but there was a pop up notice when setting up OC200 v1 from default settings on the latest beta firmware 

  0  
  0  
#6
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-05-06 07:11:49

Hi  @mimi234 

 

Now I understand what you mean.

 

That's for OC200.

 

 

For other controllers, we will keep this feature. Please feel free.

  0  
  0  
#7
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-05-06 07:28:32

  @Vincent-TP Hi Vincent!

I must say I am surprised why would that be removed from OC200 only. I must say that I'm planning an upgrade from ER7212PC with an external (synology NAS) radius. One of the reasons why I initailly decided to go for OC200 was that the radius server will be built in, but now it turns out that I would need to go for OC300, which is an overkill for my setup and I simply do not have enough space in the place, where I have my equipment. 

 

So the question remains - why do you want to remove it?

  0  
  0  
#8
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-05-07 02:03:37

Hi  @mimi234 

 

You may refer to my reply in the following post:

Keep Open API in OC200 V5.15

  0  
  0  
#9
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-05-07 06:53:59

  @Vincent-TP 

hi Vincent!

thanks. That's what I thought. 
again - as feedback - I can't go for OC300 as it's too big. Consider upgrading OC200 (easier said than done!). I would be happy to pay a bit of premium for upgraded hardware but OC300 is too big (and I'd like to have something poe powered)

 

  0  
  0  
#10
Options
Re:How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
2025-05-07 08:59:44

Hi  @mimi234 

 

You may wait for OC220, it has the similar performance as OC300 and with OC200's size.

  0  
  0  
#11
Options