VLANHopping

VLAN hopping is a network attack in which an attacker gains access to VLANs other than the one assigned to a device, by exploiting VLAN tagging or switch configuration. The goal is to move from a compromised or legitimately connected VLAN into other VLANs, potentially reaching sensitive resources or networks that should be isolated.

There are two common techniques. Switch spoofing, sometimes called trunking or DTP-based hopping, involves connecting a

Double tagging is a frame-based method. The attacker sends frames that carry two 802.1Q tags: an outer

Mitigation measures include disabling dynamic trunking protocol on access ports and configuring ports statically as access