How to Configure Port Security on a Cisco Switch
To configure port security: enable it on an access port, set the maximum MAC count, use sticky learning, and choose a violation action. This blocks unauthorised devices from switch ports.
Port security locks a port to specific devices. See the port security lab.
Step 1: Enable port security on an access port
interface fa0/1switchport mode accessswitchport port-security | Access mode is required before enabling the feature |
Step 2: Set the MAC limit and sticky learning
switchport port-security maximum 1switchport port-security mac-address sticky | One device, learned automatically and saved to config |
Step 3: Set the violation mode
switchport port-security violation shutdown | shutdown (err-disable) is the strictest and the default; protect/restrict are gentler |
Verification
show port-security interface fa0/1 shows the config, current MAC count and violation counter. Connect a different device to trigger a violation — the port goes to Secure-shutdown. Save the config to keep sticky MACs across reboots.
Frequently asked questions
How do I configure port security on a Cisco switch?
On an access port: switchport port-security, then set maximum [n], mac-address sticky, and a violation mode. The port must be in access mode first.
What is a sticky MAC address?
A MAC the switch learns dynamically and writes to the running config, locking the port to the currently connected device without manual entry.
What are the port security violation modes?
protect (silently drop), restrict (drop and log), and shutdown (err-disable the port) — shutdown is the strictest and the default.
How do I recover an err-disabled port?
Fix the cause, then shutdown followed by no shutdown on the port (or configure errdisable recovery).
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.