1 Reply Latest reply on Jul 24, 2014 9:20 AM by noor

    VLAN hopping remediation

    drjarmon New Member

      Looking to put controls in place to help prevent VLAN hopping.  Reference article below provides support example for c-class switches.  Looking for guidance with Adtran switching.

       

      • Moving devices off VLAN 1
      • Setting port to edge mode for end nodes
      • Creating an unused default VLAN for trunks

       

      VLAN hopping - Wikipedia, the free encyclopedia 

       

      Am I missing anything?

       

      Thanks

      Don

        • Re: VLAN hopping remediation
          Employee

          drjarmon - Thanks for posting your question on the forum!

           

          It sounds like VLAN hopping exploits trunk links to access the network.

           

          I want to mention a couple of points about AOS that are already in place: first, by default, all ports on a switch are set as access ports for VLAN 1. Another thing is that AOS trunks only support 802.1q trunking protocol so it does not have the ability to negotiate its trunking protocol. Some of the mitigation practices mentioned in the article can be implemented on an AOS switch, as well.


          For the most part, you should:

          - Set ports to access mode only if necessary

          - Restrict trunks to only those vlans that need to use the link

          - Change the native vlan on a trunk to an unused vlan ID

           

          I hope this helps but please let us know if you have any questions,

           

          Thanks,

          Noor