Network Security Basic Rules
You need to keep in mind several basic rules when setting up secure Layer 2 switched VLANs:
VLANs should be set up in such a way that the VLAN clearly separates the network's various logical components from each other, in turn segregating logical workgroups. This is the first step toward segregating those portions of your network that need more security from portions that need less.
If some switch ports are not being used, it is best practice to disable these ports and assign them to a special VLAN that collects these unused ports. This special VLAN should have no Layer 3 connectivity, such as to a router or other Layer 3 device capable of switching.
Although devices in a particular VLAN cannot access devices in another ...