MAC Address
What is MAC Address?
MAC AddressA 48-bit hardware identifier (IEEE 802) burned into a network interface and used for delivery within a single link-layer segment.
A Media Access Control address is a 48-bit identifier defined by IEEE 802 standards, typically written as six hex octets (e.g., 00:1A:2B:3C:4D:5E). The high-order bits are an Organizationally Unique Identifier (OUI) assigned to a vendor, the low-order bits are device-specific, and two reserved bits mark whether the address is unicast/multicast and globally/locally administered. MAC addresses scope only to the local broadcast domain; routers strip and rewrite them at each hop. Switches build CAM/MAC tables from observed source MACs, which makes MAC flooding, MAC spoofing, and CAM-table overflow practical attacks. Defenses include port-security limits, sticky MACs, 802.1X, MAC randomization on clients, and dynamic ARP inspection.
● Examples
- 01
A switch port-security rule allows only MAC 00:1A:2B:3C:4D:5E to use the port.
- 02
Modern smartphones randomize Wi-Fi MAC addresses per SSID to limit tracking.
● Frequently asked questions
What is MAC Address?
A 48-bit hardware identifier (IEEE 802) burned into a network interface and used for delivery within a single link-layer segment. It belongs to the Network Security category of cybersecurity.
What does MAC Address mean?
A 48-bit hardware identifier (IEEE 802) burned into a network interface and used for delivery within a single link-layer segment.
How does MAC Address work?
A Media Access Control address is a 48-bit identifier defined by IEEE 802 standards, typically written as six hex octets (e.g., 00:1A:2B:3C:4D:5E). The high-order bits are an Organizationally Unique Identifier (OUI) assigned to a vendor, the low-order bits are device-specific, and two reserved bits mark whether the address is unicast/multicast and globally/locally administered. MAC addresses scope only to the local broadcast domain; routers strip and rewrite them at each hop. Switches build CAM/MAC tables from observed source MACs, which makes MAC flooding, MAC spoofing, and CAM-table overflow practical attacks. Defenses include port-security limits, sticky MACs, 802.1X, MAC randomization on clients, and dynamic ARP inspection.
How do you defend against MAC Address?
Defences for MAC Address typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for MAC Address?
Common alternative names include: Hardware address, Physical address.
● Related terms
- network-security№ 061
ARP
A link-layer protocol (RFC 826) that maps an IPv4 address to the MAC address of a host on the same broadcast domain so that frames can be delivered.
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- network-security№ 1206
VLAN
A virtual LAN (IEEE 802.1Q) groups switch ports into separate broadcast domains by tagging Ethernet frames with a 12-bit VLAN ID.
- attacks№ 638
MAC Spoofing
Changing a network interface's hardware MAC address to impersonate another device, bypass MAC-based access controls, or evade tracking.
- network-security№ 1113
Subnet
A contiguous range of IP addresses that share a common prefix, defining a single broadcast domain and routing boundary on a network.
- attacks№ 062
ARP Spoofing
A local-network attack that sends forged ARP messages to bind the attacker's MAC address to another host's IP, redirecting traffic through the attacker.