Could someone comment on this thought-experiment please?
Consider a network with 3 switches, connected via trunks as A<->B<->C. Consider some servers on switch A, and some clients on switches B and C.
Now, let us introduce port-security on the client access ports, with 1 (dynamic) MAC address allowed per client. For safety, let us also put bpduguard on the client access ports. Let us also have portfast on each client port to allow DHCP to work properly.
Now, suppose we have an office that is short of wall sockets, so we decide to put a cheap-and-nasty dumb switch on a port on switch B. For safety, we remove the portfast from that port, but we keep the bdpuguard. We want to allow up to 8 (dynamic) MAC addresses on the port. In order to allow client workstations to be changed, we put ageing on the secure MAC addresses, say 20 minutes. OK so far.
Now suppose we do that twice, both dumb switches on switch B. So far so good.
Now suppose someone decides it would be a good idea to cross-connect the dumb switches with a cross-cable "for resilience". Of course, that will cause a broadcast storm, but the storm should last for less than 2 seconds until the bpduguard does its work. The bpudguard on switch B will cut the link to one or the other of the dumb switches (whichever gets a BPDU first) ... but not both.
Are our problems over? No, they are not. Suddenly you find that clients on switches B and C can no longer access some of the servers on switch A. What has happened? During the less-than-2-seconds that the loop was active, some servers happened to send a broadcast - an ARP or something. This broadcast went round the loop, and the MAC address of that server got registered as a secure address on the switch-B port where one of the dumb switches was connected. OK, on the port that was cut by the bpduguard, these secure addresses will be discarded. But not on the other one.
Some servers will not be accessible for 20 minutes or so following the loop, in spite of the bpduguard.
Am I right in my analysis? If so, don't the dangers of port-security outweigh the risks that port-security was supposed to mitigate?