cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

756
Views
20
Helpful
16
Replies

Native Vlan - Double tagging attack

Hello everyone

I would like a clarification on the native vlan.By default a vlan is used, for example 99 as a native vlan without assigning any access port to avoid double tagging attacks.What is not clear to me is:

1) Why do I have to set as a native vlan a number that makes no sense like 99 or 44?Can I also set number 2 ?

2) I know it takes more work, but can I leave the native vlan 1 and delete the ports from vlan 1 by disabling it?Can there be security issues? I repeat Vlan 1 with no access port I move them all to other vlan.

 

I thank those who respond in advance

16 REPLIES 16


Excuse me DTP however I read newly other comments. VLAN 1 no access Port and dtp Disable Is under Attack yet because stp use bpdu frame on VLAN1 default also if Logic vtp hopping and double tagging Say that the Attack Is good if the attacker Is connect ti the Port assigned ti native VLAN, but if I move all Port from VLAN1 in VLAN 2, frames bpdu Will through on VLAN 1 yet. 

I ask my self same Q when I study VLAN security then I end with 
1- using VLAN1 as Native VLAN 
2- using other VLAN as Native VLAN 

still the L2 protocol use VLAN1 as tag vlan when send through trunk 
BUT 
it tag if the VLAN 1 is not native 
it not tag if the VLAN1 is native 

https://www.fragmentationneeded.net/2011/01/revisiting-vlan-1-myth-again.html

 

so change the native VLAN not make other L2 protocol not use VLAN1.

Content for Community-Ad