How to Safely Assign Locally Administered MAC Addresses (02:XX:XX:XX:XX:XX) for Virtual Machine DHCP Reservations


3 views

When configuring virtual machines that need consistent IP addresses across different hypervisors, the MAC address becomes critical for DHCP reservations. The IEEE has defined specific address ranges for different purposes:

Universal (U) bit = 0 : Universally unique (OUI assigned)
Universal (U) bit = 1 : Locally administered

The second-least-significant bit of the first octet (U/L bit) determines address administration. For virtual machines, you want addresses where this bit is set to 1. In hexadecimal terms, this means:

02:XX:XX:XX:XX:XX (binary 00000010)
06:XX:XX:XX:XX:XX (binary 00000110)
0A:XX:XX:XX:XX:XX (binary 00001010)
...and other combinations where bit 1 is set

Here's how to properly generate and assign these addresses across different virtualization platforms:

Hyper-V Example

New-VM -Name "WebServer" -MemoryStartupBytes 2GB -BootDevice VHD -VHDPath .\WebServer.vhdx -Generation 2 -SwitchName "Internal"
Set-VMNetworkAdapter -VMName "WebServer" -StaticMacAddress "0200DEADBEEF"

VMware ESXi Example

vim-cmd vmsvc/getallvms | grep WebServer
vim-cmd vmsvc/device.getdevices [VMID] | grep vmxnet3
vim-cmd vmsvc/device.disconnects [VMID] [DEVICEID]
vim-cmd vmsvc/device.connect [VMID] [DEVICEID] "generatedAddress:02:00:5E:10:00:01"

For ISC DHCP Server, your configuration would include:

host webserver {
    hardware ethernet 02:00:5E:10:00:01;
    fixed-address 192.168.1.100;
    option host-name "webserver";
}

When creating your own locally administered addresses:

  1. Start with 02 (simplest to remember)
  2. Use meaningful patterns in subsequent octets
  3. Avoid all zeros or all FFs in any octet
  4. Document your addressing scheme

To verify your MAC addresses are properly configured:

# Linux
ip link show
# Windows
getmac /v
# Cisco
show mac address-table

While 02:XX:XX:XX:XX:XX addresses should never appear on physical hardware, you can check for duplicates with:

arp -a | find "02-"
tcpdump -nei eth0 ether host 02:00:00:00:00:00

When configuring virtual machines, selecting proper MAC addresses is crucial for network stability. The IEEE has defined specific ranges for different address types:

Universal (UAA): First byte's LSB = 0 (e.g., 00:XX:XX:XX:XX:XX)
Local (LAA): First byte's LSB = 1 (e.g., 02:XX:XX:XX:XX:XX)

The safest range for VM MAC addresses is indeed the locally administered space:

  • 02:XX:XX:XX:XX:XX (Unicast)
  • 03:XX:XX:XX:XX:XX (Multicast)
  • 06:XX:XX:XX:XX:XX (Experimental)

Here's how to set MAC addresses in common virtualization platforms:

KVM/QEMU

<interface type='network'>
  <mac address='02:00:00:12:34:56'/>
  <source network='default'/>
</interface>

VMware vSphere

<ethernet0.addressType>manual</ethernet0.addressType>
<ethernet0.address>02:00:00:AB:CD:EF</ethernet0.address>

For ISC DHCP server, add to dhcpd.conf:

host vm-web01 {
  hardware ethernet 02:00:00:12:34:56;
  fixed-address 192.168.1.100;
}
  • Create an addressing scheme (e.g., 02:00:00:XX:XX:XX for VMs)
  • Document all assignments
  • Avoid addresses ending with FF (reserved for broadcasts)
  • Consider using tools like macgen for generation

If you encounter MAC conflicts:

# Check for duplicate MACs
arp-scan --localnet | grep 02:00:00

Remember that while 02:XX:XX... is safe for local use, some hypervisors may have additional restrictions on allowed MAC ranges.