Posted: Thu Jul 18, 2024 2:50 Post subject: Can ISP block WAN MAC changing / cloning? Mine just started!
Hey everyone, for years I've been able to change my dd-wrt WAN MAC address on my router and the cable modem would still let me get online. In fact I change my dd-wrt WAN MAC to change my IP address every once in a while.
Recently that is not possible. If I change my dd-wrt WAN MAC my ISP (co.m.cas.t) won't let my dd-wrt get a WAN IP. WAN IP just says 0.0.0.0
Only if I use the MAC address printer on the bottom of the router will I get a WAN IP and get online.
I first thought there was something wrong with my router and after much testing on 3 different dd-wrt routers (r6300v2, r7000, ea8500) I figured out that I must keep my WAN MAC address to get online.
This just started... If an ISP is blocking MAC cloning, how does it do it?
How would they know what my routers original MAC is anyway?
PS. I've tried different builds on all 3 routers, very old builds to newest builds and they all do the same now
Your ISP knows your router's MAC address because they control your modem. For the last three ISPs I have had, whenever I upgrade my modem, I have ALWAYS had to call and give them the MAC address of the replacement modem before it can be activated. It sounds like they locked your modem to your router's WAN MAC for some odd reason (this is not really the norm). Call them and ask. Their policies likely have changed. After all, it is comcast. I have heard lots of bad things about them....but likely heresy. Maybe they want to rent you their router? They make huge amounts of money leasing crappy routers to customers. _________________ - Linksys EA8500: I-Gateway, WAP/VAP 5ghz only. Features: VLANs, Samba, WG, Entware - r60xxx
- Linksys EA8500: 802.11s Secondary w/VLAN Trunk over 5ghz - r60xxx
- Linksys MX4300: 802.11s Primary w/VLAN Trunk over 5ghz. 2.4ghz WAP/VAP only - r60xxx
- Linksys MX4300: (WAP/VAP (7)) Multiple VLANs over single trunk port. Entware/Samba r60xxx
- Linksys MR7350: WDS Station for extended Ethernet r60xxx
- Linksys MR7500, MX8500: None in production. Just testing. r60xxx
- OSes: Fedora 40, 10 RPis (2,3,4,5), 23 ESP8266s: Straight from Amiga to Linux in '95, never having owned a Windows PC.
- Forum member #248
Your ISP knows your router's MAC address because they control your modem. For the last three ISPs I have had, whenever I upgrade my modem, I have ALWAYS had to call and give them the MAC address of the replacement modem before it can be activated. It sounds like they locked your modem to your router's WAN MAC for some odd reason (this is not really the norm). Call them and ask. Their policies likely have changed. After all, it is comcast. I have heard lots of bad things about them....but likely heresy. Maybe they want to rent you their router? They make huge amounts of money leasing crappy routers to customers.
Thanks for the reply ツ
Yea thats exactly what I was thinking, that they somehow locked my router MAC to the modem MAC
And actually they just recently tried sending me their shit router/modem in one and wanted to charge me $20 a month for it. Now that I think about it this issue may have started then and I didn't put the 2 and 2 together
I'll try giving them a call but knowing their IT department I don't have much hope for people I call knowing how to remove this lock lol
Joined: 08 May 2018 Posts: 16576 Location: Texas, USA
Posted: Tue Jul 23, 2024 22:47 Post subject:
Power both down for 5 minutes. Power up cable modem. Wait 5 minutes. Power up router with new WAN MAC. If that doesn't work, then they are preventing you from buying any new equipment without their approval and registering it with their system. This is the only reason why I go ahead and use ISP wifi routers and double NAT. Because it is a pain in the a$$ets to do a constantly-changing private WAN MAC, although there is probably a way to do so via script. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... RSS feed for DD-WRT releases (2025) RSS feed for DD-WRT releases (2024) RSS feed for DD-WRT releases (2023)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Yea I tried bunch of different power downs / ups to see if I can fool the ISP into letting me try a new cloned router MAC but nothing seems to work now. I will try what you suggest once I get home
I use to have dd-wrt schedule reboot once a day and I also used this start-up script to automatically change the MAC so I would get a new IP address every day. Maybe they got tired of my router changing MACs/IPs daily lol
Here is the script:
Code:
#!/bin/ash
MAC=`(date; cat /proc/interrupts) | md5sum | sed -r 's/^(.{10}).*$/\1/; s/([0-9a-f]{2})/\1:/g; s/:$//;'`
mac_clone_enable=1
nvram set def_hwaddr="00:${MAC}"
I have 2 dd-wrt routers with obviously 2 different WAN MAC addresses, BOTH connect and get a WAN IP if I leave the MAC address originally/unchanged
But if I use the dd-wrt clone MAC address feature both routers only get a 0.0.0.0 WAN IP address
Doesn't this mean this is a dd-wrt bug? But I don't understand how it could be when I tried multiple dd-wrt builds on both of them with same results
Its like com.cas.t knows what router is connected to the cable modem and knows that thats not its original MAC, and if its not it doesn't let the cable modem give the router a WAN IP address and just give it 0.0.0.0
Posted: Sun Aug 04, 2024 15:11 Post subject: Can ISP block WAN MAC changing / cloning? Mine just started!
If I'm the isp I would get a little annoyed at this practice of changing mac to get new external ip. The isp has a limited number of addresses it can share on each subnet it establishes to provide ipv4 addresses to its customers. When you start acquiring a new address every day that may reduce or cause there not to be addresses available for customers for periods of time, especially if more than one client is doing this. _________________ ARCHER-C7v5 | v3.0-r62778 std | AP Gateway
WNDR4000|v24-52189_NEWD-2_K3.x_mega|Inactive Spare
Posted: Sat Sep 21, 2024 20:06 Post subject: Re: Can ISP block WAN MAC changing / cloning? Mine just star
jbkt23 wrote:
If I'm the isp I would get a little annoyed at this practice of changing mac to get new external ip. The isp has a limited number of addresses it can share on each subnet it establishes to provide ipv4 addresses to its customers. When you start acquiring a new address every day that may reduce or cause there not to be addresses available for customers for periods of time, especially if more than one client is doing this.
I can confirm, at least with Cox, when you use a non cox modem, they have to add it to their database to get access, as a few years ago..and this was a famous weekend, I happened to upgrade my modem on a friday and could not get online until monday because in short version...Cox runs all modem authorizations thru atlanta in a central database and if you tried any changes, there was no way to update it that weekend as they were doing maintenance...of course we didnt find this out until getting to tier whatever the heck support, but i imagine comcrast does the same type of nonsense. And of course, could not swap back in the old router because it had detected a change, so they old mac was not authenticated anymore...yeah fun times of stupid.
And I agree with jbk..they probably assign certain pools for the ip and dont update their addresses properly so I bet that is what is going on. I am shocked at how bad their backbone is run from simple administrative side. It sounds like if you try even simple things that are mundane and easily handled on a local administrative subnet on their overall systems, only like 3 people in atlanta have any knowledge and if they arent in, you are special case and not getting anywhere. But hey, the set top boxes they give you are running like 2012 tech mostly so is that really a surprise?
Sorry everyone been kinda busy and gave up this for a while...
First off I think some of you think that I am talking about the cable modem. Cable modem I use is mine so I don't have to pay $20 monthly to IPS to rent their modem. And yes even with com.cast you have to register your own modem MAC address to get online. This is normal otherwise internet would be free.
What I am saying is, forget my cable modem, its been the same one for many years...
My dd-wrt router doesn't allow me to use "MAC Address Clone" feature anymore. As soon as the mac address clone feature is turned ON and I change the MAC to something other than what's on the bottom of my dd-wrt modem (netgear r6300v2) my dd-wrt modem can no longer get a WAN IP address, it just reads 0.0.0.0 in the top right corner on the dd-wrt GUI page.
So I was thinking my IPS locked my current modem, to my current dd-wrt router which is: Netgear r6300v2
But then I went and set up a 2nd dd-wrt modem: Linksys ea8500 for more testing.
Some thing happens on the 2nd dd-wrt. If I DONT use the MAC Address Clone feature I can get a WAN IP address and get online.
In fact it even gives me 2 different IP addresses because both of those dd-wrt routers have a different MAC so the IPS gives me different WAN IP address. This is great, its what I'm after.
I just don't understand why I can't use the "MAC Address Clone" successfully on either one of them when this worked for years. On both of the routers I get WAN IP: 0.0.0.0 if I use MAC Address Clone.
It almost feels like my IPS knows that I am using a router that allows me to change my routers MAC address. I don't understand how they could possibly know this?
I'm even tempted to install some other custom firmware on 1 of these routers just to see if the "MAC Address Clone" would work on it for more testing...
.
Joined: 08 May 2018 Posts: 16576 Location: Texas, USA
Posted: Wed May 28, 2025 3:27 Post subject:
While I do not think that MAC address cloning is broken completely when using the webUI only, this echoes another report regarding an old script to randomly change (the WAN ?) MAC address.
One thing I have noticed on both of my dd-wrt routers is that if I enable: "MAC Address Clone" and leave the MAC address unchanged, I do get online and I get a valid WAN IP address from the cable modem...
BUT if I manually change just a single digit under "MAC Address Clone" (which used to work), now can't get online and the WAN IP shows up as 0.0.0.0
Like I said "MAC Address Clone" used to work on this router with the same cable modem, none of my hardware has changed... So I am guessing co.mcas.t might be doing something thats causing the cable modem and dd-wrt firmware not to talk correctly if the MAC is changed and my router never gets an valid WAN IP.
Im gonna try openwrt on my links's ea8500 tomorrow and see if I get the same issues when changing MACs
Can it be that the MAC Address leak at boot up before the closing function changes it?
Could be a wrt bug...?
I've also tried staring up the cable modem and the router separately, then connecting the ethernet cable after to see if maybe its a startup bug in dd-wrt but still no luck
I've tried older and newer versions of the wrt firmware on both routers but the issue remains
On Netgear r6300v2 right now I'm running: r53339 (tired older r45385, and newer r56941)
On Linksys EA8500 I'm running: r59468
Joined: 08 May 2018 Posts: 16576 Location: Texas, USA
Posted: Wed May 28, 2025 22:17 Post subject:
You may wish to consider upgrading to the current release, simply because I am not about to search tickets and forum for when this feature was reported broken previously and because there is little to no debug information given other than it's broken.
