I have two switches that are trunked. Switchports interface g0/1 (on switch A) and interface f0/1 (on switch B) are used for trunking. There is a requirement to secure a trunk port g0/1 without using port security feature as this affects the end-user clients connected to ports on switch B. The end user client are being authenticated already by 802.1x. What I want is just the securing switch A int g0/1 NOT the end user client such that if the a new switch is plugged into switch A, the port g0/1 will not pass traffic. Note: I have tried using mac access-list to match the mac-address of int g0/1 and f0/1 and a deny any any at the end of the access-list ---- it did not work for obvious reasons. Any idea? Many thanks for your help.