Configuring and Monitoring Port Security
MAC Lockdown
M i x e d U s e r s
Internal
Network
l
Network
ils,
Switch 2
Switch 4
Externa
Switch 1
Server A
Server A is locked down
to Switch 1, Uplink 2
PROBLEM: If this link fa
traffic to Server A will not use
the backup path via Switch 3
Switch 3
Figure 11-11.Connectivity Problems Using MAC Lockdown with Multiple Paths
The resultant connectivity issues would prevent you from locking down
Server A to Switch 1. And when you remove the MAC Lockdown from Switch
1 (to prevent broadcast storms or other connectivity issues), you then open
the network to security problems. The use of MAC Lockdown as shown in the
above figure would defeat the purpose of using STP or having an alternate
path.
Technologies such as STP or “meshing” are primarily intended for an internal
campus network environment in which all users are trusted. STP and “mesh
-
ing” do not work well with MAC Lockdown.
If you deploy MAC Lockdown as shown in the Model Topology in figure 11-10
(page 11-26), you should have no problems with either security or connectiv-
ity.
11-28
To Next Page
Loading...
Need help?
General