7

When adding network adapters to a network bridge, it generates a new MAC address from one of the unbridged ones but with the locally administered bit set.

For example, if the original MAC address is 00-aa-bb-cc-dd-ee, the new bridge MAC address would be 02-aa-bb-cc-dd-ee.

Is there any way to prevent this bit being set?

Robin Cocks
  • 71
  • 2

2 Answers2

5

The bit is being set for a reason, it means that the MAC address was locally generated and may not be globally unique.

See the diagram in the Mac Address wiki page for more details.

Since Windows uses a closed source model, it will probably be impossible to change this behavior.

Also, I am not clear on this part but because documentation is not available there might not be a better explanation available. The way Windows creates bridges is that it creates a virtual adapter associated with the real adapter and sets the mac id as you described. It then proceeds to change its routing tables associated with that adapter so that it can form a bridge.

In short, no there doesn't seem to be any documented way to prevent that behavior.

John Gardeniers
  • 27,458
  • 12
  • 55
  • 109
Akshet
  • 316
  • 1
  • 7
  • But the address was not locally generated and is globally unique. There doesn't seem to be any reason the locally-administered bit was set. – David Schwartz Aug 05 '12 at 00:54
  • Nah, there is nothing stopping someone thing from using the same macid. Somewhere in the world there might be a program which generates this macid randomly and assigns it to an interface, out of pure coincidence you macid is no longer unique... The default macid are guaranteed to be unique for every interface as long as no one cheats :) – Akshet Aug 05 '12 at 01:36
  • That's why what Windows does is so stupid. The hardware MAC address is guaranteed to be globally unique. Setting the "locally administered" bit produce a MAC address that is no longer guaranteed to be unique. – David Schwartz Aug 05 '12 at 01:45
  • @DavidSchwartz `The hardware MAC address is guaranteed to be globally unique.` For loose definitions of "guaranteed," perhaps. – HopelessN00b Aug 05 '12 at 03:56
  • 1
    Of course, all this is just convention. Convention dictates that any mac address that is manually generated must have the 7 most significant bit set as 1. There is no real guarantee anywhere, any one can come spoof their mac address to anything and mac address spoofing is a common attack vector on LANs. – Akshet Aug 05 '12 at 07:39
  • @HopelessN00b: My point is that setting that locally-administered address bit, if anything, reduces the likelihood that the address is unique. So it's baffling that Windows does it. The question is -- why doesn't Windows just use the hardware address of one of the interfaces? – David Schwartz Aug 05 '12 at 07:58
  • @DavidSchwartz: The reason for that, my guess is, that Windows creates a virtual interface and it needs a macid for that virtual interface. To generate that macid it takes the macid from the actual interface and sets the 7th bit to 1. But why does this matter? – Akshet Aug 05 '12 at 08:02
  • @Xero: The question is -- why does it set the 7th bit to 1? It matters because it's broken behavior -- the MAC address must be unique, and Windows has no right to expect a locally-created MAC address will be unique. Yet it has a guaranteed-unique MAC address it could use -- the one it broke. So why?! – David Schwartz Aug 05 '12 at 08:03
  • I don't see how that is broken behavior. It created a new interface and needed a new macid for the new interface. I do believe that you physical interface is also listening on its original macid. – Akshet Aug 05 '12 at 08:05
  • @Xero: If the physical interface is still listening on its original mac id, what purpose does the new mac id serve? You don't need more than one for the bridge group. And the new mac id is not guaranteed to be unique. – David Schwartz Aug 05 '12 at 12:41
  • @DavidSchwartz: I see two likely explanations. One is that Windows might not be able to cope with having two adapters with the same MAC address, even if one of them isn't being used. The other is that it might be doing it deliberately so that the network administrator can tell if something dodgy is going on. As a security measure that would be pretty weak, of course, but Windows is full of similar cases. – Harry Johnston Aug 05 '12 at 21:27
0

You specifically ask for it in windows, but as an example you can do it in linux. As the whole networking stack is available to you through different tools like brctl, ifconfig, iproute2, and iptables. 

sudo apt-get install bridge-utils

ifconfig eth0 up
ifconfig eth1 up

brctl addbr br0

ifconfig br0 hw ether 0e:9b:cd:a9:b5:aa

brctl addif br0 eth0
brctl addif br0 eth1

ifconfig br0 up

If it is a really needed, it should be quite quick and easy to set up a small link virtual machine to do this for you.

For some more info

http://en.gentoo-wiki.com/wiki/Bridging_Network_Interfaces
http://wiki.debian.org/BridgeNetworkConnections
http://manpages.ubuntu.com/manpages/lucid/man5/bridge-utils-interfaces.5.html

nelaaro
  • 644
  • 4
  • 10
  • 27