VLAN hopping - jibingl/CCNA-CCNP GitHub Wiki
An attacker bypasses VLAN segmentation to send traffic from one VLAN to another.
| Switch Spoofing | Double Tagging | |
|---|---|---|
| Attack Approach | Connect an unauthorized switch or simulate spoofed DTP packets to the target switch | Default DTP settings will form a trunk link/port which provides access to all VLANs. |
| How It Works | Feeds a frame with two 802.1Q tags to the target switch. | The switch removes the "outer" native VLAN tag, leaving the "inner" tag, which then forwards the frame to the target VLAN. This is usually a one-way attack. |
| Common Vulnerabilities | Switchport default "dynamic auto" or "dynamic desirable" modes; Unused ports left active; | Using default native VLAN 1 |
| Mitigation | Disable DTP; Shutdown unused ports; | Change/Avoid default VLAN 1; Prune VLANs on trunk link; |