Networking mac and linux

MAC VLAN

A MAC VLAN can be thought of as a reverse VLAN under Linux. instead of taking a single interface on the OS side of a network interface and mapping it to multiple virtual networks on the Network side of the interface (one to many). A MAC VLAN takes a single Network interface and creates multiple virtual ones with different MAC addresses (many to one).

While under Linux an interface can already have multiple addresses, a MAC VLAN allows further isolation on what traffic can be seen on such an interface. A MAC VLAN will only be able to see traffic that has a MAC address that matches the interface, Preventing processes on other interfaces from listening in on traffic destined for another MAC VLAN.

Usage

• Replace bridge setups with a more lite-weight solution in situations where the bridge is just providing egress to the normal network and is not set up as a private internal network between Guests on the host.
• for use with MAC Address filtering where some devices are put onto a separate network based on their MAC address (eg in the case of a VoIP phone, bring up a MAC VLAN that is recognized as a VoIP phone by the switch at the other end and put on a voice VLAN, then set it up with static or DHCP IP address and force your VoIP softphone to listen on that interface, while your normal traffic goes out onto the normal traffic VLAN).
• When consolidating multiple hosts together, a MAC VLAN can be created on the new host for every public interface on the old hosts with the same MAC address as the old host’s interface. As DHCP can only assign a single IP address per interface, doing the above will allow you to run multiple DHCPs with one per interface and have the old services available at the old addresses allocated by DHCP, Minimizing the amount of configuration changes needed to consolidate hosts.

Setup

To create a MAC VLAN interface and auto generate a MAC address use the following command:

This will create a new interface called mac0@eth0 that can have an IP address assigned to it or use DHCP to assign an address. Note that to bring the interface up, The main interface the virtual link is bound to must also be in the ‘UP’ state.

You do not need to specify the full mac0@eth0 to make changes to the mac0 interface, the ‘@eth0‘ is for display purposes only.

if you need to create a MAC VLAN with a specific mac address use the form:

This will create a new interface called mac1@eth0 with a preset MAC address (56:61:4f:7c:77:db, generated from script below). the MAC address may be a randomly generated MAC address or can be cloned from an existing interface (eg when consolidating hosts).

Notes

• The Second bit of the most significant Byte indicates if the MAC address is Locally or Universally administered. when generating MAC addresses, this bit should be set to ‘1’, indicating it is Locally administered.
• Deleting the main interface the link is bound to (eg in the case of a bridge) will cause the MAC VLAN interfaces bound to that interface to also be deleted.

Modes

a MAC VLAN can be created in one of 4 modes: private , vepa , bridge or passthru and is documented in the git commit 618e1b7482f7a8a4c6c6e8ccbe140e4c331df4e9 (linked below) for the Linux kernel.

Which mode you choose depends on your networking hardware and security requirements. In most cases passthru should ‘just work’ however if you experience issues with 2 MAC VLANs being able to communicate consider the ‘bridge’ mode below to have Linux handle switching of the packets between interfaces.

• Private: Filter all incoming packets so that no MAC VLAN bound to an interface can communicate with each other (drop all packets ingressing over the interface that have a source MAC address that matches one of the MAC VLAN interfaces).
• VEPA: This mode expects a VEPA/802.1Qbg capable switch at the other end of the interface. The switch on the other end acts as a reflective relay, As such we forward all traffic out to the switch even if it is destined for us and rely on the switch at the other end to send it back (aka ‘Hairpin’ mode). Useful when there are network level policies being enforced by the switches (eg DHCP filtering).
• Bridge: Provide a pseudo bridge to allow MAC VLANs bound to the same interface to communicate without the packet being sent out the network interface.
• Passthru: Just pass the packet to the network. The default behavior of a L2 switch is to not send a packet back down the port it egressed from to prevent loops forming. This has the effect of making a MAC VLAN in this mode with a standard switch behave as if it was in Private mode and prevent cross MAC VLAN communication

In both VEPA and Passthru modes traffic destined to a different MAC VLAN on the same interface will transit the physical interface twice, Once to egress the interface where it is switched and sent back and ingresses via the same interface. As this can affect available physical bandwidth and also restricts inter MAC VLAN traffic to the speed of the physical connection.

In Private mode, No node may communicate with each other. This can help prevent discovery of other MAC VLANs and may be useful in a multi-tenant environment in conjunction with a switch that sends all traffic to a router.

In Bridge mode all traffic between MAC VLANs will be switched in memory, this can lead to higher network speeds between interfaces than VEPA or Passthru due to memory typically being faster than network interfaces. this may incur some additional cpu overhead to handle each packet.

MAC Address Generation

To generate a new random mac address with all the bits set corectly use the following script:

Links

• git entry explaining the diffrent modes (Alternativly, run git log 618e1b7482f7a8a4c6c6e8ccbe140e4c331df4e9 in a checkout of the Linux source code)
• VEPA Support: Notes on VEPA support in the linux kernel (useful for understanding what this feature does)
• Edge Virtual Bridging: More background on VEPA
• Transparent Bridging: Flooding behavior for switches

Virtual Ethernet Device

Virtual Ethernet device pairs are a pair of fake Ethernet devices that act as a pipe, Traffic sent via one interface comes out the other. As these are Ethernet devices and not point to point devices you can handle broadcast traffic on these interfaces and use protocols other than IP.

The are most useful in conjunction with containers and are the main way to get traffic into and out of a container with a separate network namespace. Where the host can then route the traffic or attach the interface to a bridge.

Usage

• Creating virtual networks between containers
• Providing a routed link for a container
• Providing an endpoint that can be bound to a bridge device for a container
• Emulating high latency internet links (see links section below)
• Emulate Networks in conjunction with bridges

Setup

To create a virtual ethernet pipe with one end called veth0 and the other called veth1, use the following command:

You can also set values for either end of the link in the same command using the normal syntax for the left hand side link and by adding the values after the peer statement for the right hand side of the link.

the above command uses this to explicitly set the name of the right hand side of the link, which if not specified will be set to the same as the left hand side and fail with the following error:

Источник

Linux or UNIX: HowTo Find Out or Display The Ethernet Address (MAC)

M edia Access Control (MAC) address is a unique identifier attached to most networking devices (such as router, Ethernet cards, servers, nas devices, switches and so on).

This blog posts demonstrates how to get the Media Access Control (MAC) address for an ethernet adapter under Linux, Unix, Apple OS X, and *BSD operating systems using command line options.

Use ifconfig Command To Find Out Mac Address Under Unix Like Operating Systems

You can use the ifconfig command to view the mac address of your own computer or an ethernet adapter, enter:
# ifconfig
# ifconfig eth0
Sample outputs:

I recommend that you pass -a option to ifconfig command to get details about all interfaces which are currently available, even if down:
# ifconfig -a

Use ip Command To Find Out Mac Address Under Linux

Most modern Linux distro prefer to use the ip command:
# ip addr show
# ip addr show eth0
# ip addr show eth1
# ip addr show bond0
Sample outputs:

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

Find out my Mac address

Use the arp command to manipulates or displays the kernel’s IPv4 network neighbour cache i.e. use the following to see your routers or other computers mac address on other end:
$ arp
Sample outputs:

$ arp -n
Sample outputs:

• -n : Shows numerical addresses instead of trying to determine symbolic host, port or user names.

arp manipulates the kernel’s ARP cache in various ways. The primary options are clearing an address mapping entry and manually setting up one. The arp command works under:

• Linux
• *BSD
• UNIX
• MS Windows
• Apple OS X and other Unix like operating systems

A Note About IBM AIX Unix Users

Type the following command to find out the mac address:
# netstat -ia

A Note About HP-UX Unix Users

Type the following command to find out the mac address:
# lanscan

Task: Changing MAC addresses

Please note that physical MAC addresses are permanent, but several mechanisms allow modification (read as spoofing) of the MAC address that is reported by the operating system. Under Linux you can type the command to setup a new MAC address :
# ifconfig eth0 down
# ifconfig eth0 hw ether 01:02:03:04:05:06

If you are using FreeBSD type the following command:
# ifconfig nc0 ether 01:02:03:04:05:06

If you are using OpenBSD or Mac OS X type the following command:
# ifconfig nc0 lladdr 01:02:03:04:05:06

Under MS-Windows XP or 2003 server the MAC address can be changed in the Ethernet adapter’s Properties menu > Advanced tab > Look for MAC Address > Locally Administered Address > Ethernet Address > Physical Address option. Also, note that some ISP’s may use MAC addresses to control the access (a rare case these days). Therefore, if you change MAC address you may lose the connectivity to the Internet.

Page last updated at 7:44 PM, March 31, 2012.

Источник

How to Look Up MAC Addresses

• What is a MAC address?
• Finding the IP and MAC address using the command-line
• The IP command
• Finding the IP address in Linux systems
• Finding the MAC Address in Linux systems

Media Access Control (MAC) Address

The MAC address, also known as Media Access Control address, is a unique and separate hardware number of a particular computer, especially in a LAN (Local area network) or in other networks. When you are connected to the Internet as a host or your computer is connected to the Internet, the IP address of your computer is linked to the physical MAC address of the computer on a LAN. The MAC address is the same as the Ethernet address on the Ethernet LAN. In telecommunication protocols, the media access control, which is the sublayer of the data-link layer, uses the MAC address. For each type of device, there is a different MAC sublayer. In the DLC layer, the other sublayer is a logical link control sublayer.

Next, we will show you how to find the IP and MAC addresses of a device with the help of the command-line in Linux.

Finding IP and MAC Address Using the Command-Line

With the help of the IP command, you can find both the IP and MAC address of your network connection. Here, we will discuss the networking command IP in Linux. The network parameters of Linux are useful to withdraw by using this command. This command will work on different Linux systems, such as Kali Linux, Arch Linux, Fedora, Ubuntu, etc.

The IP command

The IP command replaces the ifconfig command, which is part of the net-tools package. The IP command is very strong and powerful. The syntax of the IP command is written as follows:

In the above command, the xx will be replaced by the following two to obtain the preferred result. These operators include:
-s, which is used to show more information related to the command
-V, which is used to show the ip utility version

To check IP address in Kali Linux, enter the ifconfig command, as shown below:

Finding the IP Address of a Linux System

To list each of the IP addresses of a system, write the following command in the terminal:

This command will display all the IP addresses with their device names that are currently available. If someone does not like the default IP address connected to the internet, then they can use a grep parameter. The parameter can be written as shown below:

Another option is to use the device name, but in this case, it is essential to use the names of the particular network devices. To do this, enter the following command:

Here, you will see that the Ethernet connection is eth0, while wlp2s0 represents the wireless connection. We will use the eth0 in this example:

Finding the MAC Address of a Linux System

Any network device has a critical parameter, such as a MAC address, that will also include the hardware of the computer or a server. There is a unique MAC address for each device on the network that is connected to the computer.

Enter the ip link command into the terminal, as shown below:

The ip link utility lists several parameters for a device. There are two lines for each of the devices for the link-state and their properties. The first line will show the current state of the particular device, the maximum transmission unit, a set of flags on the device, etc. Similarly, the second line will indicate the current MAC address or the type of link layer currently in use. The previous example found the MAC addresses of the two LAN connections currently in use.

Conclusion

This tutorial showed you how to look up MAC addresses in Linux. The commands in this article work with many distros, including Kali, Arch, and Ubuntu Linux machines.

About the author

Younis Said

I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.

Источник