What is a MAC Address?
A MAC address (Media Access Control address) is a unique physical address assigned to a deviceβs network interface card (NIC). It identifies the device at layer 2 (data link layer) of the OSI model.
MAC addresses are essential for communication within a local network (LAN) and are widely used in both IT and OT networks for identification, filtering and configuration.
π§ How does a MAC address work?
-
A MAC address is 6 bytes (48 bits) long and is represented as 12 hexadecimal digits,
for example:
00:1A:2B:3C:4D:5E - The first 3 bytes form the Organizationally Unique Identifier (OUI), assigned to the manufacturer
- The last 3 bytes are used by the manufacturer to assign unique addresses to devices
- Switches use MAC addresses in their MAC tables to forward network traffic efficiently
MAC addresses are used in protocols such as BOOTP, DHCP, ARP and in establishing Ethernet communication.
π Use of MAC addresses in industrial networks
- Assignment of fixed IP addresses via BOOTP or DHCP reservations
- Configuration of Firewall or ACL rules based on MAC filtering
- Monitoring of network activity via SNMP or SIEM systems
- Identification of devices in Asset Inventory tools
- Management of wireless connections in guest networks or temporary networks
In OT environments, MAC addresses are often used to automatically recognise and configure new devices based on their hardware identity.
π MAC address vs. IP address
| Aspect | MAC address | IP address |
|---|---|---|
| Layer | OSI layer 2 (data link) | OSI layer 3 (network) |
| Assignment | Factory-set, usually permanent | Dynamic via DHCP or manual |
| Purpose | Unique identification on a local network | Routing across larger networks |
| Mutability | Difficult (but possible via spoofing) | Easy to change |
| Use | Switch forwarding, BOOTP, filtering | Internet communication, subnet routing |
π Security considerations
- MAC spoofing is possible: an attacker can imitate the MAC address of a trusted device
- Use Port Security on switches to admit known MACs and block others
- Combine MAC filtering with 802.1X authentication for stronger access control
- Log MAC addresses via SIEM or Syslog for auditing and forensic investigation
- Restrict broadcast protocols such as ARP and BOOTP via VLAN or Firewall rules
π In summary
A MAC address is the unique serial number of every network interface, indispensable for local communication and the configuration of network security. In industrial networks, it is widely used for identification, addressing and access management.