In a situation, where spoofing or cloning the MAC address of the WAN port is something you need to do, it’s usually needed to be done immediately after setup, yet on the Ubiquiti USG there is no way to do it in the controller’s GUI (as of January 2019), so I decided to write up quick step-by-step recipe since I haven’t found one simple enough for people entirely new to the Ubiquiti’s ecosystem (like I was), its Controller and whatnot. Though I do assume you’ve used ssh before.
Unifi Mac Filtering. On Jun 23, 2017 at 20:54 UTC. Next: Script to run SSH. With the current Controller the MAC-Filter was introduced. The UniFi system software is called the Controller and runs on a various operating systems. As I have a Mac mini here, I decided to run it on there. Weirdly, however it runs as a GUI application which means that I have to be logged in. There’s no need for that though as by scouring the Internet I discovered that we can run it headless via.
So we have the Ubiquiti UniFi Security Gateway (USG) and we want to spoof (clone) MAC address of the WAN port – usually when you need to clone the address of the old router (or else the internet won’t work).
How to spoof MAC address of WAN port on the USG:
1. Log in directly into the USG using ssh
You can use Putty on Windows or Terminal on UNIX/macOS.
To log in, use the credentials created during initial setup (these are different from UniFi Controller login credentials – i.e. not the email):
ssh admin@192.168.1.1
(I am using Mac & Terminal)
After login, you will be greeted by a UniFi text art, where there is one sentence worth noting: *NOTE*: Configuration changes made here are not persistent. They will be overwritten by the controller on next provision.
(It basically says that anything we’ll do here won’t last past the device’s next full reboot. I did not noticed that the first time and the WAN’s port MAC address returned to default when the USG’s rebooted after the next firmware update few weeks later and suddenly the internet was down and I didn’t know why.)
2. Change the MAC address temporarily
Theoretically you can go directly to step #3, but this is a good step to make sure you are cloning the correct MAC address to the correct physical port, and also it works immediately without the need to reboot the USG and Controller.
So once in the command line, issue this sequence of commands:
configure
set interfaces ethernet eth0 mac 10:7B:EF:2F:3C:38
(of course change the MAC)commit
save
exit
The USG has three ports, where the WAN port (the first one) is eth0
, you can also change the MAC address of the other two ports as well by doing eth1
(the default LAN port) or eth2
(LAN/WAN).
Now check if the new MAC address works (I did it simply by observing if the internet started pouring in… :D). If it does, you can proceed to the final step #3:
3. Save the settings for good
The quickest way is simply to take this piece of json, edit the MAC address (to match the one above) and then save it somewhere as config.gateway.json
file.
Unifi Controller Software Download
It is recommend to double check the validity of the file, e.g. on jsonlint.com to avoid any issues.
Unifi V4.7.5 Controller For Windows
Now place this file in the UniFi Controller’s site folder. Depending on where you installed the controller, this most likely will be the default
folder in these locations:
* Windows:C:Users<username>Ubiquiti UniFidatasitesdefault
* Linux:/usr/lib/unifi/data/sites/default/
* Mac:~/Library/Application Support/UniFi/data/sites/default/
* Cloud Key:/srv/unifi/data/sites/default/
That’s it. Now the MAC setting will be loaded even after the reboot. You can test and verify that everything works as it should by forcing provision (described here), tl;dr: UniFi Controller Devices > USG > Config > Manage Device > Force provision
, or by simply rebooting the USG.
The json file is basically for pieces of settings that cannot (yet) be done through the UI. It is all well described in the official documentation.