Non-compliant devices
802.1X methods require interactive entry of user credentials to prove a user’s identity before allowing them access to the network. This is not possible for non-interactive devices, such as printers. MAC Authentication Bypass (MAB) is supported to identify and accept non-802.1X compliant devices onto the network using their MAC address as authentication.
This feature is only for 802.1X MAB. FortiGate captive portal MAC authentication is supported by configuring the MAC address as a standard user, with the MAC address as both the username and password, and not by entering it in the MAC Devices section.
Multiple MAC devices can be imported in bulk from a CSV file. The first column of the CSV file contains the device names (maximum of 50 characters), and the second column contains the corresponding MAC addresses (0123456789AB
or 01:23:45:67:89:AB
).
When creating a new MAC-based authentication device, MAC addresses can be defined using wildcard capability to identify and accept all devices from a specific vendor. The first three bytes of a MAC address identify the vendor of the device. Define MAC devices using only the top three bytes to include all devices from a specific vendor. The following wildcard input formats are valid:
- 112233
- 11:22:33
- 112233xxxxxx
- 11:22:33:xx:xx:xx
To configure MAC-based authentication for a device:
- Go to Authentication > User Management > MAC Devices.
The MAC device list is displayed. - If you are adding a new device, select Create New to open the Create New MAC-based Authentication Device window.
- Enter the device name in the Name field.
- Enter the device’s MAC address in the MAC address field. Alternatively, enter a wildcard MAC address to represent all MAC devices from a specific vendor.
- Optionally, enter a description about the device.
- Optionally, enable This device belongs to a user. In User Type, select one of Local, Remote LDAP, or Remote RADIUS user types, and then select the user from the Owner dropdown.
- Select Save to apply your changes.
If you are editing an already existing device, select the device from the device list.
To import MAC devices:
- In the MAC device list, select Import.
- Select Upload a file to locate the CSV file on your computer.
- If you intend to add the MAC device to a group, from the Add MAC device(s) to group dropdown, select a group.
- Select Save to import the list.
The import will fail if the maximum number of MAC devices has already been reached, or if any of the information contained within the file does not conform, for example if the device name too long, or there is an incorrectly formatted MAC address.