enforcing 802.1x on switch is also good solution, especially for "external" ports.
802.1x is quite trivial to bypass if you have an authenticated device (in this case the intercom) that you can transparently bridge[1].
[1]. https://www.defcon.org/images/defcon-19/dc-19-presentations/...
alt Hacker News
802.1x is quite trivial to bypass if you have an authenticated device (in this case the intercom) that you can transparently bridge[1].
[1]. https://www.defcon.org/images/defcon-19/dc-19-presentations/...