Mitigating VLAN hopping attacks requires several modifications to
the VLAN configuration
. One of the more
important elements is to use dedicated VLAN IDs for all trunk ports. Also,
disable all unused switch ports and place them in an unused VLAN. Set all user
ports to non-trunking mode by explicitly turning off DTP on those ports. This
is accomplished on IOS switches by setting the switch port mode to access with
the switchport mode access interface configuration
command.