Configuring and Monitoring Port Security
MAC Lockdown
M i x e d U s e r s
Internal
Network
External
Network
Switch 1
Server A
Server A is locked down
to Switch 1, Uplink 2
PROBLEM: If this link fails,
traffic to Server A will not use
the backup path via Switch 3
Switch 2
Switch 3
Switch 4
Figure 9-10. Connectivity Problems Using MAC Lockdown with Multiple Paths
The resultant connectivity issues would prevent you from locking down
Server A to Switch 1. And when you remove the MAC Lockdown from Switch
1 (to prevent broadcast storms or other connectivity issues), you then open
the network to security problems. The use of MAC Lockdown as shown in
Figure 7-10 would defeat the purpose of using STP or having an alternate path.
Technologies such as STP or “meshing” are primarily intended for an internal
campus network environment in which all users are trusted. STP and “mesh-
ing” do not work well with MAC Lockdown.
If you deploy MAC Lockdown as shown in the Model Topology in Figure 7-9,
you should have no problems with either security or connectivity.
9-25
To Next Page
Loading...
Need help?
General