Duplicate MAC address on the same LAN possible?

networking security vlan local-area-network mac-address
94,065

Solution 1

It's possible for two hosts to have the same MAC, due to spoofing, a mistake during manufacturing, or willful negligence on the part of the manufacturer. So,

1) In general, an Ethernet switch keeps a table of which MAC addresses are attached to which ports. It bases this table on the source address of frames it receives during the normal operation of the network. Upon receiving any frame, the source MAC is read and compared with the current switching table, and then added alongside whichever switchport it was received on.

So if there are two hosts, both with the same MAC address, then the switch will update it's MAC table every time it receives a frame from either host. The reachability of either host will flap on and off and be inconsistent.

2) Short answer: no. Duplicate MAC addresses will not trigger any sort of security problem in an unmanaged switch (a switch without configuration software), or a managed switch (like most Cisco/HP/Junipers) that has not been configured for port security. Managed switches will give you a warning printed in the console terminal if they detect a duplicate MAC (a MAC that 'exists' on multiple switchports), but by default they won't "do anything" about it AFAIK.

If you want to use port security options on a managed switch, you can do stuff like only allow 1 MAC address per switchport. The MAC address will be learned dynamically by the switch (like it usually learns MACs), but the difference is that once it is learned, it is bound to that switchport. Then, if the switch receives frames from a duplicate MAC on another switchport, it can place that port into a disabled state (shut it down.)

You mentioned deauthentication in your question. The port security feature of some switches is different that "deauthentication"-- it is deauthorization. They are similar but the difference is important; look up authentication vs. authorization.

3) Duplicate MACs will not cause collisions. Collisions are the result of a shared electrical bus. It is more of a race condition, although I haven't heard it referred to like that before. Remember, duplicate MACs are "allowed", as far as any out-of-the-box Ethernet switch is concerned-- they just cause a problem that will interrupt network connectivity to each host in question. The problem is a constantly changing switching table.

Solution 2

Answers to your question:

  1. YES it is possible, and NO you'll not have consistent contact.

  2. You might...the administrator might see the problem and disable the ports on the switch.

  3. What I encountered was with two systems with the same MAC address connected to the same switch, and what I noticed was that networking would work with the LAST system to send out ethernet packets being selected. So it was when one system worked the other one didn't...quite amusing and puzzling to me until the networking guy pointed out the problem.

Share:
94,065

Related videos on Youtube

Aaron
Author by

Aaron

Passionate software engineer with strong knowledge and experience in Linux, security, and databases.

Updated on September 18, 2022

Comments

  • Aaron
    Aaron over 1 year

    Let's say someone is on the same network as me and spoofs their MAC address to match mine:

    1. Is this possible? Can two or more clients with the same MAC address be on the same network at the same time and stay consistently connected?
    2. When this happens, will I end up getting deauthenticated and kicked off the network if duplicate MAC addresses aren't allowed on the same network?
    3. If duplicate MAC addresses are allowed, what kind of behavior might I encounter? Collisions, race conditions, etc.?
  • mdpc
    mdpc over 11 years
    BTW, many many Unix/Linux/VMware vendors allow you to change/override the MAC address of your ethernet boards. So this is might not be an uncommon event if you happen to copy configurations from one system to another. That is what happened to me.
  • Brain2000
    Brain2000 over 7 years
    It sounds like a possible way to attack a host (such as the default gateway). Even if Dynamic ARP Inspection is turned on, the switch will still see your MAC address in a DHCP discover message. We use 802.1X, so we can't have port security turned on at the same time. In that situation I think the only way to defend against that is to use static entries in DAI.
  • Les
    Les about 6 years
    @mdpc - Windows OS/s can also have their MAC overridden in software.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

VLAN Configuration for Home Network
Send packet (frame) with different 'Sender's MAC'?
Why we need VLAN in any network?
What happens if two computers have the same MAC?
Private VLAN's under Linux?
Encryption between a LAN switch and an end device
Change MAC-Address in iOS5
Error in configuring network security xml in android
How much is in-secure to use rsync in daemon mode without ssh
network communication encryption in java