From: Mark Smith (no email)
Date: Mon Nov 24 2008 - 16:01:52 EST
On Mon, 24 Nov 2008 19:35:07 +0100
Peter Dambier <> wrote:
> I also found this one helpful
> The CFxxxx Series
> RFC 2153 describes a method of usings a "pseudo OUI" for certain
> purposes when there is no appropriate regular OUI assigned. These are
> listed here.
> CF0001 Data Comm for Business [McCain]
> I remember we had IBM Token-Ring equipment and they suggested
> to always use "CF..." and never rely on the programmed MAC for SNA.
On an ethernet network, CF is a multicast destination address, or, as a
source, I'm pretty sure it indicates that the frame contains a source
route for use with translational bridging.
The locally assigned 0x02 bit would be better to use. Be aware that
Microsoft have decided to "reserve" some locally assigned addresses
in the range 02-BF, and 02-01 through 02-20 for use with their load
balancing / high availability product, rather than use one of their
proper OUIs. Apparently you're not supposed to be using these
address ranges because the locally assigned address space is so large,
before you use this Microsoft product, so if you are, too bad. You'll
have to change your previous local assignments, or somehow change
Microsoft's software. Within Wireshark it shows it as used by
Microsoft, which implies official assignment to Microsoft. The
Wireshark people won't change it, so that gives it a level of
legitimacy. I think that's a slippery slope.
(It's a pet hate of mine that certain organisations force their private
address space assignments (RFC1918 or IEEE locally assigned) on
outsiders. It's supposed to be private so outsiders don't see it or
don't have to work around it!)
-- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"