vlan hopping mitigation

Unanswered Question
Apr 29th, 2007
User Badges:


With reference to the Safe document link below, in VLAN hopping/Network Attack Mitigation section, it refers to 'use dedicated VLAN IDs for all trunk ports'.


We are already setting the Native VLAN to 10. Is that what this document is refering to or does it mean something else?

If somethink else, links to documentation on the would be great.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Sun, 04/29/2007 - 22:53
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Peter

I suspect that is what it means yes.

We use a non-routable vlan for our native vlan in our data centres. This vlan should never have any physical ports assigned to it.

You are still open to some attacks though. 802.1q needs the concept of a native vlan for compatability so if you can't clear it off the trunks the next best thing is to do as above, ie a non-routable unused vlan.

Attached is a link to vlan security by Cisco which covers this in more details.





This Discussion