I’ve got an easy way to do this, I confiscate ‘em ;) As others have said, this is a management problem. Untrustworthy parties shouldn’t have physical access to your trunk ports. That said Layer 2 MAC ACLs should block everything and allow only your switches. Also do you have lit trunk ports just floating in space? You shouldn’t...