UniFi / Ubiquiti setup

Setting up Ubiquiti RADIUS with Foxpass


Ubiquiti access points are not compatible with EAP-TTLS (name/password auth) when the password check is delegated to a third party (e.g. Google Workspace, O365, Okta, etc.) Please ask Ubiquiti for a configurable RADIUS timeout -- the default of 1 second is not enough time.

Many Foxpass customers use wireless access products by Ubiquiti. You are in good hands.

The Ubiquiti setup is very straight-forward.

1. Set your Foxpass password

In Foxpass, go to the "Password" settings page and enter a password.

2. Create a "RADIUS Client" entry on Foxpass

Visit this page: https://console.foxpass.com/settings/radius/. Create a RADIUS client for this site's public IP address.


Note: Please provide the public IP address where traffic from the access points will egress.

Note the secret that was generated.

Then click on the "RADIUS Servers" tab on that page and note our RADIUS IP addresses (EAP-TTLS at the top, EAP-TLS at the bottom) and the "secret" that was created for that entry.

3. Create a RADIUS profile

In your Ubiquiti settings, go to "Profiles"

Click "Create new" under "RADIUS"

  • Name: Foxpass RADIUS
  • Enable Wireless Networks
  • Authentication Servers - IP Address: (from above step), Port: 1812, Password/Shared Secret: (from above step). Click Add.
  • Add a second Foxpass RADIUS server IP address. Same shared secret and port.
  • Click "Apply Changes"
RADIUS Profile

RADIUS Profile


Access points will reboot after step 4

Consider whether this is the best time to have your access points reboot en-masse

4. Create a test SSID

In your Ubiquiti go to Settings > WiFi

  • Name/SSID: Foxpass
  • Click Manual for "Advanced" option.
Configure WiFi Network

Configure WiFi Network

  • Security Protocol - WPA2 Enterprise
  • RADIUS profile - Select the Foxpass RADIUS profile configured earlier in Step 3.
  • Click Add Wifi Network.
Add WiFi Network

Add WiFi Network

5. Set up your client

If you have a Mac, go to this page: https://console.foxpass.com/settings/wifi/. Create an entry for (e.g.) "Foxpass", download the config file and install it. To configure other operating systems for TTLS-PAP, please see the "RADIUS clients" section to the left.

Download Config

Download Config

6. Try it out

  • Click on the (SSID) that you have configured in Ubiquiti.
Connect to Network

Connect to Network

  • Connect to your new network, and enter your username and password and Click Ok.
Enter Credentials

Enter Credentials

  • You will be connected to your network and you can see successful/unsuccessful logs on the RADIUS logs page.


Known Issues:

  1. UniFi devices can exhibit instability when multiple RADIUS server IP addresses are configured. This includes strange behavior and performance issues due to timeouts and server switching. You can configure UniFi devices with a single RADIUS server IP address to ensure stable performance.
  2. Typically UniFi defaults to 2 seconds for RADIUS timeouts and retries three times, leading to increased connection instability and latency.