06-24-2005 12:34 AM - edited 03-02-2019 11:12 PM
Hi,
Is it possible to send tagged frames on a switched port which is configured as access with the VLAN ID equal to the native VLAN to do VLAN Hopping ???
What are the best practices to avoid VLAN Hopping ????
06-24-2005 04:02 AM
Hello,
I think what you describe is a doubel encapsulated VLAN hopping attack.
The document below talks about preventing this and other VLAN hopping attacks:
Layer 2 -- The Weakest Link
Security Considerations at the Data Link Layer
http://www.cisco.com/en/US/about/ac123/ac114/ac173/ac222/about_cisco_packet_feature09186a0080142deb.html
Hacking Layer 2: Fun with Ethernet Switches
http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-convery-switches.pdf
Regards,
GP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
