Ubiquiti USG – spoofing MAC address of the WAN port

Spoofing MAC address on the WAN port is:
* a setting that needs to be done on day 0
* somewhat difficult to do for people new to the Ubiquiti ecosystem because it cannot (yet) be done via controller’s UI

So I decided to write up quick step-by-step recipe.

So we have Ubiquiti UniFi Security Gateway (USG) and we want to spoof MAC address of the WAN port – usually when we need to match the address of the old router (or else the internet won’t work).

How to spoof MAC address of WAN port on the USG:

1. Connect to the USG via ssh

Use Putty on Windows, Terminal on UNIX/macOS.

To log in, use the credentials created during intial setup (these are different from UniFi Controller login credentials!).

ssh admin@192.168.1.1 (I am using Mac & Terminal)

You will be greeted by a UniFi text art where there is a sentence worth noting: *NOTE*: Configuration changes made here are not persistent. They will be overwritten by the controller on next provision.

Basically anything we’ll do here won’t last after the device’s restart. (I did not noticed that the first time and the WAN address returned to default after power outage and UPS failure, and had to do it again and properly.)

2. Change the MAC address

In the command line, issue this sequence of commands:

configure
set interfaces ethernet eth0 mac 10:7B:EF:2F:3C:38 (of course change the MAC)
commit
save
exit

The USG has three ports, where the WAN port (the first one) is eth0, you can also change the MAC address of the other two as well by doing eth1 (the default LAN port) or eth2 (LAN/WAN).

Now check if the new MAC address works (I did it simply by observing if the internet starts pouring in… :D), if it does, you can proceed to step #3:

3. Save the settings for good

The quickest way is simply to take this block of json, edit the MAC address (to match the one above) and then save it somewhere as config.gateway.json file.

{
    "interfaces": {
        "ethernet": {
            "eth0": {
                "mac": "10:7B:EF:2F:3C:38"
            }
        }
    }
}

It is recommend to double check the validity of the file, e.g. on jsonlint.com to avoid any issues (simply make sure not to lose any of the {} brackets).

Now place this file in the UniFi Controller’s site folder. Depending on where you installed the controller, this most likely will be the default folder in these locations:
* Windows: C:\Users\<username>\Ubiquiti UniFi\data\sites\default
* Linux: /usr/lib/unifi/data/sites/default/
* Mac: ~/Library/Application Support/UniFi/data/sites/default/
* Cloud Key: /srv/unifi/data/sites/default/

That’s it. Now the MAC setting will be loaded even after the USGs reboot. You can test and verify that everything works as it should by forcing provision (described here), tl;dr: UniFi Controller Devices > USG > Config > Manage Device > Force provision.

The json file is basically for pieces of settings that cannot yet be done through the UI. It is all well described in the official documentation.

One Reply to “Ubiquiti USG – spoofing MAC address of the WAN port”

  1. Hi again.
    Forget my previous mail. Needed a full reboot. MAC now is on eth0 and all sub (VLAN) interface.

    Only thing that differ from your procedure, probably cause my controller is running on a Pi is that folders were a little bit different (symlink) and the owner was the user Unifi witch I don’t have the password. System user.

    So had to modify folder rights, modify, then set back as they were (750).

    Thx for this procedure

Leave a Reply

Your email address will not be published.