Command Reference

Cisco "show port-security" Command Explained

show port-security — reports port-security status — which ports enforce MAC limits, current counts, violation actions and any ports err-disabled by violations. Runs in privileged EXEC mode.

Syntax and common variants

VariantPurpose
show port-securitySummary of all secured ports
show port-security interface gi0/5Full detail for one port
show port-security addressThe secure MAC table
show interfaces status err-disabledPorts killed by violations

Reading the output

Output / elementMeaning
Max Addrs / CurrentAddrAllowed vs currently learned MACs
SecurityViolationViolation counter
Security Actionprotect / restrict / shutdown
Port Status: Secure-shutdownThis port tripped and is err-disabled

When to use it

When a user's port suddenly died, this shows whether port-security shot it: Secure-shutdown status plus a climbing violation counter. Recovery: fix the cause, then shutdown → no shutdown (or errdisable recovery). The address variant shows exactly which MACs are trusted. Browse more in the command reference or practise in the free labs.

Frequently asked questions

A port went err-disabled — how do I restore it?

Resolve the violating device, then bounce the port: shutdown followed by no shutdown (or configure errdisable recovery cause psecure-violation).

What triggers a violation?

An unauthorized MAC appearing — more MACs than the limit, or a MAC different from the sticky/static ones learned.

Where do sticky MACs appear?

In show port-security address and in the running-config as learned entries — save the config to keep them across reboots.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.