I think you are looking at this in a different way..
Like you imagined, if the port is hard coded to be an Access Port, and done that correctly, attacker will not be able to do the VLAN Hopping..
So in an ideal world, end system connected to an access port is not expected to accept Tagged packets.. Even if someone configured the end system to accept Tagged packets(which is easily achievable) it will hear no traffic on other VLANs ( as the access port only sends out untagged packets).
But the situation changes when you leave your ports on a setting that would allow anyone to use that port either use as a trunk or as an access port. In this situation attacker will leverage this dynamic nature of the port and will negotiate a trunk between the switch and start hopping between VLAN looking for interesting traffic..
I guess the most important thing to understand is.. in the attackers world, you cant expect the "end system" to behave and act like an "ethical" end system that would obey the TCP/IP protocol stack... be it a PC or a switch or some other BOX the attacker is using, it will have manipulated protocol stack that can act as a PC or a switch or what ever it wants to be.. (ex If you get a PC and change the protocol stack to send BPDUs and DTP etc.. how would the switch on the other end know it is a PC it is really talking to..
Hopefully this helps you to look at this in a different way.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...