diff --git a/roles/access/templates/config-d-link.j2 b/roles/access/templates/config-d-link.j2
index 599a6e5..9d0281d 100644
--- a/roles/access/templates/config-d-link.j2
+++ b/roles/access/templates/config-d-link.j2
@@ -24,11 +24,19 @@ interface {{ iface.name }}
 interface {{ iface.name }}
 {# common setup for user-facing interfaces #}
 {% if iface.type.value != 'lag' and not iface.mgmt_only %}
+{% if iface.mode and iface.mode.value == 'access' %}
  switchport port-security
  switchport port-security maximum 64
  switchport port-security violation shutdown
  switchport port-security aging time 5
  switchport port-security aging type inactivity
+{% else %}
+ no switchport port-security
+ no switchport port-security maximum
+ no switchport port-security violation
+ no switchport port-security aging time
+ no switchport port-security aging type
+{% endif %}
 {% if iface.enabled %} no shutdown{% else %} shutdown{% endif %}
 {% endif %}