Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1355
Views
0
Helpful
1
Replies

vlan hopping mitigation

peter2904
Level 1
Level 1

‎04-29-2007 10:38 PM - edited ‎03-05-2019 03:45 PM

Hi

With reference to the Safe document link below, in VLAN hopping/Network Attack Mitigation section, it refers to 'use dedicated VLAN IDs for all trunk ports'.

http://www.cisco.com/en/US/customer/netsol/ns340/ns394/ns171/ns128/networking_solutions_white_paper09186a008014870f.shtml#wp1002270

We are already setting the Native VLAN to 10. Is that what this document is refering to or does it mean something else?

If somethink else, links to documentation on the would be great.

thanks

Peter

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-29-2007 10:53 PM

Hi Peter

I suspect that is what it means yes.

We use a non-routable vlan for our native vlan in our data centres. This vlan should never have any physical ports assigned to it.

You are still open to some attacks though. 802.1q needs the concept of a native vlan for compatability so if you can't clear it off the trunks the next best thing is to do as above, ie a non-routable unused vlan.

Attached is a link to vlan security by Cisco which covers this in more details.

http://www.cisco.com/en/US/customer/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml#wp39211

HTH

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card