Configuration Guide How to Configure MAC-Based Authentication on Omada SDN Controller with the Built-in RADIUS Server?
Background:
This post introduce how to configure MAC-Based Authentication for wireless clients with the Built-in RADIUS of the Omada Controller, ensuring that only clients with authorized MAC addresses are granted network access.
This Article applies to:
Omada SDN Software Controller V5.15 and above.
Omada Cloud-Based Controllers.
Configuration Steps:
Step 1. Enable and Configure Built-in RADIUS
1. Launch Omada SDN controller, go to Global View > Settings > Server Settings, enable Built-in RADIUS, and click Apply.

Note: Enable Tunneled Reply: Allow the reply of the Tunneled Reply-related attributes to the device. Only after this switch is enabled can the client be assigned a VLAN.
Step 2. Create a Wireless Network
1. Go to Site View > Settings > Wired & Wireless Networks > WLAN, click Create New Wireless Network: choose the security type as WPA-Personal.

Step 3. Create a RADIUS Profile
1. Go to Site View, choose Settings > Network Profile > RADIUS Profile, click Edit

2. Click Add New RADIUS User: select Authentication Type as MAC Authentication, enter the client’s MAC address in a proper format, and then click Apply.

Step 4. Enable MAC-Based Authentication
Go to site’s Settings > Authentication > MAC-Based Authentication to tick MAC-Based Authentication and select the target SSID. Choose Built-in RADIUS Profile as the RADIUS Profile. Set the other configurations (NAS ID / MAC-Based Authentication Fallback / Empty Password) and choose the MAC Address Format based on your needs, but note that it must be consistent with the MAC address format that you entered in the Built-in RADIUS Profile.

Verification:
Connect the phone with the configured MAC address to the created SSID 11114, after input the correct password of the SSID, you will be connected successfully.

Note: Please make sure the Random MAC address option on the phone is disabled, and use the device MAC Address, otherwise, you will be rejected to connect to the network.

You can also import Raduis users via this button:

Recommended Threads:
How to Shut Down the Switch Port Connected to an EAP to Prevent Intrusion via 802.1X Authentication?
How to Configure Dynamic VLAN with the Built-in RADIUS Server of Omada SDN Controller via User Auth?
Feedback:
- If this was helpful, welcome to give us Kudos by clicking the upward triangle below.
- If there is anything unclear in this solution post, please feel free to comment below.
Thank you in advance for your valuable feedback!
------------------------------------------------------------------------------------------------
Have other off-topic issues to report?
Welcome to > Start a New Thread < and elaborate on the issue for assistance.



