VLAN Vulnerabilities
Mitigating VLAN hopping attacks

Mitigating VLAN hopping attacks requires several modifications to the VLAN configuration . One of the more important elements is to use dedicated VLAN IDs for all trunk ports. Also, disable all unused switch ports and place them in an unused VLAN. Set all user ports to non-trunking mode by explicitly turning off DTP on those ports. This is accomplished on IOS switches by setting the switch port mode to access with the switchport mode access interface configuration command.