MAC Address Translation

MAC Address Translation (also MAT) describes the translation of one MAC address into another. The method is mainly used by providers who want to prevent attacks on other customers at the Ethernet level. MAC Address Translation is set up on a DSLAM, for example .

Communication without MAC address translation

If a gateway wants to send data to a client via a layer 2 device, the gateway reads the associated MAC address of the client in its ARP cache. The data packet is then sent to the Layer 2 device. In its MAC table there is an entry to which port the packet must be transmitted.

Communication with MAC Address Translation

In the Layer 2 device there is an entry in the MAC table that records the MAC address of the clients for the respective client ports. A provider MAC is also assigned to the port.

If the gateway sends data to a client, the gateway reads the associated MAC address of the client in its ARP cache. But not to the actual MAC of the client, but to the provider MAC that is specified by the L2 device with MAT. As soon as the data packet passes the L2 device, the provider MAC is replaced by the actual MAC address.

Reasons for MAC Address Translation

• Because each port of the L2 device is only assigned one IP address, the number of MAC addresses in the access and core network is limited
• MAC address spoofing is prevented because the source addresses are translated as soon as they are received in the access network
• No overflowing MAC tables using MAC flooding
• ARP spoofing prevention