# [Enterprise Switch] How to config port security This topic can help you set up port security. The switch will shut down the port. If a source MAC address is unknown or has been previously learned from another port. Support models ECS4620 series, ECS4510 series, ECS4120 series, ECS5520 series, ECS4530 series, series, ECS3510 series. ### Example 1 port security max-mac-count Topology  #### Configuration ``` Console#configure Console(config)#interface ethernet 1/21 Console(config-if)#port security Console(config-if)#port security max-mac-count 1 Console(config-if)#port security action shutdown ``` Use the instruction "show port security" to check port status.  #### Result: Enable port security and port security max-mac-count, If port 1 receives more than the max-mac-count. Port 1 will implement the action "shutdown". If want to no shutdown the port. It needs to use CLI to release port status. ### Example 2 network-access aging and port security mac-address sticky Topology  #### Configuration ``` Console#configure Console(config)#network-access aging Console(config)#interface ethernet 1/1 Console(config-if)#port security Console(config-if)#port security max-mac-count 5 Console(config-if)#port security mac-address sticky Console(config-if)#exit Console(config)#interface ethernet 1/3 Console(config-if)#port security Console(config-if)#port security max-mac-count 5 Console(config-if)#port security action shutdown Console(config-if)# ``` Show mac table to check the mac learn statues. Port 1 will sticky PC's mac. Even if input the same mac (Fake mac) on port 3, the PC's mac will not be learned on port 3. The type on port 1 will be security.  Show port security interface Port security, sticky mode, and secure MAC aging mode enable on port 1.  Port 3 instruction action is shutdown, and the last instruction MAC/time will record.  show interfaces brief  show port security  #### Result: In this example port 1 will sticky PC's mac until mac-table aging out. If input the same mac (Fake mac) on port 3, the PC's mac will not be learned on port 3. Port 3 will trig the port security action "shutdown". If port shutdown by PortSec. It needs to use the command "no shutdown" to release port status. Supplemental instruction <font color="#f00">network-access aging:</font> The security aging mode will follow the release time of the mac-table. If the switch doesn't enable the feature the mac will learn on port forever. <font color="#f00">port security max-mac-count:</font> If enable port security, and doesn't config max-mac-count. Port will not learn any mac. And if the mac quantity is more than the max-mac-count. The port will not record the mac over the max-count. If config the port security action. It will be trigged. <font color="#f00">port security mac-address sticky:</font> If enable sticky on a port that mac addresses cannot be moved to another port. If sticky MAC addresses are received on another secure port, then the port will trig action. <font color="#f00">port security action:</font> <font color="334DFF">shutdown:</font> Disables port only <font color="334DFF">trap:</font> Issues SNMP trap message only <font color="334DFF">trap-and-shutdown:</font> Issues SNMP trap message and disable port  ###### tags:`switch function`