MAC address

Template:About

A media access control address (MAC address) of a computer is a unique identifier assigned to network interfaces for communications at the data link layer of a network segment. MAC addresses are used as a network address for most IEEE 802 network technologies, including Ethernet and WiFi. Logically, MAC addresses are used in the media access control protocol sublayer of the OSI reference model.

MAC addresses are most often assigned by the manufacturer of a network interface controller (NIC) and are stored in its hardware, such as the card's read-only memory or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address (BIA). It may also be known as an Ethernet hardware address (EHA), hardware address or physical address (not to be confused with a memory physical address). This can be contrasted to a programmed address, where the host device issues commands to the NIC to use an arbitrary address.

A network node may have multiple NICs and each NIC must have a unique MAC address. Sophisticated network equipment such as a multilayer switch or router may require one or more permanently assigned MAC addresses.

MAC addresses are formed according to the rules of one of three numbering name spaces managed by the Institute of Electrical and Electronics Engineers (IEEE): MAC-48, EUI-48, and EUI-64. The IEEE claims trademarks on the names EUI-48<ref>Template:Cite web</ref> and EUI-64,<ref name="eui64">Template:Cite web</ref> in which EUI is an abbreviation for Extended Unique Identifier.

Address details

The original IEEE 802 MAC address comes from the original Xerox Ethernet addressing scheme.<ref name="Ieee802arch"> Template:Cite book </ref> This 48-bit address space contains potentially 2⁴⁸ or 281,474,976,710,656 possible MAC addresses.

The distinction between EUI-48 and MAC-48 identifiers is purely nominal: MAC-48 is used for network hardware; EUI-48 is used to identify other devices and software. (Thus, by definition, an EUI-48 is not in fact a "MAC address", although it is syntactically indistinguishable from one and assigned from the same numbering space.)

The IEEE now considers the label MAC-48 to be an obsolete term, previously used to refer to a specific type of EUI-48 identifier used to address hardware interfaces within existing 802-based networking applications, and thus not to be used in the future. Instead, the proprietary term EUI-48 should be used for this purpose.

In addition, the EUI-64 numbering system encompasses both MAC-48 and EUI-48 identifiers by a simple translation mechanism.<ref name="eui64" /> To convert a MAC-48 into an EUI-64, copy the OUI, append the two octets <tt>FF-FF</tt> and then copy the organization-specified extension identifier. To convert an EUI-48 into an EUI-64, the same process is used, but the sequence inserted is <tt>FF-FE</tt>. In both cases, the process can be trivially reversed when necessary. Organizations issuing EUI-64s are cautioned against issuing identifiers that could be confused with these forms. The IEEE has a target lifetime of 100 years for applications using MAC-48 space, but encourages adoption of EUI-64s instead.<ref name="IeeeEui"/>

IPv6 — one of the most prominent standards that uses a Modified EUI-64 — treats MAC-48 as EUI-48 instead (as it is chosen from the same address pool) and toggles the U/L bit (as this makes it easier to type locally assigned IPv6 addresses based on the Modified EUI-64). This results in extending MAC addresses (such as IEEE 802 MAC address) to Modified EUI-64 using only <tt>FF-FE</tt> (and never <tt>FF-FF</tt>) and with the U/L bit inverted.<ref>Template:Cite web</ref>

An Individual Address Block (IAB) was a 24-bit OUI managed by the IEEE Registration Authority, followed by 12 IEEE-provided bits (identifying the organization), and 12 bits for the owner to assign to individual devices. An IAB is ideal for organizations requiring fewer than 4097 unique 48-bit numbers (EUI-48). IAB's have been replaced with 12-bit "MA-S" address blocks.<ref>Template:Cite web</ref>

Template:Anchor

Universal vs. local

Addresses can either be universally administered addresses or locally administered addresses. A universally administered address is uniquely assigned to a device by its manufacturer. The first three octets (in transmission order) identify the organization that issued the identifier and are known as the Organizationally Unique Identifier (OUI).<ref name="IeeeEui">Template:Cite web</ref> The remainder of the address (three octets for MAC-48 and EUI-48 or five for EUI-64) are assigned by that organization in nearly any manner they please, subject to the constraint of uniqueness. A locally administered address is assigned to a device by a network administrator, overriding the burned-in address.

Universally administered and locally administered addresses are distinguished by setting the second-least-significant bit of the first octet of the address. This bit is also referred to as the U/L bit, short for Universal/Local, which identifies how the address is administered. If the bit is 0, the address is universally administered. If it is 1, the address is locally administered. In the example address 06-00-00-00-00-00 the first octet is 06 (hex), the binary form of which is 00000110, where the second-least-significant bit is 1. Therefore, it is a locally administered address.<ref>Template:Cite web</ref> Consequently, this bit is 0 in all OUIs.

Unicast vs. multicast

If the least significant bit of the first octet of an address is set to 0 (zero), the frame is meant to reach only one receiving NIC.<ref>Template:Cite web</ref> This type of transmission is called unicast. A unicast frame is transmitted to all nodes within the collision domain, which typically ends at the nearest network switch or router. A switch will forward a unicast frame through all of its ports (except for the port that originated the frame) if the switch has no knowledge of which port leads to that MAC address, or just to the proper port if it does have knowledge.<ref>Template:Cite web</ref><ref>MAC Table</ref>Template:Failed verification Only the node with the matching hardware MAC address will accept the frame; network frames with non-matching MAC-addresses are ignored, unless the device is in promiscuous mode.

If the least significant bit of the first octet is set to 1, the frame will still be sent only once; however, NICs will choose to accept it based on criteria other than the matching of a MAC address: for example, based on a configurable list of accepted multicast MAC addresses. This is called multicast addressing.

The IEEE has built in several special address types to allow more than one network interface card to be addressed at one time:

• Packets sent to the broadcast address, all one bits, are received by all stations on a local area network. In hexadecimal the broadcast address would be <tt>FF:FF:FF:FF:FF:FF</tt>. A broadcast frame is flooded and is forwarded to and accepted by all other nodes.
• Packets sent to a multicast address are received by all stations on a LAN that have been configured to receive packets sent to that address.
• Functional addresses identify one or more Token Ring NICs that provide a particular service, defined in IEEE 802.5.

These are all examples of group addresses, as opposed to individual addresses; the least significant bit of the first octet of a MAC address distinguishes individual addresses from group addresses. That bit is set to 0 in individual addresses and set to 1 in group addresses. Group addresses, like individual addresses, can be universally administered or locally administered.

Applications

The following technologies use the MAC-48 identifier format:

• Ethernet
• 802.11 wireless networks
• Bluetooth
• IEEE 802.5 token ring
• most other IEEE 802 networks
• Fiber Distributed Data Interface (FDDI)
• Asynchronous Transfer Mode (ATM), switched virtual connections only, as part of an NSAP address
• Fibre Channel and Serial Attached SCSI (as part of a World Wide Name)
• The ITU-T G.hn standard, which provides a way to create a high-speed (up to 1 gigabit/s) local area network using existing home wiring (power lines, phone lines and coaxial cables). The G.hn Application Protocol Convergence (APC) layer accepts Ethernet frames that use the MAC-48 format and encapsulates them into G.hn Medium Access Control Service Data Units (MSDUs).

Every device that connects to an IEEE 802 network (such as Ethernet and WiFi) has a MAC-48 address.<ref>Network interface controller</ref> Common consumer devices to use MAC-48 include every PC, smartphone or tablet computer.

EUI-64 identifiers are used in:

• FireWire
• IPv6 (Modified EUI-64 as the least-significant 64 bits of a unicast network address or link-local address when stateless autoconfiguration is used)
• ZigBee / 802.15.4 / 6LoWPAN wireless personal-area networks

Usage in hosts

On broadcast networks, such as Ethernet, the MAC address uniquely identifies each node on that segment and allows frames to be marked for specific hosts. It thus forms the basis of most of the link layer (OSI Layer 2) networking upon which upper layer protocols rely to produce complex, functioning networks.

Although intended to be a permanent and globally unique identification, it is possible to change the MAC address on most modern hardware. Changing MAC addresses is necessary in network virtualization. It can also be used in the process of exploiting security vulnerabilities. This is called MAC spoofing.

In IP networks, the MAC address of an interface can be queried given the IP address using the Address Resolution Protocol (ARP) for Internet Protocol Version 4 (IPv4) or the Neighbor Discovery Protocol (NDP) for IPv6. In this way, ARP or NDP is used to translate IP addresses (OSI layer 3) into Ethernet MAC addresses (OSI layer 2).

Spying

According to Edward Snowden, the National Security Agency has a system that tracks the movements of everyone in a city by monitoring the MAC addresses of their electronic devices.<ref>Template:Cite web</ref> As a result of users being trackable by their devices' MAC addresses, Apple Inc. has started using random MAC addresses in their iOS line of devices while scanning for networks.<ref>Template:Cite web</ref> If random MAC addresses are not used, researchers have confirmed that it is possible to link a real identity to a particular wireless MAC address.<ref name=cunche-grehack2013>Template:Cite web</ref>

Many network interfaces (including wireless ones) support changing their MAC address. The configuration is specific to the Operating System. On most unix-like systems, the ifconfig command may be used to add and remove "link" (ethernet MAC family) address aliases. For instance, the "active" ifconfig directive may then be used on NetBSD to specify which of the attached addresses to activate.<ref name=ifconfig>Template:Cite web</ref> Hence, various configuration scripts and utilities allow to randomize the MAC address at boot or network connection time.

Using wireless access points in SSID-hidden mode (see network cloaking), a mobile wireless device may not only disclose its own MAC address when traveling, but even the MAC addresses associated to SSIDs the device has already connected to, if they are configured to send these as part of probe request packets. Alternative modes to prevent this include configuring access points to be either in beacon-broadcasting mode, or probe-response with SSID mode. In these modes, probe requests may be unnecessary, or sent in broadcast mode without disclosing the identity of previously-known networks.<ref name=Hidden network no beacons>Template:Cite web</ref>

Usage in switches

Layer 2 switches examine source and destination MAC addresses of packets to direct packet transmission to the intended recipient through a process called transparent bridging.

Switches often have an internal host, with associated MAC address, for the purposes of network management.

Some switches have individual MAC addresses permanently assigned to each switch port. These MAC addresses are used for the source addresses on Spanning Tree Protocol BPDUs.

Notational conventions

The standard (IEEE 802) format for printing MAC-48 addresses in human-friendly form is six groups of two hexadecimal digits, separated by hyphens (<tt>-</tt>) in transmission order (e.g. <tt>01-23-45-67-89-ab</tt>). This form is also commonly used for EUI-64 (e.g. <tt>01-23-45-67-89-ab-cd-ef</tt>).<ref>Template:Cite web </ref> Other conventions include six groups of two hexadecimal digits separated by colons (<tt>:</tt>) (e.g. <tt>01:23:45:67:89:ab</tt>), and three groups of four hexadecimal digits separated by dots (<tt>.</tt>) (e.g. <tt>0123.4567.89ab</tt>); again in transmission order.<ref>Template:Cite web </ref>

Bit-reversed notation

The standard notation, also called canonical format, for MAC addresses is written in transmission bit order with the least significant bit transmitted first, as seen in the output of the iproute2/ifconfig/ipconfig command, for example.

However, since IEEE 802.3 (Ethernet) and IEEE 802.4 (Token Bus) send the bytes (octets) over the wire, left-to-right, with least significant bit in each byte first, while IEEE 802.5 (Token Ring) and IEEE 802.6 send the bytes over the wire with the most significant bit first, confusion may arise when an address in the latter scenario is represented with bits reversed from the canonical representation. For example, an address in canonical form <code>12-34-56-78-9A-BC</code> would be transmitted over the wire as bits <code>01001000 00101100 01101010 00011110 01011001 00111101</code> in the standard transmission order (least significant bit first). But for Token Ring networks, it would be transmitted as bits <code>00010010 00110100 01010110 01111000 10011010 10111100</code> in most-significant-bit first order. The latter might be incorrectly displayed as <code>48-2C-6A-1E-59-3D</code>. This is referred to as bit-reversed order, non-canonical form, MSB format, IBM format, or Token Ring format, as explained in RFC 2469. Canonical form is generally preferred, and used by all modern implementations.

When the first switches supporting both Token Ring and Ethernet came out, some did not distinguish between canonical form and non-canonical form and so did not reverse MAC address bits as required. This led to cases of duplicate MAC addresses in the field.Template:Citation needed

See also

• Organizationally Unique Identifier
• Internet Protocol version 6
• Hot Standby Router Protocol or standard alternative VRRP Virtual Router Redundancy Protocol, which allows multiple routers to share one IP address and MAC address to provide router redundancy. The OpenBSD project has an open source alternative, the Common Address Redundancy Protocol (CARP). On Linux, iptables has a CLUSTERIP target.
• NSAP address, another endpoint addressing scheme.
• Sleep Proxy Service, which may 'take over' another device's MAC address during certain periods

References

     | references-column-width 
     | references-column-count references-column-count-{{#if:1|30em}} }}
   | {{#if: 
     | references-column-width }} }}" style="{{#if: 30em
   | {{#iferror: {{#ifexpr: 30em > 1 }}
     | Template:Column-width
     | Template:Column-count }}
   | {{#if: 
     | Template:Column-width }} }} list-style-type: {{#switch: 
   | upper-alpha
   | upper-roman
   | lower-alpha
   | lower-greek
   | lower-roman = {{{group}}}
   | #default = decimal}};">

External links

Template:Wikibooks

• IEEE Registration Authority Tutorials
• IEEE Public OUI and Company_id Assignment lookup
• IEEE Public IAB list
• IEEE Public OUI list
• IANA Considerations and IETF Protocol Usage for IEEE 802 Parameters
• IANA list of Ethernet Numbers
• Wireshark's MAC address list