VLAN technology is impressive as it offers added enhancements to networks and provides multiple pathways to run numerous services in isolated environments without sacrificing quality, availability, or network speed. Many administrators and IT professionals, however, are unaware of the level of security on their VLAN. In this article, I will address a few ideas for boosting its defenses. One of the first aspects of VLAN-based security occurs on the physical level, ensuring that unauthorized access is prevented. Removing console-port cables, introducing a password-protected console, and adding specified timeouts are all encouraged. Avoiding the use of VLAN1 (which is the default VLAN) is also a great thing to do as VLAN1 causes a higher security risk due to offering direct access if a backbone is used.
Another thing you can do is disable any high-risk protocols on any port that does not require them. Controlling Inter-VLAN routing using IP access lists allows normal traffic flow but does not expose the networks that need protection. By following these steps, you should be well on the way to creating a secure VLAN. After all, a network is only as strong as its weakest link!
Source: http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/818-cisco-switches-vlan-security.html “VLAN Security Tips – Best Practices.” Firewall.cx. Web. 24 Jan 2017.