Problems using MAC Lockdown in networks with multiple paths

Now let's take a look at a network topology in which the use of MAC Lockdown presents a problem. In the following figure, Switch 1 (on the bottom-left) is located at the edge of the network where there is a mixed audience that might contain hackers or other malicious users. Switch 1 has two paths it could use to connect to Server A. If you try to use MAC Lockdown here to make sure that all data to Server A is locked to one path, connectivity problems would be the result since both paths need to be usable in case one of them fails.

Connectivity problems using MAC lockdown with multiple paths

The resultant connectivity issues would prevent you from locking down Server A to Switch 1. And when you remove the MAC Lockdown from Switch 1 (to prevent broadcast storms or other connectivity issues), you then open the network to security problems. The use of MAC Lockdown as shown in the above figure would defeat the purpose of using MSTP or having an alternate path.

Technologies such as MSTP or "meshing" are primarily intended for an internal campus network environment in which all users are trusted. MSTP and "meshing" do not work well with MAC Lockdown.

If you deploy MAC Lockdown as shown in the Model Topology in Deploying MAC lockdown, you should have no problems with either security or connectivity.