Showing the current configuration before starting:

do show vlan brief
do show mac address-table
do show mac address-table int g0/1
do show port-security int g0/1

Setting up Port-Security on the interface G0/1:

int g0/1
switchport host
switchport port-security max 1
switchport port-security violation protect


switchport port-security violation restrict


switchport port-security violation shutdown
  • Protect
    • Drop all packages from the sources that are not on the list and does not notify or alert the network administrators.
  • Restrict
    • Drop all packages from the sources that exceeds that maximum allowed and causes the SecurityViolation counter
      to increment.
  • Shutdown
    • Shutdown the port and send an SNMP notification. Has to be manually brought up or set an auto-recovery.

Then, enable the Port-Security.

switchport port-security

Setting up an auto-recovery to violated ports:

errdisable recovery cause psecure-violation
errdisable recovery interval 600
do show errdisable recovery

Manually setting the MAC address allowed to a port:

switchport port-security mac-address FF:FF:FF:FF:FF:FF