I have several x450e switches being used as access switches for phones, clients and a few Wifi APs. I would like to tighten security on these switches, I've done the standard RADIUS AAA, disabled telnet and http and only allow access by AD group via SSH, I log changes, I've turned off VLAN 1 and blackholed and disabled all unused ports. Now, I would like to take it to the next step and I was thinking about port security.
I would like to do something at the port level, however, I don't want a bunch of overhead to manage it. Also, my phones and clients are using DHCP so doing IP/MAC address per port is not possible, I don't think. So, what are my options??? Any suggestions?