Featured image

Table of Contents Link to heading

MAC Address Table or Content-Addressable Memory (CAM) Table Link to heading

Info
A database stored in the RAM of a switch that maps destination MAC addresses with the ports used to connect to each node.

RAM is a type of volatile memory that can be accessed quickly by the switch. It is also where the switch stores its running configuration, routing tables, ARP tables, and other temporary data.

A switch examines its MAC address table to make a forwarding decision for each frame, which enables fast and efficient L2 switching.

Note
Read more at ๐Ÿ”—.

MAC/Physical/Data Link Layer Address Link to heading

Info
A globally unique identifier assigned to a NIC for use as a network address in communications within a network segment; thus, it is used only for local delivery and have no meaning beyond the local network (which uses IP addresses).

A physical network or a network segment is the connection of devices on a common media.

The Need for MAC Addressing Link to heading

It depends on the logical topology:

  1. Point-to-point topologies, with just two interconnected nodes, do not require addressing. After the frame is on the medium, it has only one place it can go.
  2. Ring and multiaccess topologies can interconnect many nodes over a common medium, so addressing is required for unique identification. When a frame reaches each node in the topology, the node examines the destination MAC address in the L2 header to determine whether it is the destination of the frame.

Structure Link to heading

Info
A 48-bit (6-byte) binary value expressed as 12 hexadecimal digits.

Each NIC or Ethernet device is assigned a globally unique MAC address based on IEEE-enforced rules for vendors.

  1. Any vendor that sells any Ethernet NIC or interface must register with IEEE.
  2. A globally unique 3-byte code, called the Organisational Unique Identifier (OUI) that uniquely identifies a vendor, is assigned to the vendor.
  3. All MAC addresses assigned to a Ethernet NIC or interface must use that vendor’s assigned OUI as the first 3 bytes.
  4. All MAC addresses with the same OUI must then be assigned a unique value (vendor code or serial number) in the last 3 bytes by its vendor.

Information about the registered OUI codes can be view at ๐Ÿ”—.

MAC addressstructure

Image Source: HiTechMV

Representation Link to heading

48-bit/6-byte or EUI-48 addressRepresentation
Hyphen separated00-1B-63-84-45-E6
Colon separated00:1B:63:84:45:E6
Case insensitive00:1b:63:84:45:e6
Dot separated in groups of 200.1B.63.84.45.E6
Dot separated in groups of 3001.B63.844.5E6
Dot separated in groups of 4001B.6384.45E6
OrganisationRegistered OUI
Xerox Corporation, USA00-00-00 - 00-00-09
Omron Tateisi Electronics Co., Japan00-00-0A
Matrix Corporation, USA00-00-0B
Cisco Systems, Inc., USA00-00-0C
Fibronics LTD., Israel00-00-0D
Fujitsu Limited, Japan00-00-0E
Next, Inc., USA00-00-0F
Sytek Inc., USA00-00-10
Normerel Systemes, France00-00-11
Information Technology Limited, United Kingdom00-00-12
Camex, USA00-00-13
Netronix, USA00-00-14
Datapoint Corporation, USA00-00-15
Du Pont Pixel Systems, United Kingdom00-00-16
Tekelec, USA00-00-17
Webster Computer Corporation, USA00-00-18
Applied Dynamics International, USA00-00-19
Advanced Micro Devices, USA00-00-1A
Novell Inc., USA00-00-1B
Bell Technologies, USA00-00-1C

Special MAC Addresses Link to heading

Unicast Link to heading

Info
A unicast MAC address represents a single NIC interface or device in a network segment.

A unicast frame contains the MAC address of the destination receiver as the destination address, and the MAC address of the sender as the source address.

Tip
A unicast MAC address can be identified by looking at the least significant bit (LSB) of the first byte of the address. If the LSB is 0, then it is a unicast MAC address (e.g. 00:00:0A:BB:28:FC).

Broadcast Link to heading

Info
A broadcast MAC address represents all the NIC interfaces or devices in a network segment.
Tip
A broadcast frame contains all binary 1s as the destination address (FF:FF:FF:FF:FF:FF), and the MAC address of the sender as the source address.
Tip
The process that a source host uses to determine the destination MAC address associated with an IPv4 address is known as Address Resolution Protocol (ARP). The process that a source host uses to determine the destination MAC address associated with an IPv6 address is known as Neighbor Discovery (ND).

When a source host communicates with another whose L3 address is known but the MAC address is not known. The ARP broadcasts frames at L2 to discover the MAC address of the host addressed in the IP packet header.

Dynamic Host Configuration Protocol (DHCP) for IPv4 is an example of a protocol that uses Ethernet and IPv4 broadcast addresses. However, not all Ethernet broadcasts carry IPv4 broadcast packets. For example, ARP requests do not use IPv4, but the ARP message is sent as an Ethernet broadcast.

Multicast Link to heading

Info
A multicast MAC address represents a group of interfaces or devices in the network that share a common interest in a certain application, protocol, or data stream.

A multicast frame contains the unique multicast MAC address of the group as the destination address, and the MAC address of the sender as the source address. A multicast frame is received only by the devices that belong to the group, and ignored by the others.

Tip
A multicast MAC address can be identified by looking at the LSB of the first byte of the address. If the LSB is 1, then it is a multicast MAC address (e.g. 01:00:5E:00:01:01).

To have a NIC process a frame with a specific multicast address, this address must be stored in the RAM of the NIC in a similar way that the LAA is. This MAC address, along with the BIA and the MAC broadcast address, can then be compared to the destination MAC address in each incoming frame.

Routing protocols and other network protocols use multicast addressing. Applications such as video and imaging software may also use multicast addressing, although multicast applications are not as common.

Reserved Multicast Destination MAC Addresses Link to heading

Info
Those that start with 01-00-5E-80 to 01-00-5E-FF, which correspond to the multicast IP addresses from 225.0.0.0 to 239.255.255.255.

Other Names of MAC Addresses Link to heading

Burned-in Address (BIA) Link to heading

Info
Another name for a MAC address because it is burned (encoded) into read-only memory (ROM) chip on the NIC permanently and cannot be changed by software.

However, when the computer starts up, the NIC copies the address into random-access memory (RAM), where it is used as the identifier for this node. When the receiving node is examining the frame, it is the address in RAM that is used as the source address to compare with the destination address.

Universally Administered Address (UAA) Link to heading

Info
A MAC address is also sometimes called a UAA.

Locally Administered Address (LAA) Link to heading

Info
A configurable MAC address on a device that overrides the BIA and is assigned by a network administrator - MAC masking.

This allows you to have a device with a new NIC or a replacement device to satisfy any network security rules based on the MAC address.

MAC masking is not a permanent change, and the original MAC address can be restored by resetting the network device or the operating system.

LAA Ranges Link to heading

Setting the second-least-significant bit of the first octet of an UAA to 1 (U/L bit) makes the address an LAA.

Info

Thus, there are 4 ranges of LAA that can be used on a local network:

  1. x2-xx-xx-xx-xx-xx
  2. x6-xx-xx-xx-xx-xx
  3. xA-xx-xx-xx-xx-xx
  4. xE-xx-xx-xx-xx-xx

Use Cases Link to heading

One use case of LAA is when replacing a local device that is connected to an ISP that identifies or authenticates the client by the MAC address. An LAA can be used to allow a replacement device to appear to be the original device to the ISP.

Another use case is when a LAN switch is using security to allow only devices to connect that have specific MAC addresses. In this case, a configured LAA can allow the MAC address of a device to meet the MAC requirements of the security on the switch.

Another use case is for malicious purposes (MAC spoofing), such as hacking, identity theft, or network disruption.

L2 Physical Addresses versus L3 Logical Addresses Link to heading

Info
L2 physical addressing, implemented as an Ethernet MAC address, is used to transport the frame across the local media.

Although they provide unique addresses for the devices, physical addresses are nonhierarchical. MAC addresses are associated with a particular device, regardless of its location or the network to which it is connected.

These L2 addresses have no meaning outside the local network media. A L3 packet might have to traverse a number of different data-link technologies in LANs and WANs before it reaches its destination. A source device therefore has no knowledge of the technology used in intermediate and destination networks or of their L2 addressing and frame structures.

Network Layer Link to heading

Info
L3 addresses, such as IPv4 addresses, provide logical addressing that is used to carry the packet from source host to the final destination host.

However, as the packet is framed by the different data link layer protocols along the way, the L2 address it receives each time applies only to that local portion of the journey and its media