- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looking to put controls in place to help prevent VLAN hopping. Reference article below provides support example for c-class switches. Looking for guidance with Adtran switching.
- Moving devices off VLAN 1
- Setting port to edge mode for end nodes
- Creating an unused default VLAN for trunks
VLAN hopping - Wikipedia, the free encyclopedia
Am I missing anything?
Thanks
Don
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Not the Solution
- Report Inappropriate Content
- Thanks for posting your question on the forum!
It sounds like VLAN hopping exploits trunk links to access the network.
I want to mention a couple of points about AOS that are already in place: first, by default, all ports on a switch are set as access ports for VLAN 1. Another thing is that AOS trunks only support 802.1q trunking protocol so it does not have the ability to negotiate its trunking protocol. Some of the mitigation practices mentioned in the article can be implemented on an AOS switch, as well.
For the most part, you should:
- Set ports to access mode only if necessary
- Restrict trunks to only those vlans that need to use the link
- Change the native vlan on a trunk to an unused vlan ID
I hope this helps but please let us know if you have any questions,
Thanks,
Noor

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Not the Solution
- Report Inappropriate Content
- Thanks for posting your question on the forum!
It sounds like VLAN hopping exploits trunk links to access the network.
I want to mention a couple of points about AOS that are already in place: first, by default, all ports on a switch are set as access ports for VLAN 1. Another thing is that AOS trunks only support 802.1q trunking protocol so it does not have the ability to negotiate its trunking protocol. Some of the mitigation practices mentioned in the article can be implemented on an AOS switch, as well.
For the most part, you should:
- Set ports to access mode only if necessary
- Restrict trunks to only those vlans that need to use the link
- Change the native vlan on a trunk to an unused vlan ID
I hope this helps but please let us know if you have any questions,
Thanks,
Noor