802.1X methods require interactive entry of user credentials to prove a user’s identity before allowing them access to the network. This is not possible for non-interactive devices, such as printers. MAC Authentication Bypass (MAB) is supported to allow non-802.1X compliant devices to be identified and accepted onto the network using their MAC address as authentication.
This feature is only for 802.1X MAB. FortiGate captive portal MAC authentication is supported by configuring the MAC address as a standard user, with the MAC address as both the username and password, and not by entering it in the MAC Devices section.
Multiple MAC devices can be imported in bulk from a CSV file. The first column of the CSV file contains the device names (maximum of 50 characters), and the second column contains the corresponding MAC addresses (
When creating a new MAC-based authentication device, MAC addresses can be defined using wildcard capability to identify and accept all devices from a specific vendor. The first three bytes of a MAC address identify the vendor of the device. Define MAC devices using only the top three bytes to include all devices from a specific vendor. The following wildcard input formats are valid:
- Go to Authentication > User Management > MAC Devices. The MAC device list will be shown.
- If you are adding a new device, select Create New to open the Create New MAC-based Authentication Device window.
- Enter the device name in the Name field.
- Enter the device’s MAC address in the MAC address field. Alternatively, enter a wildcard MAC address to represent all MAC devices from a specific vendor.
- Select OK to apply your changes.
If you are editing an already existing device, select the device from the device list.
- In the MAC device list, select Import.
- Select Browse to locate the CSV file on your computer.
- Select OK to import the list.
The import will fail if the maximum number of MAC devices has already been reached, or if any of the information contained within the file does not conform, for example if the device name too long, or there is an incorrectly formatted MAC address.