# Ubiquiti USG - spoofing MAC address of the WAN port As of writing this guide (January 2019), there is no easy way to quickly spoof (clone) the MAC address on the WAN port. Which is ridiculous, because it's often the very first thing that needs to be done. Yet with the Ubiquiti USG, there is no simple way to do it in the controller's GUI, so I decided to write up this quick step-by-step recipe, since I haven't found one simple enough for people entirely new to the Ubiquiti's ecosystem (like I was), its Controller (note: no interaction with the controller is needed for this), etc. [![ubnt-usg-unifi-security-gateway.jpg](https://kb.jiripavlik.com/uploads/images/gallery/2022-03/scaled-1680-/ubnt-usg-unifi-security-gateway.jpg)](https://kb.jiripavlik.com/uploads/images/gallery/2022-03/ubnt-usg-unifi-security-gateway.jpg) Though I do assume you've used _ssh_ before. So, we have the **Ubiquiti UniFi Security Gateway** (USG) and we want to spoof (clone) MAC address of the WAN port – usually when you need to clone the address of the old router (otherwise the internet won't work). ### How to spoof MAC address of WAN port on the USG: #### 1. Log in directly into the USG using ssh You can use **Putty** on Windows, or **Terminal** on UNIX/macOS. To log in, **use credentials created during the initial setup** (these are different from UniFi Controller's login credentials – i.e. not the email). I am using Mac & Terminal. ```bash ssh admin@192.168.1.1 ``` After login, you will be welcomed by a UniFi text art, where there's one sentence worth noting: `Configuration changes made here are not persistent. They will be overwritten by the controller on next provision.` It basically says that anything we'll do here won't last past the device's next full reboot. I did not noticed that the first time, and the WAN's port MAC address returned to default when the USG's rebooted after the next firmware update few weeks later and suddenly the internet was down and I didn't know why. #### 2. Change the MAC address temporarily Theoretically you can go directly to step #3, but this is a good step to make sure you are cloning the correct MAC address to the correct physical port, and also it works immediately without needing to reboot the USG and Controller. So once you are in the command line, issue this sequence of commands: ```bash configure set interfaces ethernet eth0 mac 10:7B:EF:2F:3C:38 # of course change the MAC to yours commit save exit ``` The USG has three RJ45 ports, where the WAN port (the first one) is `eth0`, you can also change the MAC address of the other two ports as well by doing `eth1` (the default LAN port in the middle) or `eth2` (LAN/WAN port which is the furthest on the right). Now check if the new MAC address works. I am not sure how to check that, actually, I just ran `ping 1.1.1.1` in other Terminal window and waited until it started responding). If it does work, you can proceed to the final step #3: #### 3. Making the settings permanent The quickest way is simply to take this piece of json, edit the MAC address (to match the one above) and then save it somewhere as `config.gateway.json` file. { "interfaces": { "ethernet": { "eth0": { "mac": "10:7B:EF:2F:3C:38" } } } } It is recommend to double check the validity of the file, e.g. on [jsonlint.com](https://jsonlint.com/) to avoid any issues. Now place this file in the UniFi Controller's site folder. Depending on where you installed the controller, this most likely will be the directory named `default` in these locations: - **Windows:** `C:\Users\\Ubiquiti UniFi\data\sites\default` - **Linux:** `/usr/lib/unifi/data/sites/default` - **Mac:** `~/Library/Application Support/UniFi/data/sites/default` - **Cloud Key:** `/srv/unifi/data/sites/default` If it's not there, just look for the `sites` directory with `find / -type d -name "sites" -print 2>/dev/null`. That's all. Now the MAC setting will be loaded even after a full reboot. You can test and verify that everything works as it should by forcing provision (described [here](https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-with-config-gateway-json#4)), tl;dr: `UniFi Controller Devices > USG > Config > Manage Device > Force provision`, or by simply rebooting the USG. The json file is basically for pieces of settings that cannot (yet) be done through the UI (i.e. through the Controller). It is all well described in the [official documentation](https://help.ubnt.com/hc/en-us/articles/215458888-UniFi-How-to-further-customize-USG-configuration-with-config-gateway-json).