🌐

MAC Address and Switch Functionality

Jun 16, 2025

Overview

This lecture explains MAC addresses, their structure and role in network communication, how switches use MAC address tables for forwarding frames, and security issues like MAC flooding.

MAC Address Fundamentals

  • The MAC address (Media Access Control address) is a unique hardware identifier for an Ethernet adapter.
  • MAC addresses are 48 bits (6 bytes) long and displayed in hexadecimal, separated by colons or periods.
  • The first 3 bytes of a MAC address are the Organizationally Unique Identifier (OUI), identifying the manufacturer.
  • The last 3 bytes are specific to the network interface controller, acting as a serial number.
  • MAC addresses are stored in the adapter's ROM and are sometimes called the "burned-in address."

Switches and MAC Address Tables

  • Switches use MAC addresses to forward frames to the correct device.
  • Switches build a temporary MAC address table by learning source MAC addresses from inbound frames.
  • Each entry in the table maps a MAC address to the switch interface where it was last seen.
  • If a frame's destination MAC is in the table, the switch forwards it to the appropriate interface.
  • If the destination MAC is unknown, the switch floods the frame to all interfaces.
  • MAC address table entries expire after a set time (often ~5 minutes).

Example: Frame Forwarding and Learning

  • When a new device sends a frame, the switch adds its source MAC and the port to the table.
  • Future frames destined for this MAC are sent only to its associated port, not all devices.

MAC Flooding Attack

  • Switches have limited space for MAC address tables.
  • Attackers can send frames with many fake MAC addresses to fill the table (MAC flooding).
  • Once full, the switch floods all frames to every interface, like a hub, exposing network traffic.
  • Modern switches can use port security to limit or prevent MAC flooding.

Key Terms & Definitions

  • MAC Address β€” Unique identifier for a network device's hardware interface.
  • OUI (Organizationally Unique Identifier) β€” First 3 bytes of MAC address identifying the manufacturer.
  • MAC Address Table β€” Switch's record of MAC addresses and the associated interfaces.
  • MAC Flooding β€” Attack that overwhelms a switch’s MAC table, causing frame flooding.

Action Items / Next Steps

  • Review port security settings for your switch to understand how to mitigate MAC flooding attacks.

Full transcript