HP 3500yl Series Access Security Manual page 721

Internal
Network
PROBLEM: If this link fails,
traffic to Server A will not use
the backup path via Switch 3
Switch 3
Figure 14-16.Connectivity Problems Using MAC Lockdown with Multiple Paths
Server A is locked down
to Switch 1, Uplink 2
Switch 1
M i x e d U s e r s
The resultant connectivity issues would prevent you from locking down
Server A to Switch 1. And when you remove the MAC Lockdown from Switch
1 (to prevent broadcast storms or other connectivity issues), you then open
the network to security problems. The use of MAC Lockdown as shown in the
above figure would defeat the purpose of using MSTP or having an alternate
path.
Technologies such as MSTP or "meshing" are primarily intended for an inter-
nal campus network environment in which all users are trusted. MSTP and
"meshing" do not work well with MAC Lockdown.
If you deploy MAC Lockdown as shown in the Model Topology in figure 14-15
(page 14-29), you should have no problems with either security or connectiv-
ity.
Configuring and Monitoring Port Security
Switch 4
Switch 2
MAC Lockdown
Server A
External
Network
14-31