MAC address and MAC filtering in Computer Networks

To communicate or transfer data from one computer to another, we need an address. In computer networks, various types of addresses are introduced; each works at a different layer. A MAC address, which stands for Media Access Control Address, is a physical address that works at the Data Link Layer. In this article, we will discuss addressing a DLL, which is the MAC Address.

What is MAC (Media Access Control) Address?

The MAC address is used by the Media Access Control (MAC) sublayer of the Data-Link Layer. MAC Address is worldwide unique since millions of network devices exist and we need to uniquely identify each.

  1. Logical Link Control (LLC) Sublayer
  2. Media Access Control (MAC) Sublayer
redeemnetworks.com

 

Format of MAC Address

To understand what is MAC address is, it is very important that first you understand the format of the MAC Address. So a MAC Address is a 12-digit hexadecimal number (6-bit binary number), which is mostly represented by Colon-Hexadecimal notation.

The First 6 digits (say 00:40:96) of the MAC Address identify the manufacturer, called the OUI (Organizational Unique Identifier). IEEE Registration Authority Committee assigns these MAC prefixes to its registered vendors.

Here are some OUI of well-known manufacturers:

CC:46:D6 - Cisco 
3C:5A:B4 - Google, Inc.
3C:D9:2B - Hewlett Packard
00:9A:CD - HUAWEI TECHNOLOGIES CO.,LTD

Types of MAC Address

Unicast

A Unicast-addressed frame is only sent out to the interface leading to a specific NIC. If the LSB (least significant bit) of the first octet of an address is set to zero, the frame is meant to reach only one receiving NIC. The MAC Address of the source machine is always Unicast.

Multicast

The multicast address allows the source to send a frame to a group of devices. In Layer-2 (Ethernet) Multicast address, the LSB (least significant bit) of the first octet of an address is set to one. IEEE has allocated the address block 01-80-C2-xx-xx-xx (01-80-C2-00-00-00 to 01-80-C2-FF-FF-FF) for group addresses for use by standard protocols.

Broadcast

Similar to Network Layer, Broadcast is also possible on the underlying layer( Data Link Layer). Ethernet frames with ones in all bits of the destination address (FF-FF-FF-FF-FF-FF) are referred to as the broadcast addresses. Frames that are destined with MAC address FF-FF-FF-FF-FF-FF will reach every computer belonging to that LAN segment.

Why MAC and IP is needed ?

The reason for having both IP and MAC addresses lies in the way the Internet works, specifically in the structure of the OSI Model. This model is a conceptual framework that describes how data is sent and received over a network. It’s divided into seven layers, each performing specific functions.

  • Layer 2 uses MAC addresses and is responsible for packet delivery from hop to hop.
  • Layer 3 uses IP addresses and is responsible for packet delivery from end to end.

Layer 2 (Data Link Layeruses a MAC (Media Access Control) address. These are unique identifiers assigned to network interfaces for communications at the data link layer. The primary function of MAC addresses is to manage how data is transported from one network node to another on a direct, physical basis – this is also referred to as “hop to hop” delivery.

On the other hand, Layer 3 Network Layer ) uses an IP (Internet Protocol) address. These IP addresses are used to identify devices on a network and to route traffic between networks. The IP addresses ensure that the data gets from its original source reaches its final destination and it is also called “end-to-end” delivery of data.

Examples:

When a computer sends data, it first wraps it in an IP header, which includes the source and destination IP addresses. This IP header, along with the data, is then encapsulated in a MAC header, which includes the source and destination MAC addresses for the current “hop” in the path.

As the data travels from one router to the next, the MAC address header is stripped off and a new one is generated for the next hop. However, the IP header, which was generated by the original computer, remains intact until it reaches the final destination. This process illustrates how the IP header manages the “end to end” delivery, while the MAC headers handle the “hop to hop” delivery.

So, Both IP and MAC addresses are essential for the functioning of the Internet. While MAC addresses facilitate the direct, physical transfer of data between network nodes, IP addresses ensure that the data reaches its final destination.

MAC Filtering in Computer Network

Applications of MAC filtering in computer networks:

  • Access control: MAC filtering can be used to restrict access to a network by only allowing devices with authorized MAC addresses to connect. This can help prevent unauthorized access to the network and improve network security.
  • Parental controls: MAC filtering can be used by parents to restrict access to the internet for their children by allowing only specific devices to connect to the network.
  • BYOD policies: MAC filtering can be used to implement Bring Your Own Device (BYOD) policies in organizations. By allowing only authorized devices to connect to the network, organizations can ensure that only approved devices are used to access corporate resources.
  • Guest access
  • Wireless networks and Network monitoring
  • Compliance and Traffic management,Troubleshooting
  • Remote management and IOT.

Drawbacks:

  • It is time-consuming and tedious especially if you have a lot of Wi-Fi-enabled devices as you will need to get the MAC to address every device. The list of allowed devices should be modified whenever we want to purchase a new computer or mobile device or whenever we want to grant permission to a new device.
  • Two MAC addresses should be added for the PCs one being the wired adapter and one being the wireless adapter.
  • It won’t protect against hackers who know what they are doing. But you can use it for kids to disallow access as they don’t have adequate knowledge.
  • It can make the network less secure because now the hacker doesn’t have to crack your WPA2-encrypted password at all.

Leave a Reply