MAC Address

核心 · Key Idea

In one line: A MAC address is a 6-byte (48-bit) hardware identifier burned into the NIC, written as aa:bb:cc:dd:ee:ff. It's used for addressing within a single layer-2 broadcast domain; it has no meaning across subnets.

What it is#

aa:bb:cc:dd:ee:ff
└─ OUI ──┘ └─ vendor-internal ──┘
   24 bits     24 bits

The first 24 bits, OUI (Organizationally Unique Identifier), are assigned by IEEE: Apple, Intel, Huawei each have prefixes.
The last 24 bits are vendor-managed.
Theoretically globally unique; in practice can be changed in software.

Analogy#

打个比方 · Analogy

IP is your room number (you can switch rooms); MAC is your ID card number (issued at the factory). But ID numbers can be forged too — don't treat MAC as trustworthy identity.

Key concepts#

Unicast MACUnicast

First-byte LSB = 0; addressed to a specific host.

Multicast MACMulticast

First-byte LSB = 1; to a group. e.g. IPv6 ND uses 33:33:xx:xx:xx:xx.

Broadcast MACBroadcast

ff:ff:ff:ff:ff:ff — every host on the subnet.

Local / globalU/L bit

Second-lowest bit of byte 1: 0 = vendor-burned, 1 = locally administered (e.g. VM virtual NICs).

MAC randomisationMAC Randomization

iOS / Android use random MACs while probing Wi-Fi to avoid tracking.

How it works#

The switch reads the destination MAC of each frame:

in MAC table → forward to that port;
not in MAC table → flood to all ports (except source).

Practical notes#

ip link show / ifconfig show local MAC.
Change MAC: ip link set eth0 address xx:xx:xx:xx:xx:xx.
MAC flapping: same MAC seen on multiple ports — usually a loop / shared NIC; switches alarm.
MAC table aging: 5 min default; idle entries get removed.
Privacy: phones use random MACs while scanning Wi-Fi (iOS default), then use the real MAC after associating (depends on settings).

Easy confusions#

**Logical address**, mutable.
For inter-subnet routing.

MAC

**Physical address**, on the NIC.
Only meaningful within a subnet.