Cisco IOS: Understanding Ethernet MAC addresses

Although you may be familiar with Ethernet MAC addresses, what do you know about their applications in Cisco Internet Operating System (Cisco IOS? In this version of Cisco routers and switches, this article teaches you how to determine and modify the MAC address, and use it to filter traffic.

Most of you may know what an Ethernet MAC address is, but you may not know how to apply a MAC address in a Cisco Internet Operating System.

An Ethernet MAC address uniquely identifies every Ethernet device in the world. Suppliers of production network devices, such as Ethernet network interface cards, wireless devices, routers and switches, pre-compile these addresses into their devices.

MAC addresses include other names, including physical addresses in Windows), Ethernet addresses, and hardware addresses. Whatever its name, it is a 12-character hexadecimal string. The following are some examples:

1234.5678.90ab
12-34-56-78-90-AB
12.34.56.78.90. AB
Determine your MAC address

In Windows, you can use the ipconfig/all command to find out your MAC address. List A is an instance.

In the output result of this command, you can find the MAC address in the physical address list. You can also use the show mac-address-table command to find similar information from the vswitch connected to this computer. The following is an example:

Switch # show mac-address-table

Mac Address Table

-------------------------------------------

VlanMac AddressTypePorts

----------------------------

All0014.1c40. b080STATICCPU

All01001_ccc. ccccSTATICCPU

All01001_ccc. cccdSTATICCPU

All01001_cdd. ddddSTATICCPU

1000f. 1fd3. d85aDYNAMICFa0/14

On a Cisco router, you can use the show interfaces command to find out which MAC address your interface uses. The following is an example:

RouterB # show interfaces

Ethernet0/0 is up, line protocol is up

Hardware is AmdP2, address is 0003. e39b. 9220 (bia 0003. e39b. 9220)

Internet address is 1.1.1.1/8

On the second line of each interface, you will see the hardware address with the burning address BIA. In the preceding example, the hardware address is 0003. e39b. 9220.

Each Ethernet interface on a Cisco router has its own Ethernet MAC address. Special devices such as routers and vswitches have many specific built-in addresses. For example, the four addresses shown in the output result of the show mac-address-table command above belong to this type; all the listed rows belong to the static type.

Modify MAC address

We call it MAC spoofing to modify the default MAC address. This term is often used to express inappropriate behaviors, especially wireless network hacker behaviors, so it is derogatory. However, MAC spoofing does have a reasonable purpose, such as testing MAC filtering.

To change the MAC address on a Cisco router, run the mac-address command in Interface Configuration Mode. You just need to use this command for the new MAC address -- that's simple. The following is an example:

RouterB # conf t

Enter configuration commands, one per line. End with CNTL/Z.

RouterB (config) # int e0/0

RouterB (config-if) # mac-address 2.16.0000.0001

RouterB (config-if) # ^ Z

RouterB #

RouterB # show int e0/0

Ethernet0/0 is up, line protocol is up

Hardware is AmdP2, address is 2.16.0000.0001 (bia 0003. e39b. 9220)

Internet address is 1.1.1.1/8

After modifying the MAC address, you can run the show interface command to view the new address.

Filter traffic based on MAC address

Assume that you discover a device sends malicious traffic to your network through the protocol analyzer. And this device seems to be a multi-connection device-that is, it is sending traffic to you by multiple IP addresses.

You can use the show mac-address-table command to find the switch port it uses and run the shutdown command to close the port. But what if it is connected to a hub with another device or from a network that you cannot control?

In this case, you can apply a MAC address filter to filter traffic on routers or switches. For example:

Cat3750Switch (config) # mac access-list ext filtermac

Cat3750Switch (config-ext-macl) # deny host Authentication .0000.0001 any

Cat3750Switch (config-ext-macl) # permit any

Cat3750Switch (config-ext-macl) # exit

Cat3750Switch (config) # int g1/0/40

Cat3750Switch (config-if) # mac access-group filtermac in

In this example -- with a Cisco Catalyst gibit Ethernet switch, we create a MAC address access control table with the filtermac extension. This access control table ACL) rejects all traffic from the source MAC address 2017.0000.0001 and allows other traffic. Then, we apply the MAC address access control table to the interface 1/0/40 of the gebits Ethernet interface, which prevents traffic from devices with that MAC address from entering that port, regardless of the IP address.

Remember, using MAC addresses to filter traffic is not a safe method-you can easily change the MAC address on your operating system.

For more information about MAC address access control tables, see create a named MAC extended access control table file. If you have any suggestions for switching configurations that are worth sharing with us, or if you want to see other switch topics in this column, please put forward your point of view in the discussion below.

David Davis has been engaged in IT for 12 years and has obtained a series of certificates including CCIE, MCSE + I, CISSP, CCNA, CCDA and CCNP. Currently, he serves as a system/network administrator in a private retail company and works as a part-time consultant for networks/systems.