The Ethernet MAC address uniquely identifies each Ethernet device in the world. This article describes how to obtain the MAC address and how to change the MAC address.
Obtain the MAC address
In the command input window of the switch, enter "show mac-address-table" to obtain the MAC address table, for example:
Switch # show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
----------------------------
All 0014.1c40.b080 STATIC CPU
All 01001_ccc.cccc STATIC CPU
All 01001_ccc.cccd STATIC CPU
All 01001_cdd.dddd STATIC CPU
1 000f. 1fd3. d85a DYNAMIC Fa0/14
On a Cisco router, you can use "show interfaces" to view the MAC address. For example:
RouterB # show interfaces
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 0003. e39b. 9220 (bia 0003. e39b. 9220)
Internet address is 1.1.1.1/8
In the second row, we can see that "bia 0003. e39b. 9220", bia is "Burning address" burned in address), and MAC address is 0003. e39b. 9220.
Change MAC address
Changing the MAC address actually means MAC spoofing. In particular, changing the MAC address is a common method for attacks on wireless networks. Changing the MAC address can also be used for legal purposes, such as testing MAC filtering.
To change the MAC address of a device on a vro, run the "mac-address" command in Interface Configuration Mode. For example:
RouterB # conf t
Enter configuration commands, one per line. End with CNTL/Z.
RouterB (config) # int e0/0
RouterB (config-if) # mac-address 2.16.0000.0001
RouterB (config-if) # ^ Z
RouterB #
RouterB # show int e0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is 2.16.0000.0001 (bia 0003. e39b. 9220)
Internet address is 1.1.1.1/8
After changing the MAC address, you can use the show interface command to view the new address.
MAC address-based communication Filtering
The protocol analyzer can detect abnormal data communication between some devices in some networks. For example, a device sends data packets through multiple IP addresses.
In this case, you can run the show mac-address-table command to view the vswitch port used by the port and disable the port. However, what if the port is connected to a hub and the hub is connected to many other devices?
One way is to use MAC address filtering to filter data communication between routers or switches. The following is an example:
Cat3750Switch (config) # mac access-list ext filtermac
Cat3750Switch (config-ext-macl) # deny host Authentication .0000.0001 any
Cat3750Switch (config-ext-macl) # permit any
Cat3750Switch (config-ext-macl) # exit
Cat3750Switch (config) # int g1/0/40
Cat3750Switch (config-if) # mac access-group filtermac in
This command is completed on the Cisco Catalyst 3750 Gigabit Ethernet switch. We created an ACL access control table named "filtermac ). This ACL rejects all data communication with the source address, which is not binary in hexadecimal format. Apply the ACL to interface 1/0/40, which prevents the communication between the device with this MAC address and the current port, regardless of its IP address. However, in any case, MAC address filtering is not a security measure, because others can easily change the MAC address.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
