Last Updated on October 29, 2020 by Admin
What is the best way to prevent a VLAN hopping attack?
- Disable STP on all nontrunk ports.
- Use ISL encapsulation on all trunk links.
- Use VLAN 1 as the native VLAN on trunk ports.
- Disable trunk negotiation for trunk ports and statically set nontrunk ports as access ports.
Answers Explanation & Hints:
VLAN hopping attacks rely on the attacker being able to create a trunk link with a switch. Disabling DTP and configuring user-facing ports as static access ports can help prevent these types of attacks. Disabling the Spanning Tree Protocol (STP) will not eliminate VLAN hopping attacks.