some of the Cisco switches (like 2940) are not only for the wiring closet, but also for office deployment.
This leads me to the following question: the uplink port of such a switch will most probably be a trunk port. How can I prevent a PC or laptop user from connection directly to the trunk via plugging into the trunk port, which is configured onto the socket of the uplink?
Port security does not appear to be the right solution, as all of the mac-addresses of the stations connected to the 2940 need to be known.
which CatOS/IOS version are you uisng on the hv01-sw01?
I remember a discussion two years ago with a conclusion there was a bug in UDLD causing a very long timers.
BTW, UDLD waits for 8 missed messages to shutdown the port and the default message interval is 15 secs (7 in you case, I think).
Maybe some timer tuning would help.
I've never played with UDLD personally, it was just an idea when I read your message.
I don't know any command to check the neighbour - nice idea for Cisco IOS engineers, I think.
Another ideas how to protect the trunk port:
1) Use cross cable to interconnect switches on metal lines - the intruder would need a second cross cable to connect his PC instead of a office switch.
2) Configure blind native VLAN on the trunk, i.e. don't put users to this VLAN, no routing from it to anywhere. The intruder would need a 802.1q running on his PC NIC and guess the correct VLAN ID. (If the office switch supports ISL, use ISL on the trunk.)
3) Use DHCP based on PC MAC addresses, not a simple DHCP pool giving an IP address to anybody. The intruder would have to guess the correct IP address. Also use some software reporting MAC - IP changes and new IP activities (Arpwatch, e.g).
4) If you need some really strong security, implement 802.1x or Cisco User Registration Tool in your network.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...