Steps to Mitigate VLAN Hopping Attacks

Step 1: Disable DTP (auto trunking) negotiations on non-trunking ports by using the switchport mode access interface configuration command

Step 2: Disable unused ports and put them in an unused VLAN

Step 3: Manually enable the trunk link on a trunking port by using the switchport mode trunk command

Step 4: Disable DTP (auto trunking) negotiations on trunking ports by using the switchport nonegotiate command

Step 5: Set the native VLAN to a VLAN other than VLAN 1 by using the switchport trunk native vlan vlan_number command