Adtran
Help
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
drjarmon
New Contributor III
‎07-10-2014 05:51 PM

VLAN hopping remediation

Jump to solution

Looking to put controls in place to help prevent VLAN hopping.  Reference article below provides support example for c-class switches.  Looking for guidance with Adtran switching.

  • Moving devices off VLAN 1
  • Setting port to edge mode for end nodes
  • Creating an unused default VLAN for trunks

VLAN hopping - Wikipedia, the free encyclopedia 

Am I missing anything?

Thanks

Don

Labels (1)
0 Kudos
Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎07-24-2014 11:20 AM

Re: VLAN hopping remediation

Jump to solution

- Thanks for posting your question on the forum!

It sounds like VLAN hopping exploits trunk links to access the network.

I want to mention a couple of points about AOS that are already in place: first, by default, all ports on a switch are set as access ports for VLAN 1. Another thing is that AOS trunks only support 802.1q trunking protocol so it does not have the ability to negotiate its trunking protocol. Some of the mitigation practices mentioned in the article can be implemented on an AOS switch, as well.


For the most part, you should:

- Set ports to access mode only if necessary

- Restrict trunks to only those vlans that need to use the link

- Change the native vlan on a trunk to an unused vlan ID

I hope this helps but please let us know if you have any questions,

Thanks,

Noor

View solution in original post

Reply
1 Reply
Anonymous
Not applicable
‎07-24-2014 11:20 AM

Re: VLAN hopping remediation

Jump to solution

- Thanks for posting your question on the forum!

It sounds like VLAN hopping exploits trunk links to access the network.

I want to mention a couple of points about AOS that are already in place: first, by default, all ports on a switch are set as access ports for VLAN 1. Another thing is that AOS trunks only support 802.1q trunking protocol so it does not have the ability to negotiate its trunking protocol. Some of the mitigation practices mentioned in the article can be implemented on an AOS switch, as well.


For the most part, you should:

- Set ports to access mode only if necessary

- Restrict trunks to only those vlans that need to use the link

- Change the native vlan on a trunk to an unused vlan ID

I hope this helps but please let us know if you have any questions,

Thanks,

Noor

Reply
li.common.scroll-to.top