Key Points
- A MAC address (media access control address) is a 12-digit hexadecimal number permanently assigned to a device’s network interface by its manufacturer.
- Unlike IP addresses, MAC addresses do not change with location — though software can randomize or spoof them.
- MAC filtering alone is not sufficient for network security because MAC addresses can be copied and impersonated by any attacker with basic tools.
- Certificate-based 802.1X authentication is a stronger alternative that is significantly harder to spoof than a static MAC address.
Every device on the internet carries a hardware identifier known as Media Access Control (MAC) address.
It is the foundation of Layer 2 networking and is present in every wired switch table, every Wi-Fi association, and every IoT onboarding flow.
This guide covers what MAC addresses are, the types that exist, how to find one on any device, where MAC-based access control falls short, and how certificate-based authentication overcomes MAC’s drawbacks.
What Is a MAC Address?
A MAC address is a 12-digit hexadecimal number assigned to each device connected to the network.
Typically, the MAC address is assigned to a device’s Network Interface Controller (NIC) by its manufacturer, so some devices have more than one MAC address.
For example, a laptop might have one MAC address for connecting to Ethernet networks and one for Wi-Fi networks .
To verify only approved devices access a network, a network switch or access point can check whether a MAC address matches a server’s approved list of devices.
Structure and Format of a MAC Address
A MAC address is usually structured in a 48-bit format with six pairs of two hexadecimal characters (from 0-9 and A-F) separated by hyphens or colons, a format known as hexadecimal encoding.
Here’s an example of a MAC address that uses colon separators:
F0:18:98:B2:A2:D3
The first half of this string is generally an Organizationally Unique Identifier (OUI), that identifies the device manufacturer, while the second half is unique to the device’s NIC.
MAC Address vs. IP Address
A MAC address is typically permanently bound to a device’s hardware, while the network assigns the IP address that changes based on location or a Dynamic Host Configuration Protocol (DHCP) lease.
The MAC address identifies the physical device; the IP address identifies where that device sits on a routable network at a given moment.
MAC addresses and IP addresses also operate at different layers of the Open Systems Interconnection (OSI) model. A MAC address primarily functions at the Layer 2 data link level, while an IP address primarily functions at the Layer 3 network level.
Types of MAC Addresses
There are three types, each serving a different purpose in how network traffic is addressed and delivered.
Unicast
As the most common type, a unicast MAC address identifies a single, specific network interface. When a frame is sent to a unicast address, it is intended for exactly one device.
Every NIC is assigned a unicast address at manufacture, and most everyday traffic (file transfers, web requests, print jobs) uses unicast addressing.
Unicast addresses always have an even number in the first octet, indicating the address belongs to one device
Multicast
A multicast MAC address targets a group of devices simultaneously. Frames sent to a multicast address are delivered to all devices subscribed to that multicast group, without needing to send individual copies to each.
Multicast is used in streaming protocols and network discovery (for example, IPv6 neighbor discovery relies on multicast MAC addressing).
Multicast addresses always have an odd number in the first octet’s least significant bit, distinguishing them from unicast addresses.
Broadcast
A broadcast MAC address (FF:FF:FF:FF:FF:FF) delivers a frame to every device on the local network segment.
Broadcast traffic is used for protocols like ARP (Address Resolution Protocol), where a device needs to ask “who has this IP address?” to the entire network.
Because every device must process a broadcast frame, excessive broadcast traffic can degrade network performance — a factor that makes proper virtual local area network (VLAN) segmentation important in larger networks.
The table below sums up the address patterns and common use cases of each type:
| Type | Address Pattern | Reaches | Common Use |
|---|---|---|---|
| Unicast | Even first octet | One device | Standard traffic |
| Multicast | Odd first octet LSB | A group of devices | Streaming, discovery |
| Broadcast | FF:FF:FF:FF:FF:FF | All devices on the segment | ARP, network discovery |
How to Find Your MAC Address
Every operating system exposes MAC address information, though the exact steps vary. The sections below cover the four most common platforms.
Windows
- Open the Start menu and search for Command Prompt.
- In the command prompt window, type ipconfig /all and press Enter.
- Look for the adapter you want (Wi-Fi or Ethernet) and find the Physical Address field — that value is the MAC address for that interface, displayed in the standard XX-XX-XX-XX-XX-XX format.
Alternatively, open Settings > Network & Internet > [your connection] > Properties and scroll to “Physical address (MAC).”
macOS
- Open System Settings (or System Preferences on older macOS versions) and navigate to Network.
- Select your active network connection and click Details.
- Look for the MAC Address field under the Hardware tab.
You can also open the Terminal application and run ifconfig en0 | grep ether to display the MAC address for your primary interface directly.
iPhone and iPad
- On iOS and iPadOS, go to Settings.
- In Settings, navigate to General > About.
- Scroll to find Wi-Fi Address.
Note that Apple devices use MAC randomization by default (since iOS 14), so the address shown here is the device’s true hardware address.
However, the address broadcast on any given Wi-Fi network may be a randomized private address unless randomization has been disabled for that network.
Android
- On Android, go to Settings.
- In Settings, go to About Phone > Status.
- Look for Wi-Fi MAC Address.
On newer Android versions (10 and later), you may see a randomized address here rather than the hardware address.
To view the true hardware MAC, go to Settings > Network & Internet > Wi-Fi, tap your connected network, and look for the advanced details — some manufacturers show the factory MAC address there.
What Is a MAC Address Used For?
As a Layer 2 technology, MAC addresses are used to move data to the intended hardware within a local network.
Suppose a computer wants to send a print request to a printer on the same network.
That request would generally pass through a switch that references a MAC address table to send the data specifically from the computer to the printer, rather than broadcasting the data to every device connected to that network.
A MAC address is also used for MAC Authentication Bypass (MAB) .
When a device does not support 802.1X authentication , as is the case with many Internet of Things (IoT) devices, a switch or wireless access point can send a RADIUS access-request message to check the MAC address against a list of approved devices.
MAB is often used in networks, but can be made safer with the addition of systems like dynamic access lists.
MAC Addresses in Wi-Fi Networks
Within Wi-Fi networks, a device broadcasts its MAC address over the air, and if authenticated to access the network, it will be added to an association table that tracks connected devices.
Using that table, the access point uses MAC addresses to send data to the correct locations, acting as a bridge between wireless and wired protocols.
MAC Address Security Limitations
MAC addresses are not secret identities and that single fact undermines every access control system that relies on them alone.
While organizations use several security measures to manage and restrict device access, these controls are not foolproof.
The following are the available security measures:
MAC Filtering
MAC filtering is the practice of restricting network access to a pre-approved list of MAC addresses.
Administrators use the unique 12-character hardware address to create an approved “whitelist” (permitted devices) and a restricted “blacklist” (blocked devices).
MAC Randomization
MAC randomization is a privacy feature built into modern operating systems that assigns a temporary, randomly generated MAC address each time a device connects to a network, rather than broadcasting the device’s permanent hardware address.
Apple introduced this by default in iOS 14; Android followed with Android 10. The goal is to prevent third parties — including network operators and advertisers — from using a consistent MAC address to track a device’s location history across different networks.
While useful, both approaches come with security and operational limitations discussed below.
Mac Address Spoofing
While MAC filtering restricts access to approved devices, readily available software can identify a device’s MAC address, giving a hacker the necessary information to spoof it.
MAC address spoofing occurs when the intruder gives their own device the same MAC address to appear on the list of approved MAC addresses, potentially gaining access.
MAC filtering is therefore not a reliable security boundary on its own.
Operational Challenges
MAC randomization creates a real operational challenge: if a device’s MAC address changes per Service Set Identifier (SSID) or session, static MAC allowlists break down.
A device that was approved yesterday may appear as an unknown device today. Networks that rely heavily on MAC filtering will see increased support tickets and a degraded user experience as randomization becomes the default on every major mobile platform.
The solution is not to disable randomization — that harms user privacy — but to move beyond MAC-only authentication.
Cloud RADIUS paired with certificate-based authentication eliminates the dependency on static MAC addresses entirely, because the identity proof travels with the certificate, not with the hardware address.
How SecureW2 Strengthens MAC-Based Network Security
The growing number of internet-connected devices that cannot complete complex verification processes — smart lightbulbs, connected health monitors, industrial sensors — makes MAC-based access control more common, not less.
The question is not whether to use MAC addresses, but how to layer stronger controls on top of them.
MAC-based access control should not be the only line of defense.
Ideally, systems add 802.1X certificates to MAC-based access control — these certificates are harder to spoof.
Then, if a device can only use a MAC address, it could be segmented into an isolated area of your network, rather than given full access.
The SecureW2 JoinNow Platform offers a range of solutions to help organizations reduce the security risks associated with spoofable MAC addresses.
Automates Certificate Issuance
The platform automates certificate issuance across every major operating system (OS) and Mobile Device Management (MDM) platform, removing the manual provisioning bottleneck that makes certificate-based authentication hard to scale.
Simplifies BYOD Onboarding
Automating certificate issuance simplifies bring your own device (BYOD) onboarding .
Supports VLAN Segmentation
You can link MAC addresses to JoinNow Cloud RADIUS to segment access into different VLANs when certificate-based authentication isn’t possible.
Provides Scalable Certificate Lifecycle Management
For environments where certificate issuance needs to scale across complex public key infrastructure (PKI) deployments , SecureW2 Dynamic PKI handles certificate lifecycle management end to end
Schedule a demo to see how the JoinNow platform handles certificate issuance and VLAN segmentation for MAC-based environments.
Frequently Asked Questions
What is the purpose of a MAC address?
A MAC address identifies a specific network interface at the hardware level so that switches and access points can deliver data frames to the correct device on a local network.
It also serves as a device identifier in MAC-based access control policies, including MAC Authentication Bypass (MAB) for devices that cannot support certificate-based authentication.
How do I find the MAC address on my device?
- On Windows, run ipconfig /all in Command Prompt and look for the Physical Address file.
- On macOS, go to System Settings > Network > Details > Hardware.
- On iPhone or iPad, go to Settings > General > About > Wi-Fi Address.
- On Android, go to Settings > About Phone > Status > Wi-Fi MAC Address.
Note that randomized addresses may be shown on mobile devices by default — see the “How to Find Your MAC Address” section above for platform-specific details.
What is the difference between a MAC address and an IP address?
A MAC address is a permanent hardware identifier assigned by the manufacturer and operates at OSI Layer 2.
An IP address is assigned by the network (statically or via DHCP) and operates at OSI Layer 3. It changes based on network location.
MAC addresses are used for local frame delivery within a network segment; IP addresses are used for routing traffic across networks and the internet.
Can a MAC address be changed or spoofed?
Yes. While MAC addresses are assigned by manufacturers and stored in hardware, most operating systems allow the MAC address to be changed in software.
Attackers use this capability — called MAC spoofing — to impersonate an approved device on a network.
Modern mobile operating systems also randomize MAC addresses by default for privacy reasons. This is why MAC filtering alone is not a sufficient security control. Certificate-based authentication via 802.1X provides a significantly stronger identity proof.
