I am creating an analysis of double-tagging VLAN hopping attack. What I am not sure is how Catalyst exactly processes a tagged frame if it is received on an access port.
When I used old Catalyst 2950 with IOS 12.1(22) and sent a tagged frame with VLAN ID corresponding to access VLAN of the port, the switch stripped the tag and forwarded the frame. When I do the same on Catalyst 2960 (IOS 12.2(35)) or 3560 (IOS 12.2(25)), forwarding of the fails. What makes me mad is that I can't find any note about this behavior nor number of errors on that interface increase.
Are new Catalysts (or IOSes) automatically protected against VLAN hopping and drop tagged traffic by default?
Thx a lot.