🌐

MAC Address Fundamentals and Switch Operations

Sep 2, 2025

Overview

This lecture explains the purpose, structure, and use of MAC addresses in networking, with emphasis on how switches use MAC address tables and related security concerns.

MAC Address Fundamentals

  • The MAC address (Media Access Control address) is a unique hardware identifier for the Ethernet adapter in a device.
  • It is 48 bits (6 bytes) long and typically shown in hexadecimal, separated by colons, periods, or delimiters.
  • The first 3 bytes are the Organizationally Unique Identifier (OUI) identifying the manufacturer.
  • The last 3 bytes are unique per network interface card, acting as a serial number.
  • The MAC address is stored in the adapter's ROM and often called the "burned-in address."

Switches and MAC Address Tables

  • Ethernet switches use MAC addresses to determine how to forward network frames.
  • Switches build a temporary MAC address table by recording source MAC addresses seen on inbound frames and their associated switch interfaces.
  • If a switch receives a frame with a destination MAC not in its table, it floods the frame to all interfaces.
  • The MAC address table entries are temporary and typically expire after about 5 minutes.

MAC Address Learning and Forwarding

  • When a device sends a frame, the switch notes the source MAC and the interface it arrived on and adds them to the table.
  • Future traffic destined for this MAC address is sent out the recorded interface only.
  • This process allows the switch to direct traffic only to intended devices, not all devices connected.

MAC Flooding and Security

  • Switches have a limited-capacity MAC address table.
  • MAC flooding is an attack where many fake MAC addresses are sent to fill the table, forcing the switch to flood traffic to all ports.
  • This can allow attackers to capture network traffic meant for other devices.
  • Modern switches offer port security features to limit the effectiveness of MAC flooding.

Key Terms & Definitions

  • MAC Address β€” A unique hardware address assigned to a device's network adapter.
  • OUI (Organizationally Unique Identifier) β€” The first 3 bytes of a MAC address identifying the manufacturer.
  • MAC Address Table β€” A switch's record of known MAC addresses and their corresponding interfaces.
  • MAC Flooding β€” An attack that overwhelms the MAC address table to force switch flooding.
  • Port Security β€” A switch feature that limits MAC flooding and enhances network security.

Action Items / Next Steps

  • Review your switch’s specifications to determine its MAC address table capacity.
  • Learn how to configure port security on your network switches.

Full transcript