vlan hopping

I was watching a vod describing vlan hopping and it was explaining how if a double tagged frame arrives on an access port with the outer tag have the same vlan as the access-ports native vlan, the outer tag is stripped and vlan hopping occurs.
This doesn't seem correct to me, as far as i'm aware if an access port receives a dot1q tagged frame on ingress the frame will be discarded, the access port will only process untagged frames on ingress.
The only way i see vlan hopping occuring is if the malicious user was connected to a trunk port or a qnq port.
I don't really want to test this but will if i have to, can anyone confirm my thoughts?

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

_maurice

Hi Ed.

I asked the same question recently. Check this- http://www.techexams.net/forums/ccnp/37997-vlan-security.html

VLAN hopping can only occur in one of 2 ways. 1. Via a trunk port using DTP to simulate a switch. 2. Or if a trunk port on the switch has a native vlan that is the same vlan as the access port you are plugged into. By the way, access ports do not have native vlans, only trunk ports have native vlans.

APA

EdTheLad wrote: »

The only way i see vlan hopping occuring is if the malicious user was connected to a trunk port or a qnq port.

You said it

hence the importance of trunk security if you must configure an end user port as a trunk port.