VLAN technology is amazing as it offers added enhancements to networks and provides multiple pathways to run numerous services in isolated environments without sacrificing quality, availability or network speed. Many administrators and IT professionals, however, are unaware of the level of security on their VLAN. In this article, I will address a few ideas for boosting its defenses. One of the first aspects in VLAN-based security takes place on the physical level which ensures that unauthorized access is prevented. Removing console-port cables, introducing a password-protected console, and adding specified timeouts are all encouraged. Avoiding the use of VLAN1 (which is the default VLAN) is also a great thing to do as VLAN1 causes a higher security risk due to offering direct access if a backbone is used. Another thing you can do is disable any high-risk protocols on any port that does not require them. Controlling Inter-VLAN routing using IP access lists allows normal traffic flow but does not expose the networks that need protection. By following these steps, you should be well on the way in creating a secure VLAN, after all, a network is only as strong as its weakest link!
Source: http://www.firewall.cx/cisco-technical-knowledgebase/cisco-switches/818-cisco-switches-vlan-security.html “VLAN Security Tips – Best Practices”. Firewall.cx. Web. 24 Jan 2017.