Networking

Ubiquiti USG - spoofing MAC address of the WAN port

As of writing this guide (January 2019), there is no easy way to quickly spoof (clone) the MAC address on the WAN port.

Which is ridiculous, because it's often the very first thing that needs to be done. Yet with the Ubiquiti USG, there is no simple way to do it in the controller's GUI, so I decided to write up this quick step-by-step recipe, since I haven't found one simple enough for people entirely new to the Ubiquiti's ecosystem (like I was), its Controller (note: no interaction with the controller is needed for this), etc.

ubnt-usg-unifi-security-gateway.jpg

Though I do assume you've used ssh before. So, we have the Ubiquiti UniFi Security Gateway (USG) and we want to spoof (clone) MAC address of the WAN port – usually when you need to clone the address of the old router (otherwise the internet won't work).

How to spoof MAC address of WAN port on the USG:

1. Log in directly into the USG using ssh

You can use Putty on Windows, or Terminal on UNIX/macOS.

To log in, use credentials created during the initial setup (these are different from UniFi Controller's login credentials – i.e. not the email). I am using Mac & Terminal.

ssh admin@192.168.1.1

After login, you will be welcomed by a UniFi text art, where there's one sentence worth noting:

Configuration changes made here are not persistent. They will be overwritten by the controller on next provision.

It basically says that anything we'll do here won't last past the device's next full reboot. I did not noticed that the first time, and the WAN's port MAC address returned to default when the USG's rebooted after the next firmware update few weeks later and suddenly the internet was down and I didn't know why.

2. Change the MAC address temporarily

Theoretically you can go directly to step #3, but this is a good step to make sure you are cloning the correct MAC address to the correct physical port, and also it works immediately without needing to reboot the USG and Controller. So once you are in the command line, issue this sequence of commands:

configure
set interfaces ethernet eth0 mac 10:7B:EF:2F:3C:38 # of course change the MAC to yours
commit
save
exit

The USG has three RJ45 ports, where the WAN port (the first one) is eth0, you can also change the MAC address of the other two ports as well by doing eth1 (the default LAN port in the middle) or eth2 (LAN/WAN port which is the furthest on the right).

Now check if the new MAC address works. I am not sure how to check that, actually, I just ran ping 1.1.1.1 in other Terminal window and waited until it started responding).

If it does work, you can proceed to the final step #3:

3. Making the settings permanent

The quickest way is simply to take this piece of json, edit the MAC address (to match the one above) and then save it somewhere as config.gateway.json file.

{
    "interfaces": {
        "ethernet": {
            "eth0": {
                "mac": "10:7B:EF:2F:3C:38"
            }
        }
    }
}

It is recommend to double check the validity of the file, e.g. on jsonlint.com to avoid any issues. Now place this file in the UniFi Controller's site folder. Depending on where you installed the controller, this most likely will be the directory named default in these locations:

If it's not there, just look for the sites directory with find / -type d -name "sites" -print 2>/dev/null.

That's all. Now the MAC setting will be loaded even after a full reboot. You can test and verify that everything works as it should by forcing provision (described here), tl;dr: UniFi Controller Devices > USG > Config > Manage Device > Force provision, or by simply rebooting the USG.

The json file is basically for pieces of settings that cannot (yet) be done through the UI (i.e. through the Controller). It is all well described in the official documentation.