Page 746 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 746
(24 bits) represent a unique number assigned to that interface by the
manufacturer. No two devices can have the same MAC address in the
same local Ethernet broadcast domain; otherwise an address conflict
occurs. It is also good practice to ensure that all MAC addresses across
a private enterprise network are unique. While the design of MAC
addresses should make them unique, vendor errors have produced
duplicate MAC addresses. When this happens either the NIC hardware
must be replaced or the MAC address must be modified (i.e., spoofed)
to a nonconflicting alternative address.
EUI-48 to EUI-64
The MAC address has been 48 bits for decades. A similar
addressing method is the EUI-48. EUI stands for Extended Unique
Identifier. The original 48-bit MAC addressing scheme for IEEE
802 was adopted from the original Xerox Ethernet addressing
method. MAC addresses typically are used to identify network
hardware, while EUI is used to identity other types of hardware as
well as software.
The IEEE has decided that MAC-48 is an obsolete term and should
be deprecated in favor of EUI-48.
There is also a move to convert from EUI-48 to EUI-64. This is
preparation for future worldwide adoption of IPv6 as well as the
exponential growth of the number of networking devices and
network software packages, all of which need a unique identifier.
A MAC-48 or EUI-48 address can be represented by an EUI-64. In
the case of MAC-48, two additional octets of FF:FF are added
between the OUI (first 3 bytes) and the unique NIC specification
(last 3 bytes)—for example, cc:cc:cc:FF:FF:ee:ee:ee. In the case of
EUI-48, the two additional octets are FF:FE—for example,
cc:cc:cc:FF:FE:ee:ee:ee.
Among the protocols at the Data Link layer (layer 2) of the OSI model,
you should be familiar with Address Resolution Protocol (ARP). ARP
is used to resolve IP addresses into MAC addresses. Traffic on a
