Beware cloning MAC address on Google WiFi router

Recently, I spent several hours trying to remotely resolve an issue with internet connectivity on the Google WiFi router with OpenWRT 23.05.

The ISP provides internet access by a MAC address. Historically, the PC's MAC was used for that, and WAN port of Netgear WNDR-3800 with OpenWRT was configured for that MAC for about 10 years at my relative's home. Unfortunately, this router passed away, and I pre-configured my old, unused Google WiFi and sent it to them. I was sure everything would work out of the box. However, Google WiFi did not provide internet access. After investigation, I found that the WAN interface fell down when the PC was connected to the LAN port (LAN connection was stable). Fortunately, I also sent them a USB ethernet adapter, and connecting the PC via the USB adapter solved the connectivity issue.

I believe the Google WiFi documentation on OpenWRT hardware needs to be updated with these caveats, but the issue needs to be confirmed by someone else. I would appreciate it if someone who uses Google WiFi can check it quickly.

Expected steps to reproduce:

  • Get a network adapter's MAC address connected to the router's LAN port.
  • Configure the router's WAN port and set the MAC address from the step above.
  • Monitor WAN port status and internet traffic in the next several minutes.

I understand that this was remote troubleshooting, so that may make it harder to answer a few questions about this, but I'll ask anyway:

  • Did you clone the PC's MAC address into the wan device on the Google Wifi?
  • Was it also cloned into the lan device on the Google Wifi?
  • Did everything work properly when the PC was disconnected?
  • If the PC was disconnected in the above situation... with the whole network up and running normally, did it fail as soon as the PC was connected/turned on? Or did it only fail under certain circumstances (such as when the PC was connected during a router reboot, for example)
  • What kind of internet service is involved here? Cable? DSL? Fiber? Cellular? something else?
  • Does the ISP have a means to clear the 'learned' MAC address (often for cable modems, power cycling the modem a few times or leaving it powered off for 10 mins or so will clear the MAC; some services may require a call to the ISP's techs, etc.)?

Best is to call provider to help new router, at least faster than unsoldering flash and extracting long l{st MAC.

…and there are (at least) two different ways how MAC address overrides may be configured (option macaddr in your interface stanza XOR in a dedicated device stanza). Both approaches are valid, but there may only be one - and conflicting settings will cause trouble.

if there is no DTS/ nvmem way to preconfigure the MAC addresses correctly, uci firstboot scripts tend to set up a device stanza - luci however tends to add the setting to the interface stanzas, so you need to look at the actual /etc/config/network file contents.

Yes, as provider issues IP addresses to the customers only for specific MAC addresses

Of course, NO :slight_smile:

I can't fully confirm it now. Unfortunately, I do not have any spare access to the LAN connection and I wouldn't like to do any experiments due to risks to disrupts or fully broke internet connection. It's stressful for my relatives.
What I saw, the router was accessible from WAN until PC is plugged in to the LAN port. This is why I'm asking someone who uses such router and have full access from it's LAN side to reproduce this behavior.

The ISP provides pure Ethernet connectivity, meaning the WAN port connected to the ISP's ethernet switch in the apartment building, which is directly connected to the ISP's zone router, acts as a DHCP Relay agent.
ISP clearly recommend to use the same MAC address if customer changes border device, or call them to change MAC address.

I do not see any way to change interface MAC address in 23.x. The only device has option macaddr, this is used.

inddeed, thats easiest, some providers keep spare IP address for subscriber in case they change their router.

Thank you for your comment. Yes, this is one of the solutions.
However, this topic was created to point that OpenWRT on Google WiFi device handles "MAC address cloning" differently than most of other devices.

Cloning a MAC address is not an uncommon situation, and I don't recall seeing any situations where it would cause the issues you've described. That is to say that the MAC address must be unique on any given L2 subnet, but it shouldn't be a problem if the same MAC is used for the router's upstream and on a client behind the router (downstream).

I don't have that hardware, so I cannot test to see if this is reproducible in my own environment.

1 Like

There is no "mac address cloning" , you can just select MAC of MACs known to router or type your own.

I know this is rarely used device in the OpenWRT world :upside_down_face:
Looking deeply - the Google does not allow to change WAN MAC address in stock firmware for some reason.

Actually, it is fairly popular since the end of google support and the addition to openwrt’s supported devices. Still not a high volume device, but not rare.

I found this an RFC: Represent IPQ40xx ess-edma MAC as single interface which partially clarifies this behavior.