Sometimes we need to give a NIC or virtual interface a different MAC address. In my case I wanted to configure certain vagrant/VirtualBox VMs with specific MAC addresses so they could be assigned stable DHCP IPs.
Technically we could just make up any 48 bit number and it will probably work fine, especially if the network segment is small. There is a very low risk of collision.
But if you want to do it right…
MAC addresses are 48 bit values usually spelled out as 12 hex digits, grouped with dashes or colons, or nothing, as in:
For physical NICs, this value is burned into the hardware, but often can be overridden.
The first three octets are allocated mostly to organisations who make NICs.
These octets are called the Organisationally Unique Identifier (OUI).
14:7d:da above happens to be registered to Apple.
You can lookup prefixes here, and on other sites.
The other three octets are assigned by the organisation to individual NICs, almost like a serial number. No two NICs or virtual interfaces on the same network segment can have the same MAC address.
There is structure to the first octet of the OUI. The 7th and 8th bits have meaning:
Officially allocated OUIs always set the X- and M-bits to 0, indicating a globally unique prefix.
In the example above, the first octet is
14, which is
00010100. So that is an officially assigned OUI.
When the X-bit is 1, then the MAC address is considered Localy Administered. So you can make up any 48 bit value, set the 7th bit to 1, and the 8th bit to 0, and you will not collide with any official MAC addresses. Specifically, this means you can assign MAC addresses in the following ranges:
A good detailed description is available here on the IEEE website.
Recently there has been a move to segregate local MAC addresses for different use cases. RFC8948 Structured Local Address Plan (“SLAP”)
In this scheme, a further two bits of the first octet are used to determine a “Quadrant” when bit 7 is 1 (local). For our purposes the “Administratively Assigned” Quadrant is the best fit. So we should clear bits 5 (Z-bit) and 6 (Y-bit) in our local prefixes.
Our first octet should look like this:
This narrows down the usable range to:
Within SLAP, the
xE prefixes now have specific meanings and we should avoid them.
This means that you can make up any 48 bit value, and set the second nibble to
0010 and you will have a legitimate Locally Administered MAC address.