Security Optimization of VTP Model in an Enterprise VLAN

VLANs are extensively used in enterprise network to ease management of hosts to improve scalability and flexibility. Despite their wide usage in enterprise network, VLAN security is a greater concern for the network administrator due to very little attention has been paid on error prone, unsystematic, high risk of misconfiguration in the design and management of enterprise VLAN network. Our paper demonstrates the security optimization techniques in designing VLAN both for Inter-VLAN communication and addressing VTP issues. We proposed various security aspects like access-lists based layer 3 securities in Inter-VLAN routing, deactivating native VLAN 1 to secure Layer 2 traffic in VTP model, Application of authentication on VTP server and non-negotiating Dynamic Trunking Protocol mode to counter the effect of inserting a rogue switch/trunk with higher config revision number. Unless otherwise stated this paper is based upon configuration & hardware implementation in a Cisco environment.