If you set up a virtual local area network (VLAN), remember that VLANs share bandwidth on a network and require additional security measures.
Define VLANs to separate sensitive clusters of systems from the rest of the network. This decreases the likelihood of users gaining access to information on these clients and servers.
Assign a unique native VLAN number to trunk ports.
Limit the VLANs that can be transported over a trunk to only those that are strictly required.
Disable VLAN Trunking Protocol (VTP), if possible. Otherwise, set the following for VTP: management domain, password, and pruning. Then set VTP into transparent mode.