Looking to put controls in place to help prevent VLAN hopping. Reference article below provides support example for c-class switches. Looking for guidance with Adtran switching.
VLAN hopping - Wikipedia, the free encyclopedia
Am I missing anything?
Thanks
Don
- Thanks for posting your question on the forum!
It sounds like VLAN hopping exploits trunk links to access the network.
I want to mention a couple of points about AOS that are already in place: first, by default, all ports on a switch are set as access ports for VLAN 1. Another thing is that AOS trunks only support 802.1q trunking protocol so it does not have the ability to negotiate its trunking protocol. Some of the mitigation practices mentioned in the article can be implemented on an AOS switch, as well.
For the most part, you should:
- Set ports to access mode only if necessary
- Restrict trunks to only those vlans that need to use the link
- Change the native vlan on a trunk to an unused vlan ID
I hope this helps but please let us know if you have any questions,
Thanks,
Noor
- Thanks for posting your question on the forum!
It sounds like VLAN hopping exploits trunk links to access the network.
I want to mention a couple of points about AOS that are already in place: first, by default, all ports on a switch are set as access ports for VLAN 1. Another thing is that AOS trunks only support 802.1q trunking protocol so it does not have the ability to negotiate its trunking protocol. Some of the mitigation practices mentioned in the article can be implemented on an AOS switch, as well.
For the most part, you should:
- Set ports to access mode only if necessary
- Restrict trunks to only those vlans that need to use the link
- Change the native vlan on a trunk to an unused vlan ID
I hope this helps but please let us know if you have any questions,
Thanks,
Noor