VLAN Security
Virtual local area networks (VLANs) share bandwidth on a network and require additional security measures. For additional security measures, follow these guidelines:
-
Separate sensitive clusters of systems from the rest of the network when using VLANs. This decreases the likelihood that users will gain access to information on those clients and servers.
-
Assign a unique native VLAN number to trunk ports.
-
Limit the VLANs that can be transported over a trunk to only those that are strictly required.
-
Disable VLAN Trunking Protocol (VTP), if possible. Otherwise, set the following for VTP: management domain, password, and pruning. Then set VTP into transparent mode.
-
Use static VLAN configurations, when possible.
-
Disable unused switch ports and assign them an unused VLAN number.