Virtual LAN Security Best Practices
Independent security research firm @stake  recently conducted a Security Review  of the virtual LAN (VLAN) technology on the Cisco Catalyst 2950, Catalyst 3550, Catalyst 4500, and Catalyst 6500 series switches. Although no intrinsic security weaknesses emerged from this review, it has been pointed out that an improper or inadequate switch configuration can be the source of undesired behavior and possible security breaches.
Precautions for the Use of VLAN 1
"It is an Equal failing to Trust Everybody, and to Trust Nobody" --- English Proverb
Why Worry About Layer 2 Security in the First Place?
What Are the Possible Attacks in a VLAN-Based Network?
MAC Flooding Attack
802.1Q and ISL Tagging Attack
Double-Encapsulated 802.1Q/Nested VLAN Attack
Private VLAN Attack
deny subnet/mask subnet/mask
permit any subnet/mask
deny any any