Virtual local area networks (VLANs) share bandwidth on a network and require additional security measures. For additional security measures, follow these guidelines:
Separate sensitive clusters of systems from the rest of the network when using VLANs. This decreases the likelihood that users will gain access to information on those clients and servers.
Assign a unique native VLAN number to trunk ports.
Limit the VLANs that can be transported over a trunk to only those that are strictly required.
Disable VLAN Trunking Protocol (VTP), if possible. Otherwise, set the following for VTP: management domain, password, and pruning. Then set VTP into transparent mode.
Use static VLAN configurations, when possible.
Disable unused switch ports and assign them an unused VLAN number.