Mitigating VLAN Hopping Best Practices

Configure all unused ports as access ports so that trunking cannot be negotiated across those links.

Place all unused ports in the shutdown state and associate with a VLAN designed only for unused ports, carrying no user data traffic.

When establishing a trunk link, purposefully configure the following:

• The native VLAN to be different from any data VLANs

• Trunking as on, rather than negotiated

• The specific VLAN range to be carried on the trunk

Was this article helpful?

0 0

Post a comment