During our Cisco CCNP BCMSN certification exam preparation, we've seen how intruders can use seemingly innocent ARP and DHCP processes can be used to harm our network, so it shouldn't come as any surprise that Dot1q tagging can be used against us as well!
One form of VLAN Hopping is double tagging, so named because the intruder will transmit frames that are "double tagged" with two separate VLAN IDs. As you'll see in our example, certain circumstances must exist for a double tagging attack to be successful:
The intruder's host device must be attached to an access port.
The VLAN used by that access port must be the native VLAN.
The term "native VLAN" tips us off to the third requirement - dot1q must be the trunking protocol in use, since ISL doesn't use the native VLAN.
When the rogue host transmits a frame, that frame will have two tags. One will indicate native VLAN membership, and the second will be the number of the VLAN under attack. In this example, we'll assume that to be VLAN 100, with the native VLAN set as VLAN 25.
The trunk receiving this double-tagged frame will see the tag for VLAN 25, and since that's the native VLAN, that tag will be removed and then transmitted across the trunk - but the tag for VLAN 100 is still there!
When the switch on the other side of the trunk gets that frame, it sees the tag for VLAN 100 and forwards the frame to ports in that VLAN. The rogue now has successfully fooled the switches and has hopped from one VLAN to another.
This is why you often see the native VLAN of a network set to a VLAN that no host on the network is a member of - that stops this version of VLAN Hopping right in its tracks.
Notice that I said "this version". We’ll take a look at another VLAN Hopping tactic in the next installation of my CIsco CCNP BCMSN certification exam tutorial series!
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNP exam and CCNA Certification tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages.
You can also visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website.
For a FREE copy of his latest e-books, “How To Pass The CCNA" and “How To Pass The CCNP", just visit the website! You can also get FREE CCNA and CCNP exam questions every day!
Was
this article helpful to you? Leave a Public Comment or Question:
This Article has been viewed 85 times.
Article added to SearchWarp.com on Tuesday, May 22, 2007 View other articles written by Chris Bryant CCIE 12933(14,375)
If you found this article
interesting, you may want to check out:
Disclaimer: All information on this site is
provided for informational purposes only! By no means is any
information presented herein intended to substitute for the advice
provided to you by any health care or other professional or
organization.
