Are MAC Addresses Sent to Entry Nodes with Tor Connection?

I read in a article how LEO’s used MAC Address to catch lulzsec hacker stating they used a MAC address to identify them when connecting to Tor.[^1]

They then applied for a court order to monitor all traffic coming in and out of that router with a trap and trace device identifying all unique MAC addresses connected to the router, an FBI expert then linked the suspect’s computer MAC address with an IP connected to the tor network (first node).

These leaves me confused does this equate to layer 2 or 3 being sent?
Obviously they were monitoring his WiFi router seeing all the clients connecting to router.

Does that mean that once the suspect’s device connected to the Tor network, the Law Enforcement could see that the device (identified by its MAC address) was sending traffic to an IP address associated with the Tor entry node. This allowed them to link the suspect’s MAC address to make Tor connection an initiate a Circuit?
Like was it the layer 2 MAC aka the one of the suspects WiFi router sent in the packets on the local network that they saw?
In summery what I’m getting at does that mean that Src sends the computer MAC address and Dst MAC address being the WiFi (LAN) routers MAC in the Layer 2 header which can only be seen locally?

Network Namespaces
My next question is mitigation if above holds true… I see TailsOS has multiple network namespaces with separate random MAC Addresses on every boot.

I know this is for the Firewall implementation, but I was wondering does having the Tor daemon (veth-tca) and Tor browser (veth-tbb) assigned a network namespace with random mac addresses help with above or is strictly a limitation due to the design of layer2 and monitoring of a local network?

Obviously the common denominator is monitoring on the local network. That said I thought Tails design helps or rather helped when one uses a untrusted network that may have some kind of monitoring?
Please help me try to understand this article, or if I’m wrong about anything or if its strictly a limitation in the design of layer 2 when it comes to protection on a local network…

[1] How the FBI used computer MAC addresses against Lulzsec hackers – Hacker 10 – Security Hacker

I’m making this statement as an amateur and not a professional forensics guy.

To answer the title question directly I’m going to say NO. The MAC which would be seen on the public side of the router would be that of the router on its way to the ISP device (layer 2). From there on it’s public IP only routing through the internet to the Tor entry node (layer 3).

From what I read in the article, they used time and traffic analysis to do the linking to the suspect. This traffic only happened when the suspect was in the house. No mention if there was someone else in the house at the same time. They could see his WiFi traffic in the house then exit the router to the ISP then to the Tor entry node. Kinda makes an argument for a wired connection for his house device. I’m betting they had other data which is not mentioned.

No ideas about Tails but networking is networking, Tails or no tails.