Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?

Last Updated on October 29, 2020 by Admin

Which feature or configuration on a switch makes it vulnerable to VLAN double-tagging attacks?

  • mixed duplex mode enabled for all ports by default
  • the limited size of content-addressable memory space
  • the automatic trunking port feature enabled for all ports by default
  • the native VLAN of the trunking port being the same as a user VLAN
    Answers Explanation & Hints:

    A double-tagging (or double-encapsulated) VLAN hopping attack takes advantage of the way that hardware on most switches operates. Most switches perform only one level of 802.1Q de-encapsulation, which allows an attacker to embed a hidden 802.1Q tag inside the frame. This tag allows the frame to be forwarded to a VLAN that the original 802.1Q tag did not specify. An important characteristic of the double-encapsulated VLAN hopping attack is that it works even if trunk ports are disabled, because a host typically sends a frame on a segment that is not a trunk link. This type of attack is unidirectional and works only when the attacker is connected to a port residing in the same VLAN as the native VLAN of the trunk port.

For more question and answers:

Click Here CCNA 2 SRWE v7 – Modules 10 – 13 – L2 Security and WLANs Exam Answers Full 100%

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments