Access to Ethernet MAC address change application instance

The Ethernet MAC address uniquely identifies each Ethernet device in the world. Each manufacturer of network equipment must write the MAC address into its device (e.g. Ethernet network card, router, switch, etc.) beforehand. Various media have many articles about how to get a MAC address. Today we mainly discuss how to obtain and change MAC address in Cisco IOS, and use MAC address to filter network traffic.

Get MAC Address

In the Switch's command input window, enter "show mac-address-table" to get the MAC address table, for example:

Switch# show mac-address-table
　　　　　 Mac Address Table
-------------------------------------------
Vlan　　Mac Address　　　 Type　　　　Ports
----　　-----------　　　 --------　　-----
All　　0014.1c40.b080　　STATIC　　　CPU
All　　0100.0ccc.cccc　　STATIC　　　CPU
All　　0100.0ccc.cccd　　STATIC　　　CPU
All　　0100.0cdd.dddd　　STATIC　　　CPU
　 1　　000f.1fd3.d85a　　DYNAMIC　　 Fa0/14

On the Cisco router, you can use show interfaces to view the MAC address. For example:RouterB# show interfaces
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0003.e39b.9220 (bia 0003.e39b.9220)
Internet address is 1.1.1.1/8

In the second line, you can see: "Bia 0003.e39b.9220", BIA is the "burning Address" (burned), the MAC address is 0003.e39b.9220.

Change MAC Address

Changing MAC address is essentially the negative meaning of Mac spoofing. Especially for wireless network attacks, changing the MAC address is a common method. Changing the MAC address can also be used for legitimate purposes, such as testing Mac filtering.

To change the MAC address of the device on the router, use the "mac– Address" command under Interface Configuration mode (interface configuration). For example:

RouterB# conf t
Enter configuration commands, one per line.　End with CNTL/Z.
RouterB(config)# int e0/0
RouterB(config-if)# mac-address 0000.0000.0001
RouterB(config-if)#^Z
RouterB#
RouterB# show int e0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0000.0000.0001 (bia 0003.e39b.9220)
Internet address is 1.1.1.1/8

After changing the MAC address, you can use the show interface command to view the new address.

Communication filtering based on MAC address

Through the protocol analyzer, some devices in the network can be found to be abnormal data communication. For example, a device sends packets over multiple IP addresses.

In this case, you can use the show mac-address-table command to view the switch port it uses, and you can turn off this port. But what if this port is connected to a hub and the hub is connected to many other devices?

One way is to filter data from a router or switch using MAC address filtering. Here is an example:

Cat3750Switch(config)# mac access-list ext filtermac
Cat3750Switch(config-ext-macl)# deny host 0000.0000.0001 any
Cat3750Switch(config-ext-macl)# permit any any
Cat3750Switch(config-ext-macl)# exit
Cat3750Switch(config)# int g1/0/40
Cat3750Switch(config-if)# mac access-group filtermac in

This command is completed on the Cisco Catalyst 3750 Gigabit Ethernet switch switch. We created an ACL called "Filtermac" (Access Control Table). This ACL rejects all data communication with the source address of 0000.0000.0001 (hexadecimal not binary), but allows data communication from other addresses. This ACL is applied to the interface 1/0/40, which prevents the device that owns the MAC address from communicating with this port, regardless of its IP address.

But, anyway, MAC address filtering is not a security measure because other people can easily change the MAC address.