0

I'm at a wifi hotspot where, when I look up the router's MAC address by two different methods, I get slightly different results:

$ arp -a
? (10.128.128.128) at 00:18:0a:58:WX:YZ  [ether] on wlan0
? (10.0.2.15) at 00:18:0a:58:WX:YZ [ether] on wlan0

$ iwconfig
lo        no wireless extensions.

wlan0     IEEE 802.11abgn  ESSID:"PEETS"  
          Mode:Managed  Frequency:5.765 GHz  Access Point: 02:18:5A:58:WX:YZ   
          Bit Rate=520 Mb/s   Tx-Power=22 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
          Link Quality=42/70  Signal level=-68 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:153  Invalid misc:15   Missed beacon:0

(Last two bytes of the MAC are obscured for privacy, but they're the same in all of these cases.)

The only difference between the two is that in the one from iwconfig, the "locally administered" bit is set to 1 (making it like a private IP address).

Why is iwconfig showing it as a local, non-unique MAC when arp (and /proc/net/arp) shows a globally unique (and likely the accurate) one?

Note: In my search, I found someone else observing the same thing, in a very different (Windows) context, but no explanations:
MAC address in arp table doesn't match actual MAC, why?

Nick S
  • 103
  • 2

1 Answers1

0

A router and an access point are two different kinds of devices. If you build a network in which you have one device of each kind, you wouldn't expect the two devices to have the same MAC address.

For home-user equipment it is quite common to build multiple of these devices into a single box. Very often you will find the following five pieces of hardware all in a single box:

  • Modem
  • Router
  • Switch
  • USB Ethernet interface
  • Access point

Such a box would need multiple MAC addresses, and the vendor could choose to assign those sequentially, or to some extent reuse the same. For example the router and AP could share a single MAC towards the LAN/WLAN, but there is no need to do so.

Some of these devices can be configured to operate in different configurations. For example whether a router is needed between switch and modem depends on the specific deployment.

Some of the configurations involve certain virtual network devices which may also need MAC addresses. Virtual devices will often have the locally administered bit set to one.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • I see, so this particular router was configured to use a different MAC for its access point than the one on its WLAN-facing NIC? I'd be interested in your thoughts on which is the "correct" one to use in different situations. In mine, I'm actually just trying to uniquely identify the device. – Nick S Mar 16 '16 at 14:53
  • @NickS If you want to uniquely identify a piece of hardware, then you should not be using the one marked as locally administered. Instead you should use the one with a prefix actually allocated to a specific manufacturer. So in your case it would be the address starting with 00-18-0A since 00-18-0A is a prefix explicitly allocated to a manufacturer (named Meraki, Inc.) – kasperd Mar 16 '16 at 15:04