Configure
a new wireless network (settings > wireless networks) of type WPA
personal and configure a security key (shared by all users). In the same window under "advanced options" enable "Radius MAC
authentication", select your radius server profile (or create a new) and MAC address
format. When
a user connects, a radius access request is sent with user and password
set to the mac address of the client station (in the format defined
before). The radius access accept message can e.g. specify a dynamic
vlan so this feature offers more than just a centralised mac whitelist.
The wifi key configured in unifi needs to be provided when connecting to
the ssid. The radius verification takes place before the key is used
but is not sufficient to provide access: a radius access accept is
needed as well as the correct key.
Wireless network with a static vlan
Wireless network with a dynamic vlan (Radius reply attribute)
To configure Radius profiles
