Configure port security at desired interface
Switch(config)# interface GiX/0/x
Switch(config-if)# switchport access vlan xx
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 2
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security mac-address sticky xxxx.xxxx.xxxx
Switch(config-if)# switchport port-security violation Restrict
Switch(config-if)# spanning-tree portfast
speed 1000
duplex full
spanning-tree portfast
spanning-tree bpduguard enable
Enable auto recovery from port security violation (recover after 600 sec)
Switch(config)# errdisable recovery cause psecure-violation
Switch(config)# errdisable recovery interval 600
Check for recovery behaviors
Switch# show errdisable recovery
Force auto recovery for all security violation
Switch(config)# errdisable recovery cause all
Check to see your new changes
Switch# show errdisable recovery
Sticky MAC address should not be present any where else
E.g. MAC ending with 1985 should only be present on this interface.
# Remove the sticky address when the host is moved to new port.
switchport port-security mac-address sticky 0020.022c.1985
switchport port-security mac-address sticky 3c18.a051.80be
Both hosts are unable to communicate with each other if both sticky MAC addresses are still around and one of the host is moved to another port on same VLAN.