I need to use a static MAC address and static IP, and I need to use two networks, one local, and one MACVLAN.
In docker compose, if I set the MAC address at the container level, neither of the networks use the requested MAC.
If I set the MAC address at the MACVLAN level, I get an error starting the container.

Create two networks:

docker network create --driver macvlan \
    --subnet=${PUBLIC_NETWORK_SUBNET} \
    --gateway=${PUBLIC_NETWORK_GATEWAY} \
    --opt parent=${PUBLIC_NETWORK_PARENT} \
    ${PUBLIC_NETWORK_NAME}

docker network create --driver bridge ${LOCAL_NETWORK_NAME}

Create container:

services:
  nxmeta:
    image: docker.io/ptr727/nxmeta-lsio:latest
    container_name: nxmeta
    hostname: nxmeta
    domainname: ${DOMAIN_NAME}
    restart: unless-stopped
    user: root
    environment:
      - TZ=${TZ}
      - PUID=${USER_NONROOT_ID}
      - PGID=${USERS_GROUP_ID}
    volumes:
      - ${APPDATA_DIR}/nxmeta/config:/config
    networks:
      public_network:
        ipv4_address: ${NXMETA_IP}
        mac_address: ${NXMETA_MAC}
      local_network:

Error (debian 12, docker 27.3.1)

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: failed to add interface veth93a7698 to sandbox: error setting interface "veth93a7698" MAC to "1d:ab:98:82:eb:51": cannot assign requested address: unknown

I have seen multiple issues in google with assigning MAC addresses, and assigning properties to multiple networks.
I am hoping there is a way to assign a MAC to a MACVLAN netowrk when also using a local network?

Parent is up, I can use MACVLAN with assigned IP, error only happens when I try to set the MAC address.

Please use 3 backticks before and after code/config to make it more readable and preserve spacing.

I don’t understand your point?

Multiple IP’s can be associated with a MACVLAN network and every endpoint will get a unique MAC address, that is what a MACVLAN network does. The physical MAC of the parent network is irrelevant, as it is not used.

I want to use a specific MAC address and a specific IP for the specific network.

Thank you but your solution seems overly complicated and a workaround.

I am either doing something wrong then please correct my usage, or there is a bug and I’ll file an issue.

Have you checked whether the output of docker compose config renders the values from the .env file correctly into the resulting compose file?

It would be a surprise if macvlan child interfaces would not allow specifying the mac_address.

Is your problem related to this issue: mac_address in docker compose seems to be ignored · Issue #9152 · portainer/portainer · GitHub ?

IT should work with docker compose, but is not supported by docker stack deploy (=swarm service deployment)

Yes, running config before pull before up.
Can also see in error output that the specified MAC is the one being reported.

I am using docker compose, thus as your say “it should work”

If you post a complete example (as in complete compose file and anonymized .env file), I can try it tomorrow.

The example you shared in your first post is incomplete, which prevented me from testing it right away. I know there is not much missing, but we experienced it often that problems are hidden in parts not being shared with us.

Thank you, I am traveling for work, but I’ll post a full example soon.

@pmglx06 please stop posting unformatted code blocks and screenshots of text. I formatted your first post, please edit it and look what I changed. Unformatted posts are hard or even impossible to read.

Please, format your post according to the following guide: How to format your forum posts
In short: please, use </> button to share codes, terminal outputs, error messages or anything that can contain special characters which would be interpreted by the MarkDown filter. Use the preview feature to make sure your text is formatted as you would expect it and check your post after you have sent it so you can still fix it.

Example code block:

```
echo "I am a code."
echo "An athletic one, and I wanna run."
```

Ok, here is a complete example:

$ sudo lshw -class network -short
H/W path                Device           Class          Description
===================================================================
/0/11d/3.3/0            eno1             network        NetXtreme BCM5720 Gigabit Ethernet PCIe
/0/11d/3.3/0.1          eno2             network        NetXtreme BCM5720 Gigabit Ethernet PCIe

$ sudo brctl show
 bridge name     bridge id               STP enabled     interfaces
 docker0         8000.0242c2d149b5       no
 vmbr0           8000.3cecefe356f4       no              eno1
 vmbr1           8000.3cecefe356f5       no              eno2

$ docker network create --driver macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 --opt parent=vmbr1 publicnet
$ docker network create --driver bridge localnet

# ~$ sudo lshw -class network -short
# H/W path                Device           Class          Description
# ===================================================================
# /0/11d/3.3/0            eno1             network        NetXtreme BCM5720 Gigabit Ethernet PCIe
# /0/11d/3.3/0.1          eno2             network        NetXtreme BCM5720 Gigabit Ethernet PCIe

# $ sudo brctl show
# bridge name     bridge id               STP enabled     interfaces
# docker0         8000.0242c2d149b5       no
# vmbr0           8000.3cecefe356f4       no              eno1
# vmbr1           8000.3cecefe356f5       no              eno2

networks:

  # docker network create --driver macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 --opt parent=vmbr1 publicnet
  # docker network rm publicnet
  public_network:
    name: publicnet
    external: true

  # docker network create --driver bridge localnet
  # docker network rm localnet
  local_network:
    name: localnet
    external: true

services:

  # https://hub.docker.com/r/traefik/whoami
  whoami:
    image: docker.io/traefik/whoami:latest
    container_name: whoami-mac-test
    hostname: whoami-mac-test
    domainname: home.insanegenius.net
    restart: unless-stopped
    user: 1001:100
    environment:
      - TZ=America/Los_Angeles
    networks:
      public_network:
        ipv4_address: 192.168.1.10
        mac_address: 1d:ab:98:82:eb:51
      local_network:
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.rule=PathPrefix(`/whoami`)

# $ docker compose up -d
# [+] Running 0/1
#  ⠼ Container whoami-mac-test  Starting                                                                                                                                                                                                                                   0.5s
# Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: failed to add interface veth0fd9257 to sandbox: error setting interface "veth0fd9257" MAC to "1d:ab:98:82:eb:51": cannot assign requested address: unknown

$ $ docker compose up -d
[+] Running 0/1
 ⠼ Container whoami-mac-test  Starting                                                                                                                                                                                                                                   0.5s
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error running hook #0: error running hook: exit status 1, stdout: , stderr: failed to add interface veth0fd9257 to sandbox: error setting interface "veth0fd9257" MAC to "1d:ab:98:82:eb:51": cannot assign requested address: unknown

@meyay Have you maybe had a chance to test this out?
If it is supposed to work, I’ll file an issue with moby.

I was busy the evening you posted it, and then it slipped my mind…
I’ll try to reproduce it during the next days.

I did test it now.

I get the same result, If I use the mac address from your example. Though, if I use a different mac, it indeed works.

I used: 02:42:05:96:eb:99 and it worked right away.

It depends on the mac address whether it works or not:
10:ab:98:82:eb:51 → ok
11:ab:98:82:eb:51 → error
12:ab:98:82:eb:51 → ok
13:ab:98:82:eb:51 → error
14:ab:98:82:eb:51 → ok
15:ab:98:82:eb:51 → error
16:ab:98:82:eb:51 → ok
17:ab:98:82:eb:51 → error
18:ab:98:82:eb:51 → ok
19:ab:98:82:eb:51 → error
1a:ab:98:82:eb:51 → ok
1b:ab:98:82:eb:51 → error
1c:ab:98:82:eb:51 → ok
1d:ab:98:82:eb:51 → error
1e:ab:98:82:eb:51 → ok

I have no idea what makes it a valid or invalid mac address…

Update: so apparently you can’t use every random mac address, see: networking - What exactly are the specifications for a valid mac address? - Super User

You can assign any hexadecimal character to every position of a mac address, except the 2nd character in the first block, like the example from above shows.

Well that is peculiar, I used an online generator, thank you for experimenting.
I’ll confirm tonight or tomorrow when I get home.

Confirmed it works, thank you, wish the error was more useful.

See LAA at wikipedia.

As far as I understand the issue is the I/G bit, used to indicate unicast or multicast.
It must be set to unicast (bit set to 0), which allignes with the hexadecimal numbers that worked.

I agree, the error message could be more clear about the issue, and at least indicate that multicast mac addresses are not allowed.

update: I we only want LAA unicast, then the 2nd character in the first block can be only these ones:

binary → hex
0010 → 2
1010 → a
1110 → e