Mitigating VLAN Hopping Attacks

Mitigating VLAN hopping attacks requires the following configuration modifications:

• Always use dedicated VLAN IDs for all trunk ports.

• Disable all unused ports and place them in an unused VLAN.

• Set all user ports to nontrunking mode by disabling DTP. Use the switchport mode access command in the interface configuration mode.

• For backbone switch-to-switch connections, explicitly configure trunking.

• Do not use the user native VLAN as the trunk port native VLAN.

• Do not use VLAN 1 as the switch management VLAN.

0 0

Post a comment