From: sheherezada@gmail.com
Date: Wed Nov 21 2007 - 07:31:49 ART
Simply put, there is a security risk of VLAN hoping attack if you
place an access port in the native VLAN of the "upstream" trunk. This
is done by adding a VLAN tag to the frame and it works one way only.
To avoid this, either you avoid putting any access port in the native
VLAN, either you tag the native VLAN.
Mihai
On Nov 20, 2007 8:48 PM, Julio Carrasco <julio.carrasco@ya.com> wrote:
> Hi there,
>
> I am redoing the internetwork expert labs for R/S (IEWB VOL2 ver 4.1), and I
> have seen that in task 1.5 of lab 8 the have configured dot1q tunneling, for
> connectivity between R2 and R6 (tunneling for vlan 26), and they have added
> the command "vlan dot1q tag native" to the solution, but I have configured the
> tunneling ewithout it, and seems to work well (I have connectivity between R2
> and R6).
>
> Do you know if it4s necessary to configure the tag for the native vlan to
> configure this ? and why it is ?
>
> Thanks in advance,
>
> Julio.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART